From: Sean Christopherson <seanjc@google.com>
To: Maxim Levitsky <mlevitsk@redhat.com>
Cc: kvm@vger.kernel.org, x86@kernel.org,
Kees Cook <keescook@chromium.org>,
Dave Hansen <dave.hansen@linux.intel.com>,
linux-kernel@vger.kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Borislav Petkov <bp@alien8.de>, Joerg Roedel <joro@8bytes.org>,
Ingo Molnar <mingo@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Wanpeng Li <wanpengli@tencent.com>,
Jim Mattson <jmattson@google.com>
Subject: Re: [PATCH v2 05/11] KVM: x86: emulator: update the emulation mode after CR0 write
Date: Wed, 20 Jul 2022 23:50:03 +0000 [thread overview]
Message-ID: <YtiUq7jm2Z1NTRv3@google.com> (raw)
In-Reply-To: <20220621150902.46126-6-mlevitsk@redhat.com>
On Tue, Jun 21, 2022, Maxim Levitsky wrote:
> CR0.PE toggles real/protected mode, thus its update
> should update the emulation mode.
>
> This is likely a benign bug because there is no writeback
> of state, other than the RIP increment, and when toggling
> CR0.PE, the CPU has to execute code from a very low memory address.
>
> Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
> ---
> arch/x86/kvm/emulate.c | 13 ++++++++++++-
> 1 file changed, 12 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
> index 6f4632babc4cd8..002687d17f9364 100644
> --- a/arch/x86/kvm/emulate.c
> +++ b/arch/x86/kvm/emulate.c
> @@ -3659,11 +3659,22 @@ static int em_movbe(struct x86_emulate_ctxt *ctxt)
>
> static int em_cr_write(struct x86_emulate_ctxt *ctxt)
> {
> - if (ctxt->ops->set_cr(ctxt, ctxt->modrm_reg, ctxt->src.val))
> + int cr_num = ctxt->modrm_reg;
> + int r;
> +
> + if (ctxt->ops->set_cr(ctxt, cr_num, ctxt->src.val))
> return emulate_gp(ctxt, 0);
>
> /* Disable writeback. */
> ctxt->dst.type = OP_NONE;
> +
> + if (cr_num == 0) {
> + /* CR0 write might have updated CR0.PE */
Or toggled CR0.PG. It's probably also worth noting that ->set_cr() handles side
effects to other registers, e.g. the lack of an EFER.LMA update makes this look
suspicious at first glance.
> + r = update_emulation_mode(ctxt);
> + if (r != X86EMUL_CONTINUE)
> + return r;
> + }
> +
> return X86EMUL_CONTINUE;
> }
>
> --
> 2.26.3
>
next prev parent reply other threads:[~2022-07-20 23:50 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-21 15:08 [PATCH v2 00/11] SMM emulation and interrupt shadow fixes Maxim Levitsky
2022-06-21 15:08 ` [PATCH v2 01/11] KVM: x86: emulator: em_sysexit should update ctxt->mode Maxim Levitsky
2022-06-21 15:08 ` [PATCH v2 02/11] KVM: x86: emulator: introduce update_emulation_mode Maxim Levitsky
2022-07-20 23:44 ` Sean Christopherson
2022-07-21 11:52 ` Maxim Levitsky
2022-07-21 14:23 ` Sean Christopherson
2022-06-21 15:08 ` [PATCH v2 03/11] KVM: x86: emulator: remove assign_eip_near/far Maxim Levitsky
2022-07-20 23:51 ` Sean Christopherson
2022-07-21 11:52 ` Maxim Levitsky
2022-06-21 15:08 ` [PATCH v2 04/11] KVM: x86: emulator: update the emulation mode after rsm Maxim Levitsky
2022-06-21 15:08 ` [PATCH v2 05/11] KVM: x86: emulator: update the emulation mode after CR0 write Maxim Levitsky
2022-07-20 23:50 ` Sean Christopherson [this message]
2022-07-21 11:53 ` Maxim Levitsky
2022-07-21 14:11 ` Sean Christopherson
2022-07-21 14:57 ` Maxim Levitsky
2022-06-21 15:08 ` [PATCH v2 06/11] KVM: x86: emulator/smm: number of GPRs in the SMRAM image depends on the image format Maxim Levitsky
2022-07-21 0:06 ` Sean Christopherson
2022-07-21 0:09 ` Sean Christopherson
2022-06-21 15:08 ` [PATCH v2 07/11] KVM: x86: emulator/smm: add structs for KVM's smram layout Maxim Levitsky
2022-07-21 0:40 ` Sean Christopherson
2022-07-21 11:54 ` Maxim Levitsky
2022-06-21 15:08 ` [PATCH v2 08/11] KVM: x86: emulator/smm: use smram struct for 32 bit smram load/restore Maxim Levitsky
2022-06-21 15:09 ` [PATCH v2 09/11] KVM: x86: emulator/smm: use smram struct for 64 " Maxim Levitsky
2022-07-21 0:38 ` Sean Christopherson
2022-07-21 11:54 ` Maxim Levitsky
2022-06-21 15:09 ` [PATCH v2 10/11] KVM: x86: SVM: use smram structs Maxim Levitsky
2022-07-21 0:18 ` Sean Christopherson
2022-07-21 11:54 ` Maxim Levitsky
2022-07-21 0:39 ` Sean Christopherson
2022-07-21 11:54 ` Maxim Levitsky
2022-06-21 15:09 ` [PATCH v2 11/11] KVM: x86: emulator/smm: preserve interrupt shadow in SMRAM Maxim Levitsky
2022-06-29 16:31 ` Jim Mattson
2022-06-30 6:00 ` Maxim Levitsky
2022-06-30 16:00 ` Jim Mattson
2022-07-05 13:38 ` Maxim Levitsky
2022-07-05 13:40 ` Maxim Levitsky
2022-07-05 13:51 ` Maxim Levitsky
2022-07-06 18:13 ` Jim Mattson
2022-07-06 20:00 ` Maxim Levitsky
2022-07-06 20:38 ` Jim Mattson
2022-07-10 16:05 ` Maxim Levitsky
2022-06-29 7:21 ` [PATCH v2 00/11] SMM emulation and interrupt shadow fixes Maxim Levitsky
2022-07-14 11:06 ` Maxim Levitsky
2022-07-20 8:47 ` Maxim Levitsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YtiUq7jm2Z1NTRv3@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=keescook@chromium.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=mlevitsk@redhat.com \
--cc=pbonzini@redhat.com \
--cc=tglx@linutronix.de \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.