From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Laszlo Ersek <lersek@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>
Subject: [PATCH 4.4 12/63] kvm: x86: fix RSM when PCID is non-zero
Date: Mon, 1 Jan 2018 15:24:30 +0100 [thread overview]
Message-ID: <20180101140044.407785320@linuxfoundation.org> (raw)
In-Reply-To: <20180101140042.456380281@linuxfoundation.org>
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paolo Bonzini <pbonzini@redhat.com>
commit fae1a3e775cca8c3a9e0eb34443b310871a15a92 upstream.
rsm_load_state_64() and rsm_enter_protected_mode() load CR3, then
CR4 & ~PCIDE, then CR0, then CR4.
However, setting CR4.PCIDE fails if CR3[11:0] != 0. It's probably easier
in the long run to replace rsm_enter_protected_mode() with an emulator
callback that sets all the special registers (like KVM_SET_SREGS would
do). For now, set the PCID field of CR3 only after CR4.PCIDE is 1.
Reported-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Fixes: 660a5d517aaab9187f93854425c4c63f4a09195c
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/emulate.c | 32 +++++++++++++++++++++++++-------
1 file changed, 25 insertions(+), 7 deletions(-)
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -2383,9 +2383,21 @@ static int rsm_load_seg_64(struct x86_em
}
static int rsm_enter_protected_mode(struct x86_emulate_ctxt *ctxt,
- u64 cr0, u64 cr4)
+ u64 cr0, u64 cr3, u64 cr4)
{
int bad;
+ u64 pcid;
+
+ /* In order to later set CR4.PCIDE, CR3[11:0] must be zero. */
+ pcid = 0;
+ if (cr4 & X86_CR4_PCIDE) {
+ pcid = cr3 & 0xfff;
+ cr3 &= ~0xfff;
+ }
+
+ bad = ctxt->ops->set_cr(ctxt, 3, cr3);
+ if (bad)
+ return X86EMUL_UNHANDLEABLE;
/*
* First enable PAE, long mode needs it before CR0.PG = 1 is set.
@@ -2404,6 +2416,12 @@ static int rsm_enter_protected_mode(stru
bad = ctxt->ops->set_cr(ctxt, 4, cr4);
if (bad)
return X86EMUL_UNHANDLEABLE;
+ if (pcid) {
+ bad = ctxt->ops->set_cr(ctxt, 3, cr3 | pcid);
+ if (bad)
+ return X86EMUL_UNHANDLEABLE;
+ }
+
}
return X86EMUL_CONTINUE;
@@ -2414,11 +2432,11 @@ static int rsm_load_state_32(struct x86_
struct desc_struct desc;
struct desc_ptr dt;
u16 selector;
- u32 val, cr0, cr4;
+ u32 val, cr0, cr3, cr4;
int i;
cr0 = GET_SMSTATE(u32, smbase, 0x7ffc);
- ctxt->ops->set_cr(ctxt, 3, GET_SMSTATE(u32, smbase, 0x7ff8));
+ cr3 = GET_SMSTATE(u32, smbase, 0x7ff8);
ctxt->eflags = GET_SMSTATE(u32, smbase, 0x7ff4) | X86_EFLAGS_FIXED;
ctxt->_eip = GET_SMSTATE(u32, smbase, 0x7ff0);
@@ -2460,14 +2478,14 @@ static int rsm_load_state_32(struct x86_
ctxt->ops->set_smbase(ctxt, GET_SMSTATE(u32, smbase, 0x7ef8));
- return rsm_enter_protected_mode(ctxt, cr0, cr4);
+ return rsm_enter_protected_mode(ctxt, cr0, cr3, cr4);
}
static int rsm_load_state_64(struct x86_emulate_ctxt *ctxt, u64 smbase)
{
struct desc_struct desc;
struct desc_ptr dt;
- u64 val, cr0, cr4;
+ u64 val, cr0, cr3, cr4;
u32 base3;
u16 selector;
int i, r;
@@ -2484,7 +2502,7 @@ static int rsm_load_state_64(struct x86_
ctxt->ops->set_dr(ctxt, 7, (val & DR7_VOLATILE) | DR7_FIXED_1);
cr0 = GET_SMSTATE(u64, smbase, 0x7f58);
- ctxt->ops->set_cr(ctxt, 3, GET_SMSTATE(u64, smbase, 0x7f50));
+ cr3 = GET_SMSTATE(u64, smbase, 0x7f50);
cr4 = GET_SMSTATE(u64, smbase, 0x7f48);
ctxt->ops->set_smbase(ctxt, GET_SMSTATE(u32, smbase, 0x7f00));
val = GET_SMSTATE(u64, smbase, 0x7ed0);
@@ -2512,7 +2530,7 @@ static int rsm_load_state_64(struct x86_
dt.address = GET_SMSTATE(u64, smbase, 0x7e68);
ctxt->ops->set_gdt(ctxt, &dt);
- r = rsm_enter_protected_mode(ctxt, cr0, cr4);
+ r = rsm_enter_protected_mode(ctxt, cr0, cr3, cr4);
if (r != X86EMUL_CONTINUE)
return r;
next prev parent reply other threads:[~2018-01-01 14:25 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-01 14:24 [PATCH 4.4 00/63] 4.4.109-stable review Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 01/63] ACPI: APEI / ERST: Fix missing error handling in erst_reader() Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 02/63] crypto: mcryptd - protect the per-CPU queue with a lock Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 03/63] mfd: cros ec: spi: Dont send first message too soon Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 04/63] mfd: twl4030-audio: Fix sibling-node lookup Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 05/63] mfd: twl6040: Fix child-node lookup Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 06/63] ALSA: rawmidi: Avoid racy info ioctl via ctl device Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 07/63] ALSA: usb-audio: Fix the missing ctl name suffix at parsing SU Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 08/63] PCI / PM: Force devices to D0 in pci_pm_thaw_noirq() Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 09/63] parisc: Hide Diva-built-in serial aux and graphics card Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 10/63] spi: xilinx: Detect stall with Unknown commands Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 11/63] KVM: X86: Fix load RFLAGS w/o the fixed bit Greg Kroah-Hartman
2018-01-01 14:24 ` Greg Kroah-Hartman [this message]
