Commit 40914af6 authored by Konrad Rzeszutek Wilk's avatar Konrad Rzeszutek Wilk Committed by Stefan Bader

x86/KVM/VMX: Add find_msr() helper function

.. to help find the MSR on either the guest or host MSR list.
Signed-off-by: default avatarKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>

CVE-2018-3620
CVE-2018-3646
Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
parent c48b1fb8
...@@ -1752,9 +1752,20 @@ static void clear_atomic_switch_msr_special(struct vcpu_vmx *vmx, ...@@ -1752,9 +1752,20 @@ static void clear_atomic_switch_msr_special(struct vcpu_vmx *vmx,
vm_exit_controls_clearbit(vmx, exit); vm_exit_controls_clearbit(vmx, exit);
} }
static int find_msr(struct vmx_msrs *m, int msr)
{
unsigned int i;
for (i = 0; i < m->nr; ++i) {
if (m->val[i].index == msr)
return i;
}
return -ENOENT;
}
static void clear_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr) static void clear_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr)
{ {
unsigned i; int i;
struct msr_autoload *m = &vmx->msr_autoload; struct msr_autoload *m = &vmx->msr_autoload;
switch (msr) { switch (msr) {
...@@ -1775,11 +1786,8 @@ static void clear_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr) ...@@ -1775,11 +1786,8 @@ static void clear_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr)
} }
break; break;
} }
for (i = 0; i < m->guest.nr; ++i) i = find_msr(&m->guest, msr);
if (m->guest.val[i].index == msr) if (i < 0)
break;
if (i == m->guest.nr)
return; return;
--m->guest.nr; --m->guest.nr;
--m->host.nr; --m->host.nr;
...@@ -1803,7 +1811,7 @@ static void add_atomic_switch_msr_special(struct vcpu_vmx *vmx, ...@@ -1803,7 +1811,7 @@ static void add_atomic_switch_msr_special(struct vcpu_vmx *vmx,
static void add_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr, static void add_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr,
u64 guest_val, u64 host_val) u64 guest_val, u64 host_val)
{ {
unsigned i; int i;
struct msr_autoload *m = &vmx->msr_autoload; struct msr_autoload *m = &vmx->msr_autoload;
switch (msr) { switch (msr) {
...@@ -1838,16 +1846,13 @@ static void add_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr, ...@@ -1838,16 +1846,13 @@ static void add_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr,
wrmsrl(MSR_IA32_PEBS_ENABLE, 0); wrmsrl(MSR_IA32_PEBS_ENABLE, 0);
} }
for (i = 0; i < m->guest.nr; ++i) i = find_msr(&m->guest, msr);
if (m->guest.val[i].index == msr)
break;
if (i == NR_AUTOLOAD_MSRS) { if (i == NR_AUTOLOAD_MSRS) {
printk_once(KERN_WARNING "Not enough msr switch entries. " printk_once(KERN_WARNING "Not enough msr switch entries. "
"Can't add msr %x\n", msr); "Can't add msr %x\n", msr);
return; return;
} else if (i == m->guest.nr) { } else if (i < 0) {
++m->guest.nr; i = m->guest.nr++;
++m->host.nr; ++m->host.nr;
vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, m->guest.nr); vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, m->guest.nr);
vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, m->host.nr); vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, m->host.nr);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment