On Tue, Dec 13, 2016 at 02:35:33PM +0000, Andrew Cooper wrote: > On 13/12/16 12:16, Haozhong Zhang wrote: > > nvmx_handle_vmxon() previously checks whether a vcpu is in VMX > > operation by comparing its vmxon_region_pa with GPA 0. However, 0 is > > also a valid VMXON region address. If L1 hypervisor had set the VMXON > > region address to 0, the check in nvmx_handle_vmxon() will be skipped. > > Fix this problem by using an invalid VMXON region address for vcpu > > out of VMX operation. > > > > Signed-off-by: Haozhong Zhang <haozhong.zh...@intel.com> > > --- > > xen/arch/x86/hvm/vmx/vvmx.c | 20 ++++++++++++++++---- > > 1 file changed, 16 insertions(+), 4 deletions(-) > > > > diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c > > index e6e9ebd..f5637eb 100644 > > --- a/xen/arch/x86/hvm/vmx/vvmx.c > > +++ b/xen/arch/x86/hvm/vmx/vvmx.c > > @@ -32,6 +32,18 @@ static DEFINE_PER_CPU(u64 *, vvmcs_buf); > > > > static void nvmx_purge_vvmcs(struct vcpu *v); > > > > +/* > > + * When a vcpu is out of VMXON region, set its vmxon_region_pa to > > + * INVALID_VMXON_REGION_PA. We cannot use 0, because 0 is also a valid > > + * VMXON region address. > > + */ > > +#define INVALID_VMXON_REGION_PA (~0UL) > > + > > +static bool nvmx_vcpu_in_vmx(struct vcpu *v) > > const struct vcpu *v. > > Otherwise, Reviewed-by: Andrew Cooper <andrew.coop...@citrix.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.w...@oracle.com> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
