Re: [Xen-devel] [PATCH v2 3/4] vvmx: check the operand of L1 vmxon

[Haozhong Zhang <haozhong.zhang@xxxxxxxxx>]

On 12/14/16 18:11 +0800, Haozhong Zhang wrote:
> Check whether the operand of L1 vmxon is a valid VMXON region address
> and whether the VMXON region at that address contains a valid revision
> ID.
>
> Signed-off-by: Haozhong Zhang <haozhong.zhang@xxxxxxxxx>
> Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
> Acked-by: Kevin Tian <kevin.tian@xxxxxxxxx>
> ---
> xen/arch/x86/hvm/vmx/vvmx.c | 16 ++++++++++++++++
> 1 file changed, 16 insertions(+)
>
> diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c
> index e765b60..5523146 100644
> --- a/xen/arch/x86/hvm/vmx/vvmx.c
> +++ b/xen/arch/x86/hvm/vmx/vvmx.c
> @@ -1383,6 +1383,7 @@ int nvmx_handle_vmxon(struct cpu_user_regs *regs)
>     struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v);
>     struct vmx_inst_decoded decode;
>     unsigned long gpa = 0;
> +    uint32_t nvmcs_revid;
>     int rc;
>
>     rc = decode_vmx_inst(regs, &decode, &gpa, 1);
> @@ -1397,6 +1398,21 @@ int nvmx_handle_vmxon(struct cpu_user_regs *regs)
>         return X86EMUL_OKAY;
>     }
>
> +    if ( (gpa & ~PAGE_MASK) || (gpa >> v->domain->arch.paging.gfn_bits) )
                                                                ^^^^^^^^

I mistaken it as the number of valid bits of physical address and
therefore missed adding PAGE_SHIFT here. The correct patch should be
the one attached. I notice the wrong patch has been in the staging
branch, so should I send a patch(set) to fix my mistake on the staging
branch?

Thanks,
Haozhong

Attachment: v2-0003-vvmx-check-the-operand-of-L1-vmxon.patch
Description: Text Data

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel