lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <01a8714db6af834214a3811c4d4b727371264964.1770116051.git.isaku.yamahata@intel.com>
Date: Tue,  3 Feb 2026 10:17:01 -0800
From: isaku.yamahata@...el.com
To: kvm@...r.kernel.org
Cc: isaku.yamahata@...el.com,
	isaku.yamahata@...il.com,
	Paolo Bonzini <pbonzini@...hat.com>,
	Sean Christopherson <seanjc@...gle.com>,
	linux-kernel@...r.kernel.org,
	kernel test robot <oliver.sang@...el.com>
Subject: [PATCH 18/32] KVM: nVMX: Add check VMCS index for guest timer virtualization

From: Isaku Yamahata <isaku.yamahata@...el.com>

Make vmread/vmwrite to the VMCS fields an error if the guest
MSR_IA32_VMX_PROCBASED_CTLS3 doesn't advertise APIC timer virtualization.
Without this check, test_vmwrite_vmread of the KVM unit test fails.

Reported-by: kernel test robot <oliver.sang@...el.com>
Signed-off-by: Isaku Yamahata <isaku.yamahata@...el.com>
---
 arch/x86/kvm/vmx/nested.c | 14 ++++++++++++++
 arch/x86/kvm/vmx/nested.h |  7 +++++++
 2 files changed, 21 insertions(+)

diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index d6ae62e70560..a940f1d9ee83 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -5801,6 +5801,14 @@ static bool is_vmcs_field_valid(struct kvm_vcpu *vcpu, unsigned long field)
 	     field == TERTIARY_VM_EXEC_CONTROL_HIGH))
 		return false;
 
+	if (!nested_cpu_supports_guest_apic_timer(vcpu) &&
+	    (field == GUEST_APIC_TIMER_VECTOR ||
+	     field == GUEST_DEADLINE_VIR ||
+	     field == GUEST_DEADLINE_VIR_HIGH ||
+	     field == GUEST_DEADLINE_PHY ||
+	     field == GUEST_DEADLINE_PHY_HIGH))
+		return false;
+
 	return true;
 }
 
@@ -7216,6 +7224,12 @@ static int vmx_set_nested_state(struct kvm_vcpu *vcpu,
 	    vmcs12->tertiary_vm_exec_control)
 		goto error_guest_mode;
 
+	if (!nested_cpu_supports_guest_apic_timer(vcpu) &&
+	    (vmcs12->virtual_timer_vector ||
+	     vmcs12->guest_deadline ||
+	     vmcs12->guest_deadline_shadow))
+		goto error_guest_mode;
+
 	if (nested_vmx_check_controls(vcpu, vmcs12) ||
 	    nested_vmx_check_host_state(vcpu, vmcs12) ||
 	    nested_vmx_check_guest_state(vcpu, vmcs12, &ignored))
diff --git a/arch/x86/kvm/vmx/nested.h b/arch/x86/kvm/vmx/nested.h
index 07c0f112e37e..d84ed234a8d6 100644
--- a/arch/x86/kvm/vmx/nested.h
+++ b/arch/x86/kvm/vmx/nested.h
@@ -286,6 +286,13 @@ static inline bool nested_cpu_has_encls_exit(struct vmcs12 *vmcs12)
 	return nested_cpu_has2(vmcs12, SECONDARY_EXEC_ENCLS_EXITING);
 }
 
+static inline bool nested_cpu_supports_guest_apic_timer(struct kvm_vcpu *vcpu)
+{
+	return nested_cpu_supports_tertiary_ctls(vcpu) &&
+		to_vmx(vcpu)->nested.msrs.tertiary_ctls &
+		TERTIARY_EXEC_GUEST_APIC_TIMER;
+}
+
 static inline bool nested_cpu_has_guest_apic_timer(struct vmcs12 *vmcs12)
 {
 	return nested_cpu_has3(vmcs12, TERTIARY_EXEC_GUEST_APIC_TIMER);
-- 
2.45.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