From: Sean Christopherson <seanjc@google.com>
To: Aaron Lewis <aaronlewis@google.com>
Cc: kvm@vger.kernel.org, pbonzini@redhat.com, jmattson@google.com
Subject: Re: [kvm-unit-tests PATCH 1/3] x86: Fix a #GP from occurring in usermode's exception handlers
Date: Thu, 9 Dec 2021 20:04:26 +0000 [thread overview]
Message-ID: <YbJhSq0xsUMow1Pb@google.com> (raw)
In-Reply-To: <20211209182624.2316453-2-aaronlewis@google.com>
Nit on the subject, "usermode's exception handlers" reads like KUT is handling
exceptions in usermode. Maybe "usermode library's exception handlers"?
On Thu, Dec 09, 2021, Aaron Lewis wrote:
> When handling an exception in usermode.c the exception handler #GPs when
> executing 'iret' to return from the exception handler. This happens
> because the stack segment selector does not have the same privilege
> level as the return code segment selector. Set the stack segment
> selector to match the code segment selector's privilege level to fix the
> issue.
>
> This problem has been disguised in kvm-unit-tests because a #GP
> exception handler has been registered with run_in_user() for the tests
> that are currently using this feature. With a #GP exception handler
> registered, the first exception will be processed then #GP on the
> return. Then, because the exception handlers run at CPL0, SS:RSP for
s/return/IRET for clarity
> CPL0 will be pushed onto the stack matching KERNEL_CS, which is set in
> ex_regs.cs in the exception handler.
The IRET from the second #GP will then succeed, and the subsequent lngjmp() will
restore RSP to a sane value. But if no #GP handler is installed, e.g. if a test
wants to handle only #ACs, the #GP on the initial IRET will be fatal.
> This is only a problem in 64-bit mode because 64-bit mode
> unconditionally pops SS:RSP (SDM vol 3, 6.14.3 "IRET in IA-32e Mode").
> In 32-bit mode SS:RSP is not popped because there is no privilege level
> change when returning from the #GP.
>
> Signed-off-by: Aaron Lewis <aaronlewis@google.com>
Reviewed-by: Sean Christopherson <seanjc@google.com>
next prev parent reply other threads:[~2021-12-09 20:04 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-09 18:26 [kvm-unit-tests PATCH 0/3] Add additional testing for routing L2 exceptions Aaron Lewis
2021-12-09 18:26 ` [kvm-unit-tests PATCH 1/3] x86: Fix a #GP from occurring in usermode's exception handlers Aaron Lewis
2021-12-09 20:04 ` Sean Christopherson [this message]
2021-12-09 18:26 ` [kvm-unit-tests PATCH 2/3] x86: Align L2's stacks Aaron Lewis
2021-12-09 20:06 ` Sean Christopherson
2021-12-09 18:26 ` [kvm-unit-tests PATCH 3/3] x86: Add test coverage for the routing logic when exceptions occur in L2 Aaron Lewis
2021-12-09 21:15 ` Sean Christopherson
2021-12-14 1:19 ` Aaron Lewis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YbJhSq0xsUMow1Pb@google.com \
--to=seanjc@google.com \
--cc=aaronlewis@google.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.