File 661d00b8-VMX-prevent-fallthrough-in-vmx_set_reg... of Package xen

Overview Repositories Revisions Requests Users Attributes Meta

File 661d00b8-VMX-prevent-fallthrough-in-vmx_set_reg.patch of Package xen

References: bsc#1228201

# Commit cd2df4561edef2c104f46f8d0998e8ccefdf9c5e
# Date 2024-04-15 11:26:00 +0100
# Author Roger Pau Monné <roger.pau@citrix.com>
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
x86/vmx: prevent fallthrough in vmx_set_reg() for handled registers

vmx_set_reg() logic is split into two parts, the top one handles registers
that don't require loading the VMCS into context (ie: don't require a
VMWRITE).  The second half handles registers that do require the VMCS to be
loaded.

SPEC_CTRL MSR is handled differently depending on whether there's support for
virtualize SPEC_CTRL.  Without hardware help for virtualizing SPEC_CTRL the
value is handled using MSR load lists, that don't require the VMCS to be
loaded.  When there's hardware assistance however the value is stored in the
VMCS, and requires a VMWRITE.  The lack of a return statement when handling
SPEC_CTRL in the first half of the function leads to SPEC_CTRL being
unconditionally handled as if the host had virtualize SPEC_CTRL, which means
Xen will either hit an ASSERT in debug builds, or will attempt to perform a
VMWRITE to an unhandled VMCS field if the host doesn't support the virtualize
SPEC_CTRL feature.

This bug occured because the context wasn't adjusted accordingly to account
for the absence commit 0626219dcc6a ("x86/hvm: Drop
hvm_{get,set}_guest_bndcfgs() and use {get,set}_regs() instead") in the 4.15
and 4.16 branches.

Fix by returning early from the function if the register is handled without
requiring the VMCS context to be loaded.

Fixes: 295bf24af77c ('x86/vmx: Add support for virtualize SPEC_CTRL')
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -2663,7 +2663,7 @@ static void vmx_set_reg(struct vcpu *v,
                    __func__, v, reg, rc);
             domain_crash(d);
         }
-        break;
+        return;
     }
 
     /* Logic which maybe requires remote VMCS acquisition. */

Places

File 661d00b8-VMX-prevent-fallthrough-in-vmx_set_reg.patch of Package xen

Places