nVMX x86: check posted-interrupt descriptor addresss on vmentry of L2

According to section "Checks on VMX Controls" in Intel SDM vol 3C,
the following check needs to be enforced on vmentry of L2 guests:

   - Bits 5:0 of the posted-interrupt descriptor address are all 0.
   - The posted-interrupt descriptor address does not set any bits
     beyond the processor's physical-address width.

Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Reviewed-by: Mark Kanda <mark.kanda@oracle.com>
Reviewed-by: Liran Alon <liran.alon@oracle.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Karl Heubaum <karl.heubaum@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 98b1203..581bdbd 100644 (file)
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -11698,11 +11698,15 @@ static int nested_vmx_check_apicv_controls(struct kvm_vcpu *vcpu,
         * bits 15:8 should be zero in posted_intr_nv,
         * the descriptor address has been already checked
         * in nested_get_vmcs12_pages.
+        *
+        * bits 5:0 of posted_intr_desc_addr should be zero.
         */
        if (nested_cpu_has_posted_intr(vmcs12) &&
           (!nested_cpu_has_vid(vmcs12) ||
            !nested_exit_intr_ack_set(vcpu) ||
-           vmcs12->posted_intr_nv & 0xff00))
+           (vmcs12->posted_intr_nv & 0xff00) ||
+           (vmcs12->posted_intr_desc_addr & 0x3f) ||
+           (!page_address_valid(vcpu, vmcs12->posted_intr_desc_addr))))
                return -EINVAL;
 
        /* tpr shadow is needed by all apicv features. */