VMCS auditor

2025-08-12 12:10:46 +00:00
parent db6c38b6de
commit f08ed4615c
4 changed files with 118 additions and 1 deletions
--- a/nel_os_kernel/src/vmm/x86_64/intel/auditor/controls.rs
+++ b/nel_os_kernel/src/vmm/x86_64/intel/auditor/controls.rs
@ -0,0 +1,113 @@
+use x86::{msr, vmx::vmcs};
+
+use crate::vmm::x86_64::{
+    common::read_msr,
+    intel::{self, vmread},
+};
+
+pub fn check_vmcs_control_fields() -> Result<(), &'static str> {
+    let msr_ia32_vmx_basic = read_msr(msr::IA32_VMX_BASIC);
+    let vmx_true_ctrl = msr_ia32_vmx_basic & (1 << 55) != 0;
+
+    check_pin_based_exec_ctrl(vmx_true_ctrl)?;
+    check_primary_proc_based_exec_ctrl(vmx_true_ctrl)?;
+
+    if intel::vmcs::controls::PrimaryProcessorBasedVmExecutionControls::read()?
+        .activate_secondary_controls()
+    {
+        check_secondary_proc_based_exec_ctrl(vmx_true_ctrl)?;
+    }
+
+    Ok(())
+}
+
+fn check_pin_based_exec_ctrl(vmx_true_ctrl: bool) -> Result<(), &'static str> {
+    let msr_vmx_pin_based_exec_ctrl = if vmx_true_ctrl {
+        read_msr(msr::IA32_VMX_TRUE_PINBASED_CTLS)
+    } else {
+        read_msr(msr::IA32_VMX_PINBASED_CTLS)
+    };
+
+    let vmcs_pin_based_exec_ctrl = vmread(vmcs::control::PINBASED_EXEC_CONTROLS)?;
+    let msr_vmx_pin_based_exec_ctrl_low = (msr_vmx_pin_based_exec_ctrl & 0xFFFFFFFF) as u32;
+    let msr_vmx_pin_based_exec_ctrl_high = (msr_vmx_pin_based_exec_ctrl >> 32) as u32;
+
+    if !(vmcs_pin_based_exec_ctrl & 0xFFFFFFFF) as u32 & msr_vmx_pin_based_exec_ctrl_low != 0 {
+        return Err(
+            "VMCS Pin-based execution controls field: IA32_VMX_PINBASED_CTRLS low bits not set",
+        );
+    }
+    if (vmcs_pin_based_exec_ctrl >> 32) as u32 & !msr_vmx_pin_based_exec_ctrl_high != 0 {
+        return Err(
+            "VMCS Pin-based execution controls field: IA32_VMX_PINBASED_CTRLS high bits not zero",
+        );
+    }
+
+    Ok(())
+}
+
+fn check_primary_proc_based_exec_ctrl(vmx_true_ctrl: bool) -> Result<(), &'static str> {
+    let msr_vmx_primary_proc_based_exec_ctrl = if vmx_true_ctrl {
+        read_msr(msr::IA32_VMX_TRUE_PROCBASED_CTLS)
+    } else {
+        read_msr(msr::IA32_VMX_PROCBASED_CTLS)
+    };
+
+    let vmcs_primary_proc_based_exec_ctrl = vmread(vmcs::control::PRIMARY_PROCBASED_EXEC_CONTROLS)?;
+    let msr_vmx_primary_proc_based_exec_ctrl_low =
+        (msr_vmx_primary_proc_based_exec_ctrl & 0xFFFFFFFF) as u32;
+    let msr_vmx_primary_proc_based_exec_ctrl_high =
+        (msr_vmx_primary_proc_based_exec_ctrl >> 32) as u32;
+
+    if !(vmcs_primary_proc_based_exec_ctrl & 0xFFFFFFFF) as u32
+        & msr_vmx_primary_proc_based_exec_ctrl_low
+        != 0
+    {
+        return Err(
+            "VMCS Primary processor-based execution controls field: IA32_VMX_PROCBASED_CTRLS low bits not set",
+        );
+    }
+    if (vmcs_primary_proc_based_exec_ctrl >> 32) as u32 & !msr_vmx_primary_proc_based_exec_ctrl_high
+        != 0
+    {
+        return Err(
+            "VMCS Primary processor-based execution controls field: IA32_VMX_PROCBASED_CTRLS high bits not zero",
+        );
+    }
+
+    Ok(())
+}
+
+fn check_secondary_proc_based_exec_ctrl(vmx_true_ctrl: bool) -> Result<(), &'static str> {
+    let msr_vmx_secondary_proc_based_exec_ctrl = if vmx_true_ctrl {
+        read_msr(msr::IA32_VMX_PROCBASED_CTLS2)
+    } else {
+        0
+    };
+
+    let vmcs_secondary_proc_based_exec_ctrl =
+        vmread(vmcs::control::SECONDARY_PROCBASED_EXEC_CONTROLS)?;
+    let msr_vmx_secondary_proc_based_exec_ctrl_low =
+        (msr_vmx_secondary_proc_based_exec_ctrl & 0xFFFFFFFF) as u32;
+    let msr_vmx_secondary_proc_based_exec_ctrl_high =
+        (msr_vmx_secondary_proc_based_exec_ctrl >> 32) as u32;
+
+    if !(vmcs_secondary_proc_based_exec_ctrl & 0xFFFFFFFF) as u32
+        & msr_vmx_secondary_proc_based_exec_ctrl_low
+        != 0
+    {
+        return Err(
+            "VMCS Secondary processor-based execution controls field: IA32_VMX_PROCBASED_CTRLS2 low bits not set",
+        );
+    }
+    if (vmcs_secondary_proc_based_exec_ctrl >> 32) as u32
+        & !msr_vmx_secondary_proc_based_exec_ctrl_high
+        != 0
+    {
+        return Err(
+            "VMCS Secondary processor-based execution controls field: IA32_VMX_PROCBASED_CTRLS2 high bits not zero",
+        );
+    }
+
+    Ok(())
+}
--- a/nel_os_kernel/src/vmm/x86_64/intel/auditor/mod.rs
+++ b/nel_os_kernel/src/vmm/x86_64/intel/auditor/mod.rs
@ -0,0 +1 @@
+pub mod controls;
--- a/nel_os_kernel/src/vmm/x86_64/intel/mod.rs
+++ b/nel_os_kernel/src/vmm/x86_64/intel/mod.rs
@ -1,4 +1,5 @@
 pub mod asm;
+mod auditor;
 mod controls;
 mod cpuid;
 mod ept;
--- a/nel_os_kernel/src/vmm/x86_64/intel/vcpu.rs
+++ b/nel_os_kernel/src/vmm/x86_64/intel/vcpu.rs
@ -13,7 +13,7 @@ use crate::{
        x86_64::{
            common::{self, read_msr},
            intel::{
-                controls, cpuid, ept,
+                auditor, controls, cpuid, ept,
                msr::{self, ShadowMsr},
                register::GuestRegisters,
                vmcs::{
@ -123,6 +123,8 @@ impl IntelVCpu {
    fn vmentry(&mut self) -> Result<(), InstructionError> {
        msr::update_msrs(self).unwrap();

+        auditor::controls::check_vmcs_control_fields().unwrap();
+
        let success = {
            let result: u16;
            unsafe {