From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Laszlo Ersek <lersek@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>
Subject: [PATCH 4.9 15/21] kvm: x86: fix RSM when PCID is non-zero
Date: Wed, 27 Dec 2017 17:46:31 +0100 [thread overview]
Message-ID: <20171227164600.831677398@linuxfoundation.org> (raw)
In-Reply-To: <20171227164559.973657621@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paolo Bonzini <pbonzini@redhat.com>
commit fae1a3e775cca8c3a9e0eb34443b310871a15a92 upstream.
rsm_load_state_64() and rsm_enter_protected_mode() load CR3, then
CR4 & ~PCIDE, then CR0, then CR4.
However, setting CR4.PCIDE fails if CR3[11:0] != 0. It's probably easier
in the long run to replace rsm_enter_protected_mode() with an emulator
callback that sets all the special registers (like KVM_SET_SREGS would
do). For now, set the PCID field of CR3 only after CR4.PCIDE is 1.
Reported-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Fixes: 660a5d517aaab9187f93854425c4c63f4a09195c
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/emulate.c | 32 +++++++++++++++++++++++++-------
1 file changed, 25 insertions(+), 7 deletions(-)
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -2395,9 +2395,21 @@ static int rsm_load_seg_64(struct x86_em
}
static int rsm_enter_protected_mode(struct x86_emulate_ctxt *ctxt,
- u64 cr0, u64 cr4)
+ u64 cr0, u64 cr3, u64 cr4)
{
int bad;
+ u64 pcid;
+
+ /* In order to later set CR4.PCIDE, CR3[11:0] must be zero. */
+ pcid = 0;
+ if (cr4 & X86_CR4_PCIDE) {
+ pcid = cr3 & 0xfff;
+ cr3 &= ~0xfff;
+ }
+
+ bad = ctxt->ops->set_cr(ctxt, 3, cr3);
+ if (bad)
+ return X86EMUL_UNHANDLEABLE;
/*
* First enable PAE, long mode needs it before CR0.PG = 1 is set.
@@ -2416,6 +2428,12 @@ static int rsm_enter_protected_mode(stru
bad = ctxt->ops->set_cr(ctxt, 4, cr4);
if (bad)
return X86EMUL_UNHANDLEABLE;
+ if (pcid) {
+ bad = ctxt->ops->set_cr(ctxt, 3, cr3 | pcid);
+ if (bad)
+ return X86EMUL_UNHANDLEABLE;
+ }
+
}
return X86EMUL_CONTINUE;
@@ -2426,11 +2444,11 @@ static int rsm_load_state_32(struct x86_
struct desc_struct desc;
struct desc_ptr dt;
u16 selector;
- u32 val, cr0, cr4;
+ u32 val, cr0, cr3, cr4;
int i;
cr0 = GET_SMSTATE(u32, smbase, 0x7ffc);
- ctxt->ops->set_cr(ctxt, 3, GET_SMSTATE(u32, smbase, 0x7ff8));
+ cr3 = GET_SMSTATE(u32, smbase, 0x7ff8);
ctxt->eflags = GET_SMSTATE(u32, smbase, 0x7ff4) | X86_EFLAGS_FIXED;
ctxt->_eip = GET_SMSTATE(u32, smbase, 0x7ff0);
@@ -2472,14 +2490,14 @@ static int rsm_load_state_32(struct x86_
ctxt->ops->set_smbase(ctxt, GET_SMSTATE(u32, smbase, 0x7ef8));
- return rsm_enter_protected_mode(ctxt, cr0, cr4);
+ return rsm_enter_protected_mode(ctxt, cr0, cr3, cr4);
}
static int rsm_load_state_64(struct x86_emulate_ctxt *ctxt, u64 smbase)
{
struct desc_struct desc;
struct desc_ptr dt;
- u64 val, cr0, cr4;
+ u64 val, cr0, cr3, cr4;
u32 base3;
u16 selector;
int i, r;
@@ -2496,7 +2514,7 @@ static int rsm_load_state_64(struct x86_
ctxt->ops->set_dr(ctxt, 7, (val & DR7_VOLATILE) | DR7_FIXED_1);
cr0 = GET_SMSTATE(u64, smbase, 0x7f58);
- ctxt->ops->set_cr(ctxt, 3, GET_SMSTATE(u64, smbase, 0x7f50));
+ cr3 = GET_SMSTATE(u64, smbase, 0x7f50);
cr4 = GET_SMSTATE(u64, smbase, 0x7f48);
ctxt->ops->set_smbase(ctxt, GET_SMSTATE(u32, smbase, 0x7f00));
val = GET_SMSTATE(u64, smbase, 0x7ed0);
@@ -2524,7 +2542,7 @@ static int rsm_load_state_64(struct x86_
dt.address = GET_SMSTATE(u64, smbase, 0x7e68);
ctxt->ops->set_gdt(ctxt, &dt);
- r = rsm_enter_protected_mode(ctxt, cr0, cr4);
+ r = rsm_enter_protected_mode(ctxt, cr0, cr3, cr4);
if (r != X86EMUL_CONTINUE)
return r;
next prev parent reply other threads:[~2017-12-27 16:47 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-27 16:46 [PATCH 4.9 00/21] 4.9.73-stable review Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 01/21] ACPI: APEI / ERST: Fix missing error handling in erst_reader() Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 02/21] acpi, nfit: fix health event notification Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 03/21] crypto: mcryptd - protect the per-CPU queue with a lock Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 04/21] mfd: cros ec: spi: Dont send first message too soon Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 05/21] mfd: twl4030-audio: Fix sibling-node lookup Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 06/21] mfd: twl6040: Fix child-node lookup Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 07/21] ALSA: rawmidi: Avoid racy info ioctl via ctl device Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 08/21] ALSA: usb-audio: Add native DSD support for Esoteric D-05X Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 09/21] ALSA: usb-audio: Fix the missing ctl name suffix at parsing SU Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 10/21] PCI / PM: Force devices to D0 in pci_pm_thaw_noirq() Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 11/21] parisc: Hide Diva-built-in serial aux and graphics card Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 12/21] spi: xilinx: Detect stall with Unknown commands Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 13/21] pinctrl: cherryview: Mask all interrupts on Intel_Strago based systems Greg Kroah-Hartman
2017-12-27 16:46 ` Greg Kroah-Hartman [this message]
2017-12-27 16:46 ` [PATCH 4.9 16/21] clk: sunxi: sun9i-mmc: Implement reset callback for reset controls Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 17/21] powerpc/perf: Dereference BHRB entries safely Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 18/21] libnvdimm, pfn: fix start_pad handling for aligned namespaces Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 19/21] net: mvneta: clear interface link status on port disable Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 20/21] net: mvneta: use proper rxq_number in loop on rx queues Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 21/21] net: mvneta: eliminate wrong call to handle rx descriptor error Greg Kroah-Hartman
2017-12-28 15:42 ` [PATCH 4.9 00/21] 4.9.73-stable review Guenter Roeck
2017-12-28 16:33 ` Naresh Kamboju
2017-12-29 9:18 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171227164600.831677398@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=lersek@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.