From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: Lara Lazier <laramglazier@gmail.com>
Subject: [PULL 09/15] target/i386: Added consistency checks for EFER
Date: Thu, 22 Jul 2021 17:36:06 +0200 [thread overview]
Message-ID: <20210722153612.955537-10-pbonzini@redhat.com> (raw)
In-Reply-To: <20210722153612.955537-1-pbonzini@redhat.com>
From: Lara Lazier <laramglazier@gmail.com>
EFER.SVME has to be set, and EFER reserved bits must
be zero.
In addition the combinations
* EFER.LMA or EFER.LME is non-zero and the processor does not support LM
* non-zero EFER.LME and CR0.PG and zero CR4.PAE
* non-zero EFER.LME and CR0.PG and zero CR0.PE
* non-zero EFER.LME, CR0.PG, CR4.PAE, CS.L and CS.D
are all invalid.
(AMD64 Architecture Programmer's Manual, V2, 15.5)
Signed-off-by: Lara Lazier <laramglazier@gmail.com>
Message-Id: <20210721152651.14683-3-laramglazier@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/cpu.h | 5 ++++
target/i386/tcg/sysemu/svm_helper.c | 39 +++++++++++++++++++++++++++++
2 files changed, 44 insertions(+)
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 1f7e8d7f0a..6c50d3ab4f 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -475,6 +475,11 @@ typedef enum X86Seg {
#define MSR_EFER_SVME (1 << 12)
#define MSR_EFER_FFXSR (1 << 14)
+#define MSR_EFER_RESERVED\
+ (~(target_ulong)(MSR_EFER_SCE | MSR_EFER_LME\
+ | MSR_EFER_LMA | MSR_EFER_NXE | MSR_EFER_SVME\
+ | MSR_EFER_FFXSR))
+
#define MSR_STAR 0xc0000081
#define MSR_LSTAR 0xc0000082
#define MSR_CSTAR 0xc0000083
diff --git a/target/i386/tcg/sysemu/svm_helper.c b/target/i386/tcg/sysemu/svm_helper.c
index d7d7a86aa9..4d64ec378e 100644
--- a/target/i386/tcg/sysemu/svm_helper.c
+++ b/target/i386/tcg/sysemu/svm_helper.c
@@ -75,6 +75,41 @@ static inline bool ctl_has_irq(uint32_t int_ctl)
return (int_ctl & V_IRQ_MASK) && (int_prio >= tpr);
}
+static inline bool is_efer_invalid_state (CPUX86State *env)
+{
+ if (!(env->efer & MSR_EFER_SVME)) {
+ return true;
+ }
+
+ if (env->efer & MSR_EFER_RESERVED) {
+ return true;
+ }
+
+ if ((env->efer & (MSR_EFER_LMA | MSR_EFER_LME)) &&
+ !(env->features[FEAT_8000_0001_EDX] & CPUID_EXT2_LM)) {
+ return true;
+ }
+
+ if ((env->efer & MSR_EFER_LME) && (env->cr[0] & CR0_PG_MASK)
+ && !(env->cr[4] & CR4_PAE_MASK)) {
+ return true;
+ }
+
+ if ((env->efer & MSR_EFER_LME) && (env->cr[0] & CR0_PG_MASK)
+ && !(env->cr[0] & CR0_PE_MASK)) {
+ return true;
+ }
+
+ if ((env->efer & MSR_EFER_LME) && (env->cr[0] & CR0_PG_MASK)
+ && (env->cr[4] & CR4_PAE_MASK)
+ && (env->segs[R_CS].flags & DESC_L_MASK)
+ && (env->segs[R_CS].flags & DESC_B_MASK)) {
+ return true;
+ }
+
+ return false;
+}
+
void helper_vmrun(CPUX86State *env, int aflag, int next_eip_addend)
{
CPUState *cs = env_cpu(env);
@@ -291,6 +326,10 @@ void helper_vmrun(CPUX86State *env, int aflag, int next_eip_addend)
}
#endif
+ if (is_efer_invalid_state(env)) {
+ cpu_vmexit(env, SVM_EXIT_ERR, 0, GETPC());
+ }
+
switch (x86_ldub_phys(cs,
env->vm_vmcb + offsetof(struct vmcb, control.tlb_ctl))) {
case TLB_CONTROL_DO_NOTHING:
--
2.31.1
next prev parent reply other threads:[~2021-07-22 15:38 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-22 15:35 [PULL 00/15] Misc bugfix patches for 2021-07-22 Paolo Bonzini
2021-07-22 15:35 ` [PULL 01/15] qemu-config: never call the callback after an error, fix leak Paolo Bonzini
2021-07-22 15:35 ` [PULL 02/15] qemu-config: fix memory leak on ferror() Paolo Bonzini
2021-07-22 15:36 ` [PULL 03/15] vl: Parse legacy default_machine_opts Paolo Bonzini
2021-07-22 15:36 ` [PULL 04/15] chardev-spice: add missing module_obj directive Paolo Bonzini
2021-07-22 17:41 ` Philippe Mathieu-Daudé
2021-07-22 15:36 ` [PULL 05/15] usb: fix usb-host dependency check Paolo Bonzini
2021-07-22 15:36 ` [PULL 06/15] qemu-config: restore "machine" in qmp_query_command_line_options() Paolo Bonzini
2021-07-22 15:36 ` [PULL 07/15] target/i386: Added V_INTR_PRIO check to virtual interrupts Paolo Bonzini
2021-07-22 15:36 ` [PULL 08/15] target/i386: Added consistency checks for CR4 Paolo Bonzini
2021-08-31 17:03 ` Richard W.M. Jones
2021-08-31 17:12 ` Daniel P. Berrangé
2021-08-31 17:35 ` Daniel P. Berrangé
2021-07-22 15:36 ` Paolo Bonzini [this message]
2021-07-22 15:36 ` [PULL 10/15] configure: Drop obsolete check for the alloc_size attribute Paolo Bonzini
2021-07-22 15:36 ` [PULL 11/15] meson: fix dependencies for modinfo Paolo Bonzini
2021-07-22 15:36 ` [PULL 12/15] configure: Fix --without-default-features propagation to meson Paolo Bonzini
2021-07-22 15:36 ` [PULL 13/15] configure: Allow vnc to get disabled with --without-default-features Paolo Bonzini
2021-07-22 15:36 ` [PULL 14/15] configure: Fix the default setting of the "xen" feature Paolo Bonzini
2021-07-22 15:36 ` [PULL 15/15] configure: Let --without-default-features disable vhost-kernel and vhost-vdpa Paolo Bonzini
2021-07-23 10:15 ` [PULL 00/15] Misc bugfix patches for 2021-07-22 Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210722153612.955537-10-pbonzini@redhat.com \
--to=pbonzini@redhat.com \
--cc=laramglazier@gmail.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).