On Mon, Jul 23, 2018 at 02:49:50PM +0100, Andrew Cooper wrote: > It turns out that nothing ever prevented HVM guests from trying to set unknown > EFER bits. Generally, this results in a vmentry failure. > > For Intel hardware, all implemented bits are covered by the checks. > > For AMD hardware, the only EFER bit which isn't covered by the checks is TCE > (which AFAICT is specific to AMD Fam15/16 hardware). We never advertise TCE > in CPUID, but it isn't a security problem to have TCE unexpected enabled in > guest context. > > Disallow the setting of bits outside of the EFER_KNOWN_MASK, which prevents > any vmentry failures for guests, yielding #GP instead. > > Signed-off-by: Andrew Cooper <[email protected]>
Reviewed-by: Roger Pau Monné <[email protected]> _______________________________________________ Xen-devel mailing list [email protected] https://lists.xenproject.org/mailman/listinfo/xen-devel
