KVM: nVMX: Validate the EPTP when emulating INVEPT(EXTENT_CONTEXT)

Signal VM-Fail for the single-context variant of INVEPT if the specified
EPTP is invalid.  Per the INEVPT pseudocode in Intel's SDM, it's subject
to the standard EPT checks:

  If VM entry with the "enable EPT" VM execution control set to 1 would
  fail due to the EPTP value then VMfail(Invalid operand to INVEPT/INVVPID);

Fixes: bfd0a56b90005 ("nEPT: Nested INVEPT")
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Message-Id: <20200320212833.3507-3-sean.j.christopherson@intel.com>
Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index fd78ffbde644479348510b25c8fbf8433291509a..dc7d8104b58e0e08c44e756fc6d6b05efc2c3700 100644 (file)
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -5157,8 +5157,12 @@ static int handle_invept(struct kvm_vcpu *vcpu)
        }
 
        switch (type) {
-       case VMX_EPT_EXTENT_GLOBAL:
        case VMX_EPT_EXTENT_CONTEXT:
+               if (!nested_vmx_check_eptp(vcpu, operand.eptp))
+                       return nested_vmx_failValid(vcpu,
+                               VMXERR_INVALID_OPERAND_TO_INVEPT_INVVPID);
+               fallthrough;
+       case VMX_EPT_EXTENT_GLOBAL:
        /*
         * TODO: Sync the necessary shadow EPT roots here, rather than
         * at the next emulated VM-entry.