KVM: nVMX: fail on invalid vmclear/vmptrld pointer

The spec mandates that if the vmptrld or vmclear
address is equal to the vmxon region pointer, the
instruction should fail with error "VMPTRLD with
VMXON pointer" or "VMCLEAR with VMXON pointer"

Signed-off-by: Bandan Das <bsd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

1 files changed, 12 insertions, 0 deletions

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 0f7934767a2f..1d7e7279f1b4 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -6100,6 +6100,12 @@ static int handle_vmclear(struct kvm_vcpu *vcpu)
                 return 1;
         }
 
+        if (vmptr == vmx->nested.vmxon_ptr) {
+                nested_vmx_failValid(vcpu, VMXERR_VMCLEAR_VMXON_POINTER);
+                skip_emulated_instruction(vcpu);
+                return 1;
+        }
+
         if (vmptr == vmx->nested.current_vmptr) {
                 nested_release_vmcs12(vmx);
                 vmx->nested.current_vmptr = -1ull;
@@ -6443,6 +6449,12 @@ static int handle_vmptrld(struct kvm_vcpu *vcpu)
                 return 1;
         }
 
+        if (vmptr == vmx->nested.vmxon_ptr) {
+                nested_vmx_failValid(vcpu, VMXERR_VMCLEAR_VMXON_POINTER);
+                skip_emulated_instruction(vcpu);
+                return 1;
+        }
+
         if (vmx->nested.current_vmptr != vmptr) {
                 struct vmcs12 *new_vmcs12;
                 struct page *page;