[PATCH] kvm-kmod: x86: make sure kvm_get_desc_base() doesn't sign extend

[PATCH] kvm-kmod: x86: make sure kvm_get_desc_base() doesn't sign extend

[Bernhard Kohl]

The current implementation of kvm_get_desc_base() sign extends the
return value because of integer promotion rules when compiled for
x86_64 kernels. For the most part, this doesn't matter, because
the top bit of base2 is usually 0. If, however, that bit is 1, then
the entire value will be 0xffff... which is probably not what the
caller intended.

We have a legacy OS which runs into errors in certain situations
(task switches) because of this bug, i.e. error on vm_entry followed
by unhandled vm_exit.

dmesg says:
vmx_handle_exit: unexpected, valid vectoring info (0x80000b0d)
and exit reason is 0x80000021
or
vmx_handle_exit: unexpected, valid vectoring info (0x80000300)
and exit reason is 0x80000021

qemu-kvm says:
kvm: unhandled exit 80000021
kvm_run returned -22

This fix was originally applied as patch 2c75910 in kvm.git:
"x86: Make sure get_user_desc() doesn't sign extend."

Signed-off-by: Bernhard Kohl <bernhard.kohl@nsn.com>
---
 x86/external-module-compat.h |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/x86/external-module-compat.h b/x86/external-module-compat.h
index 15b0280..a2af776 100644
--- a/x86/external-module-compat.h
+++ b/x86/external-module-compat.h
@@ -435,7 +435,7 @@ struct kvm_desc_ptr {
 static inline unsigned long
 kvm_get_desc_base(const struct kvm_desc_struct *desc)
 {
-	return desc->base0 | ((desc->base1) << 16) | ((desc->base2) << 24);
+	return (unsigned)(desc->base0 | ((desc->base1) << 16) | ((desc->base2) << 24));
 }
 
 static inline void
-- 
1.7.2.3

Re: [PATCH] kvm-kmod: x86: make sure kvm_get_desc_base() doesn't sign extend

[Jan Kiszka]

[-- Attachment #1: Type: text/plain, Size: 1717 bytes --]

Am 12.10.2010 17:28, Bernhard Kohl wrote:
> The current implementation of kvm_get_desc_base() sign extends the
> return value because of integer promotion rules when compiled for
> x86_64 kernels. For the most part, this doesn't matter, because
> the top bit of base2 is usually 0. If, however, that bit is 1, then
> the entire value will be 0xffff... which is probably not what the
> caller intended.
> 
> We have a legacy OS which runs into errors in certain situations
> (task switches) because of this bug, i.e. error on vm_entry followed
> by unhandled vm_exit.
> 
> dmesg says:
> vmx_handle_exit: unexpected, valid vectoring info (0x80000b0d)
> and exit reason is 0x80000021
> or
> vmx_handle_exit: unexpected, valid vectoring info (0x80000300)
> and exit reason is 0x80000021
> 
> qemu-kvm says:
> kvm: unhandled exit 80000021
> kvm_run returned -22
> 
> This fix was originally applied as patch 2c75910 in kvm.git:
> "x86: Make sure get_user_desc() doesn't sign extend."
> 
> Signed-off-by: Bernhard Kohl <bernhard.kohl@nsn.com>
> ---
>  x86/external-module-compat.h |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/x86/external-module-compat.h b/x86/external-module-compat.h
> index 15b0280..a2af776 100644
> --- a/x86/external-module-compat.h
> +++ b/x86/external-module-compat.h
> @@ -435,7 +435,7 @@ struct kvm_desc_ptr {
>  static inline unsigned long
>  kvm_get_desc_base(const struct kvm_desc_struct *desc)
>  {
> -	return desc->base0 | ((desc->base1) << 16) | ((desc->base2) << 24);
> +	return (unsigned)(desc->base0 | ((desc->base1) << 16) | ((desc->base2) << 24));
>  }
>  
>  static inline void

Merged, thanks!

Jan


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 259 bytes --]