mirrors/Bochs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

prevent access to non-existing VMCS fields

Browse Source
This commit is contained in:
Stanislav Shwartsman 2023-11-26 20:29:56 +02:00
parent ad7a85d11a
commit 4ee9d37a5f
2 changed files with 33 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
bochs/cpu/vmx.cc
View File

@ -571,17 +571,49 @@ VMX_error_code BX_CPU_C::VMenterLoadCheckVmControls(void)
//
vm->pin_vmexec_ctrls = VMread32(VMCS_32BIT_CONTROL_PIN_BASED_EXEC_CONTROLS);
if (~vm->pin_vmexec_ctrls & VMX_CHECKS_USE_MSR_VMX_PINBASED_CTRLS_LO) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX pin-based controls allowed 0-settings"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
if (vm->pin_vmexec_ctrls & ~VMX_CHECKS_USE_MSR_VMX_PINBASED_CTRLS_HI) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX pin-based controls allowed 1-settings [0x%08x]", vm->pin_vmexec_ctrls & ~VMX_CHECKS_USE_MSR_VMX_PINBASED_CTRLS_HI));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
vm->vmexec_ctrls1 = VMread32(VMCS_32BIT_CONTROL_PROCESSOR_BASED_VMEXEC_CONTROLS);
if (~vm->vmexec_ctrls1 & VMX_CHECKS_USE_MSR_VMX_PROCBASED_CTRLS_LO) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX proc-based controls allowed 0-settings"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
if (vm->vmexec_ctrls1 & ~VMX_CHECKS_USE_MSR_VMX_PROCBASED_CTRLS_HI) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX proc-based controls allowed 1-settings [0x%08x]", vm->vmexec_ctrls1 & ~VMX_CHECKS_USE_MSR_VMX_PROCBASED_CTRLS_HI));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
if (VMEXIT(VMX_VM_EXEC_CTRL1_SECONDARY_CONTROLS))
vm->vmexec_ctrls2 = VMread32(VMCS_32BIT_CONTROL_SECONDARY_VMEXEC_CONTROLS);
else
vm->vmexec_ctrls2 = 0;
if (~vm->vmexec_ctrls2 & VMX_MSR_VMX_PROCBASED_CTRLS2_LO) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX secondary proc-based controls allowed 0-settings"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
if (vm->vmexec_ctrls2 & ~VMX_MSR_VMX_PROCBASED_CTRLS2_HI) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX secondary controls allowed 1-settings [0x%08x]", vm->vmexec_ctrls2 & ~VMX_MSR_VMX_PROCBASED_CTRLS2_HI));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
if (VMEXIT(VMX_VM_EXEC_CTRL1_TERTIARY_CONTROLS))
vm->vmexec_ctrls3 = VMread64(VMCS_64BIT_CONTROL_TERTIARY_VMEXEC_CONTROLS);
else
vm->vmexec_ctrls3 = 0;
if (vm->vmexec_ctrls3 & ~VMX_MSR_VMX_PROCBASED_CTRLS3) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX tertiary controls allowed 1-settings"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
vm->vm_exceptions_bitmap = VMread32(VMCS_32BIT_CONTROL_EXECUTION_BITMAP);
vm->vm_pf_mask = VMread32(VMCS_32BIT_CONTROL_PAGE_FAULT_ERR_CODE_MASK);
vm->vm_pf_match = VMread32(VMCS_32BIT_CONTROL_PAGE_FAULT_ERR_CODE_MATCH);
@ -598,33 +630,6 @@ VMX_error_code BX_CPU_C::VMenterLoadCheckVmControls(void)
// Check VM-execution control fields
//
if (~vm->pin_vmexec_ctrls & VMX_CHECKS_USE_MSR_VMX_PINBASED_CTRLS_LO) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX pin-based controls allowed 0-settings"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
if (vm->pin_vmexec_ctrls & ~VMX_CHECKS_USE_MSR_VMX_PINBASED_CTRLS_HI) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX pin-based controls allowed 1-settings [0x%08x]", vm->pin_vmexec_ctrls & ~VMX_CHECKS_USE_MSR_VMX_PINBASED_CTRLS_HI));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
if (~vm->vmexec_ctrls1 & VMX_CHECKS_USE_MSR_VMX_PROCBASED_CTRLS_LO) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX proc-based controls allowed 0-settings"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
if (vm->vmexec_ctrls1 & ~VMX_CHECKS_USE_MSR_VMX_PROCBASED_CTRLS_HI) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX proc-based controls allowed 1-settings [0x%08x]", vm->vmexec_ctrls1 & ~VMX_CHECKS_USE_MSR_VMX_PROCBASED_CTRLS_HI));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
if (~vm->vmexec_ctrls2 & VMX_MSR_VMX_PROCBASED_CTRLS2_LO) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX secondary proc-based controls allowed 0-settings"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
if (vm->vmexec_ctrls2 & ~VMX_MSR_VMX_PROCBASED_CTRLS2_HI) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX secondary controls allowed 1-settings [0x%08x]", vm->vmexec_ctrls2 & ~VMX_MSR_VMX_PROCBASED_CTRLS2_HI));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
if (vm->vm_cr3_target_cnt > VMX_CR3_TARGET_MAX_CNT) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: too may CR3 targets %d", vm->vm_cr3_target_cnt));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;

2
bochs/cpu/vmx.h
View File

@ -703,7 +703,7 @@ typedef struct bx_VMX_Cap
Bit32u vmx_pin_vmexec_ctrl_supported_bits;
Bit32u vmx_proc_vmexec_ctrl_supported_bits;
Bit32u vmx_vmexec_ctrl2_supported_bits;
Bit32u vmx_vmexec_ctrl3_supported_bits;
Bit64u vmx_vmexec_ctrl3_supported_bits;
Bit32u vmx_vmexit_ctrl_supported_bits;
Bit32u vmx_vmentry_ctrl_supported_bits;
#if BX_SUPPORT_VMX >= 2