| Message ID | 20210809145343.97685-2-eesposit@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | KVM: nSVM: avoid TOC/TOU race when checking vmcb12 | expand |
On Mon, 2021-08-09 at 16:53 +0200, Emanuele Giuseppe Esposito wrote: > nested_vmcb_check_cr3_cr4 is not called by anyone else, and removing the > call simplifies next patch Tiny nitpick: I would call this 'inline the nested_vmcb_check_cr3_cr4' instead of move, but please feel free to ignore. Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com> > > Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com> > --- > arch/x86/kvm/svm/nested.c | 35 +++++++++++++---------------------- > 1 file changed, 13 insertions(+), 22 deletions(-) > > diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c > index 5e13357da21e..0ac2d14add15 100644 > --- a/arch/x86/kvm/svm/nested.c > +++ b/arch/x86/kvm/svm/nested.c > @@ -257,27 +257,6 @@ static bool nested_vmcb_check_controls(struct kvm_vcpu *vcpu, > return true; > } > > -static bool nested_vmcb_check_cr3_cr4(struct kvm_vcpu *vcpu, > - struct vmcb_save_area *save) > -{ > - /* > - * These checks are also performed by KVM_SET_SREGS, > - * except that EFER.LMA is not checked by SVM against > - * CR0.PG && EFER.LME. > - */ > - if ((save->efer & EFER_LME) && (save->cr0 & X86_CR0_PG)) { > - if (CC(!(save->cr4 & X86_CR4_PAE)) || > - CC(!(save->cr0 & X86_CR0_PE)) || > - CC(kvm_vcpu_is_illegal_gpa(vcpu, save->cr3))) > - return false; > - } > - > - if (CC(!kvm_is_valid_cr4(vcpu, save->cr4))) > - return false; > - > - return true; > -} > - > /* Common checks that apply to both L1 and L2 state. */ > static bool nested_vmcb_valid_sregs(struct kvm_vcpu *vcpu, > struct vmcb_save_area *save) > @@ -299,7 +278,19 @@ static bool nested_vmcb_valid_sregs(struct kvm_vcpu *vcpu, > if (CC(!kvm_dr6_valid(save->dr6)) || CC(!kvm_dr7_valid(save->dr7))) > return false; > > - if (!nested_vmcb_check_cr3_cr4(vcpu, save)) > + /* > + * These checks are also performed by KVM_SET_SREGS, > + * except that EFER.LMA is not checked by SVM against > + * CR0.PG && EFER.LME. > + */ > + if ((save->efer & EFER_LME) && (save->cr0 & X86_CR0_PG)) { > + if (CC(!(save->cr4 & X86_CR4_PAE)) || > + CC(!(save->cr0 & X86_CR0_PE)) || > + CC(kvm_vcpu_is_illegal_gpa(vcpu, save->cr3))) > + return false; > + } > + > + if (CC(!kvm_is_valid_cr4(vcpu, save->cr4))) > return false; > > if (CC(!kvm_valid_efer(vcpu, save->efer)))
diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 5e13357da21e..0ac2d14add15 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -257,27 +257,6 @@ static bool nested_vmcb_check_controls(struct kvm_vcpu *vcpu, return true; } -static bool nested_vmcb_check_cr3_cr4(struct kvm_vcpu *vcpu, - struct vmcb_save_area *save) -{ - /* - * These checks are also performed by KVM_SET_SREGS, - * except that EFER.LMA is not checked by SVM against - * CR0.PG && EFER.LME. - */ - if ((save->efer & EFER_LME) && (save->cr0 & X86_CR0_PG)) { - if (CC(!(save->cr4 & X86_CR4_PAE)) || - CC(!(save->cr0 & X86_CR0_PE)) || - CC(kvm_vcpu_is_illegal_gpa(vcpu, save->cr3))) - return false; - } - - if (CC(!kvm_is_valid_cr4(vcpu, save->cr4))) - return false; - - return true; -} - /* Common checks that apply to both L1 and L2 state. */ static bool nested_vmcb_valid_sregs(struct kvm_vcpu *vcpu, struct vmcb_save_area *save) @@ -299,7 +278,19 @@ static bool nested_vmcb_valid_sregs(struct kvm_vcpu *vcpu, if (CC(!kvm_dr6_valid(save->dr6)) || CC(!kvm_dr7_valid(save->dr7))) return false; - if (!nested_vmcb_check_cr3_cr4(vcpu, save)) + /* + * These checks are also performed by KVM_SET_SREGS, + * except that EFER.LMA is not checked by SVM against + * CR0.PG && EFER.LME. + */ + if ((save->efer & EFER_LME) && (save->cr0 & X86_CR0_PG)) { + if (CC(!(save->cr4 & X86_CR4_PAE)) || + CC(!(save->cr0 & X86_CR0_PE)) || + CC(kvm_vcpu_is_illegal_gpa(vcpu, save->cr3))) + return false; + } + + if (CC(!kvm_is_valid_cr4(vcpu, save->cr4))) return false; if (CC(!kvm_valid_efer(vcpu, save->efer)))
nested_vmcb_check_cr3_cr4 is not called by anyone else, and removing the call simplifies next patch Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com> --- arch/x86/kvm/svm/nested.c | 35 +++++++++++++---------------------- 1 file changed, 13 insertions(+), 22 deletions(-)