x86: Reject xAPIC accesses while in x2APIC mode

If the APIC is in x2APIC mode, accesses via MMIO are not working (APIC
behaves like disabled). If Jailhouse executes them, it can be tricked to
access x2APIC registers that are invalid, causing a hypervisor-side #GP.
Prevent this by bailing out early.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>

diff --git a/hypervisor/arch/x86/apic.c b/hypervisor/arch/x86/apic.c
index 8a8f8ed85cc2e67f3fa77e85e3412218b9aaff4c..78b2f8a16e07a416efa06d679100d422f81a800b 100644 (file)
--- a/hypervisor/arch/x86/apic.c
+++ b/hypervisor/arch/x86/apic.c
@@ -479,6 +479,11 @@ unsigned int apic_mmio_access(unsigned long rip,
        struct mmio_instruction inst;
        u32 val;
 
+       if (using_x2apic) {
+               panic_printk("FATAL: xAPIC access in x2APIC mode\n");
+               return 0;
+       }
+
        inst = x86_mmio_parse(rip, pg_structs, is_write);
        if (inst.inst_len == 0)
                return 0;