2018-01-01 14:24 ` [PATCH 4.4 13/63] powerpc/perf: Dereference BHRB entries safely Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 14/63] net: mvneta: clear interface link status on port disable Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 15/63] tracing: Remove extra zeroing out of the ring buffer page Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 16/63] tracing: Fix possible double free on failure of allocating trace buffer Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 17/63] tracing: Fix crash when it fails to alloc ring buffer Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 18/63] ring-buffer: Mask out the info bits when returning buffer page length Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 19/63] iw_cxgb4: Only validate the MSN for successful completions Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 20/63] ASoC: fsl_ssi: AC97 ops need regmap, clock and cleaning up on failure Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 21/63] ASoC: twl4030: fix child-node lookup Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 22/63] ALSA: hda: Drop useless WARN_ON() Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 23/63] ALSA: hda - fix headset mic detection issue on a Dell machine Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 24/63] x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly() Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 25/63] x86/mm: Remove flush_tlb() and flush_tlb_current_task() Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 26/63] x86/mm: Make flush_tlb_mm_range() more predictable Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 27/63] x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range() Greg Kroah-Hartman
2018-01-01 14:24 ` Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 28/63] x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code Greg Kroah-Hartman
2018-01-01 14:24 ` Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 29/63] x86/mm: Disable PCID on 32-bit kernels Greg Kroah-Hartman
2018-01-01 14:24 ` Greg Kroah-Hartman
2018-01-09 16:05 ` David Woodhouse
2018-01-09 18:18 ` David Woodhouse
2018-01-01 14:24 ` [PATCH 4.4 30/63] x86/mm: Add the nopcid boot option to turn off PCID Greg Kroah-Hartman
2018-01-01 14:24 ` Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 31/63] x86/mm: Enable CR4.PCIDE on supported systems Greg Kroah-Hartman
2018-01-01 14:24 ` Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 32/63] x86/mm/64: Fix reboot interaction with CR4.PCIDE Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 33/63] kbuild: add -fno-stack-check to kernel build options Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 34/63] ipv4: igmp: guard against silly MTU values Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 35/63] ipv6: mcast: better catch silly mtu values Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 36/63] net: igmp: Use correct source address on IGMPv3 reports Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 37/63] netlink: Add netns check on taps Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 38/63] net: qmi_wwan: add Sierra EM7565 1199:9091 Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 39/63] net: reevalulate autoflowlabel setting after sysctl setting Greg Kroah-Hartman
2018-01-21 23:05 ` Ben Hutchings
2018-01-01 14:24 ` [PATCH 4.4 40/63] tcp md5sig: Use skbs saddr when replying to an incoming segment Greg Kroah-Hartman
2018-01-01 14:24 ` [PATCH 4.4 41/63] tg3: Fix rx hang on MTU change with 5717/5719 Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 42/63] net: ipv4: fix for a race condition in raw_sendmsg Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 43/63] net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 44/63] sctp: Replace use of sockets_allocated with specified macro Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 45/63] ipv4: Fix use-after-free when flushing FIB tables Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 46/63] net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 47/63] net: Fix double free and memory corruption in get_net_ns_by_id() Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 48/63] net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg workaround Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 49/63] sock: free skb in skb_complete_tx_timestamp on error Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 50/63] usbip: fix usbip bind writing random string after command in match_busid Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 51/63] usbip: stub: stop printing kernel pointer addresses in messages Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 52/63] usbip: vhci: " Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 53/63] USB: serial: ftdi_sio: add id for Airbus DS P8GR Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 54/63] USB: serial: qcserial: add Sierra Wireless EM7565 Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 55/63] USB: serial: option: add support for Telit ME910 PID 0x1101 Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 56/63] USB: serial: option: adding support for YUGA CLM920-NC5 Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 57/63] usb: Add device quirk for Logitech HD Pro Webcam C925e Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 58/63] usb: add RESET_RESUME for ELSA MicroLink 56K Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 59/63] USB: Fix off by one in type-specific length check of BOS SSP capability Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 60/63] usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201 Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 61/63] nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick() Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 62/63] x86/smpboot: Remove stale TLB flush invocations Greg Kroah-Hartman
2018-01-01 14:25 ` [PATCH 4.4 63/63] n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD) Greg Kroah-Hartman
2018-01-01 17:29 ` [PATCH 4.4 00/63] 4.4.109-stable review Nathan Chancellor
2018-01-01 20:16 ` Greg Kroah-Hartman
2018-01-01 19:07 ` kernelci.org bot
2018-01-01 19:26 ` Naresh Kamboju
2018-01-02 16:46 ` Guenter Roeck
2018-01-02 22:26 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180101140044.407785320@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=lersek@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.