KVM: nVMX: check for required but missing VMCS12 in KVM_SET_NESTED_STATE

A missing VMCS12 was not causing -EINVAL (it was just read with copy_from_user, so it is not a security issue, but it is still wrong). Test for VMCS12 validity and reject the nested state if a VMCS12 is required but not present. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
author: Paolo Bonzini <pbonzini@redhat.com> 2020-07-27 15:00:37 +0200
committer: Paolo Bonzini <pbonzini@redhat.com> 2020-07-27 15:04:49 +0200
commit: 0f02bd0ade9a552492463c0159abbe26c4d92b40 (patch)
tree: d9caefa4c391d455f3282981673443684a32c1b2 /arch/x86/kvm/vmx/nested.h
parent: selftests: kvm: do not set guest mode flag (diff)
download: linux-0f02bd0ade9a552492463c0159abbe26c4d92b40.tar.xz
linux-0f02bd0ade9a552492463c0159abbe26c4d92b40.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/arch/x86/kvm/vmx/nested.h b/arch/x86/kvm/vmx/nested.h
index 758bccc26cf9..197148d76b8f 100644
--- a/arch/x86/kvm/vmx/nested.h
+++ b/arch/x86/kvm/vmx/nested.h
@@ -47,6 +47,11 @@ static inline struct vmcs12 *get_shadow_vmcs12(struct kvm_vcpu *vcpu)
 	return to_vmx(vcpu)->nested.cached_shadow_vmcs12;
 }
 
+/*
+ * Note: the same condition is checked against the state provided by userspace
+ * in vmx_set_nested_state; if it is satisfied, the nested state must include
+ * the VMCS12.
+ */
 static inline int vmx_has_valid_vmcs12(struct kvm_vcpu *vcpu)
 {
 	struct vcpu_vmx *vmx = to_vmx(vcpu);
author	Paolo Bonzini <pbonzini@redhat.com>	2020-07-27 15:00:37 +0200
committer	Paolo Bonzini <pbonzini@redhat.com>	2020-07-27 15:04:49 +0200
commit	0f02bd0ade9a552492463c0159abbe26c4d92b40 (patch)
tree	d9caefa4c391d455f3282981673443684a32c1b2 /arch/x86/kvm/vmx/nested.h
parent	selftests: kvm: do not set guest mode flag (diff)
download	linux-0f02bd0ade9a552492463c0159abbe26c4d92b40.tar.xz linux-0f02bd0ade9a552492463c0159abbe26c4d92b40.zip