kvm: vmx: Check value written to IA32_BNDCFGS

Bits 11:2 must be zero and the linear addess in bits 63:12 must be canonical. Otherwise, WRMSR(BNDCFGS) should raise #GP. Fixes: 0dd376e709975779 ("KVM: x86: add MSR_IA32_BNDCFGS to msrs_to_save") Signed-off-by: Jim Mattson <jmattson@google.com> Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
author: Jim Mattson <jmattson@google.com> 2017-05-23 11:52:54 -0700
committer: Radim Krčmář <rkrcmar@redhat.com> 2017-06-07 16:28:55 +0200
commit: 4531662d1abf6c1f0e5c2b86ddb60e61509786c8 (patch)
tree: 9286a5be696514f307a64bf21328ab7a14d56725 /arch/x86/kvm
parent: 4439af9f911ae0243ffe4e2dfc12bace49605d8b (diff)
download: linux-4531662d1abf6c1f0e5c2b86ddb60e61509786c8.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index a339e97e26a3..39301297352a 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -3279,6 +3279,9 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 	case MSR_IA32_BNDCFGS:
 		if (!kvm_mpx_supported() || !guest_cpuid_has_mpx(vcpu))
 			return 1;
+		if (is_noncanonical_address(data & PAGE_MASK) ||
+		    (data & MSR_IA32_BNDCFGS_RSVD))
+			return 1;
 		vmcs_write64(GUEST_BNDCFGS, data);
 		break;
 	case MSR_IA32_TSC:
author	Jim Mattson <jmattson@google.com>	2017-05-23 11:52:54 -0700
committer	Radim Krčmář <rkrcmar@redhat.com>	2017-06-07 16:28:55 +0200
commit	4531662d1abf6c1f0e5c2b86ddb60e61509786c8 (patch)
tree	9286a5be696514f307a64bf21328ab7a14d56725 /arch/x86/kvm
parent	4439af9f911ae0243ffe4e2dfc12bace49605d8b (diff)
download	linux-4531662d1abf6c1f0e5c2b86ddb60e61509786c8.tar.gz