From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Laszlo Ersek <lersek@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>
Subject: [PATCH 4.9 15/21] kvm: x86: fix RSM when PCID is non-zero
Date: Wed, 27 Dec 2017 17:46:31 +0100 [thread overview]
Message-ID: <20171227164600.831677398@linuxfoundation.org> (raw)
In-Reply-To: <20171227164559.973657621@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paolo Bonzini <pbonzini@redhat.com>
commit fae1a3e775cca8c3a9e0eb34443b310871a15a92 upstream.
rsm_load_state_64() and rsm_enter_protected_mode() load CR3, then
CR4 & ~PCIDE, then CR0, then CR4.
However, setting CR4.PCIDE fails if CR3[11:0] != 0. It's probably easier
in the long run to replace rsm_enter_protected_mode() with an emulator
callback that sets all the special registers (like KVM_SET_SREGS would
do). For now, set the PCID field of CR3 only after CR4.PCIDE is 1.
Reported-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Fixes: 660a5d517aaab9187f93854425c4c63f4a09195c
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/emulate.c | 32 +++++++++++++++++++++++++-------
1 file changed, 25 insertions(+), 7 deletions(-)
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -2395,9 +2395,21 @@ static int rsm_load_seg_64(struct x86_em
}
static int rsm_enter_protected_mode(struct x86_emulate_ctxt *ctxt,
- u64 cr0, u64 cr4)
+ u64 cr0, u64 cr3, u64 cr4)
{
int bad;
+ u64 pcid;
+
+ /* In order to later set CR4.PCIDE, CR3[11:0] must be zero. */
+ pcid = 0;
+ if (cr4 & X86_CR4_PCIDE) {
+ pcid = cr3 & 0xfff;
+ cr3 &= ~0xfff;
+ }
+
+ bad = ctxt->ops->set_cr(ctxt, 3, cr3);
+ if (bad)
+ return X86EMUL_UNHANDLEABLE;
/*
* First enable PAE, long mode needs it before CR0.PG = 1 is set.
@@ -2416,6 +2428,12 @@ static int rsm_enter_protected_mode(stru
bad = ctxt->ops->set_cr(ctxt, 4, cr4);
if (bad)
return X86EMUL_UNHANDLEABLE;
+ if (pcid) {
+ bad = ctxt->ops->set_cr(ctxt, 3, cr3 | pcid);
+ if (bad)
+ return X86EMUL_UNHANDLEABLE;
+ }
+
}
return X86EMUL_CONTINUE;
@@ -2426,11 +2444,11 @@ static int rsm_load_state_32(struct x86_
struct desc_struct desc;
struct desc_ptr dt;
u16 selector;
- u32 val, cr0, cr4;
+ u32 val, cr0, cr3, cr4;
int i;
cr0 = GET_SMSTATE(u32, smbase, 0x7ffc);
- ctxt->ops->set_cr(ctxt, 3, GET_SMSTATE(u32, smbase, 0x7ff8));
+ cr3 = GET_SMSTATE(u32, smbase, 0x7ff8);
ctxt->eflags = GET_SMSTATE(u32, smbase, 0x7ff4) | X86_EFLAGS_FIXED;
ctxt->_eip = GET_SMSTATE(u32, smbase, 0x7ff0);
@@ -2472,14 +2490,14 @@ static int rsm_load_state_32(struct x86_
ctxt->ops->set_smbase(ctxt, GET_SMSTATE(u32, smbase, 0x7ef8));
- return rsm_enter_protected_mode(ctxt, cr0, cr4);
+ return rsm_enter_protected_mode(ctxt, cr0, cr3, cr4);
}
static int rsm_load_state_64(struct x86_emulate_ctxt *ctxt, u64 smbase)
{
struct desc_struct desc;
struct desc_ptr dt;
- u64 val, cr0, cr4;
+ u64 val, cr0, cr3, cr4;
u32 base3;
u16 selector;
int i, r;
@@ -2496,7 +2514,7 @@ static int rsm_load_state_64(struct x86_
ctxt->ops->set_dr(ctxt, 7, (val & DR7_VOLATILE) | DR7_FIXED_1);
cr0 = GET_SMSTATE(u64, smbase, 0x7f58);
- ctxt->ops->set_cr(ctxt, 3, GET_SMSTATE(u64, smbase, 0x7f50));
+ cr3 = GET_SMSTATE(u64, smbase, 0x7f50);
cr4 = GET_SMSTATE(u64, smbase, 0x7f48);
ctxt->ops->set_smbase(ctxt, GET_SMSTATE(u32, smbase, 0x7f00));
val = GET_SMSTATE(u64, smbase, 0x7ed0);
@@ -2524,7 +2542,7 @@ static int rsm_load_state_64(struct x86_
dt.address = GET_SMSTATE(u64, smbase, 0x7e68);
ctxt->ops->set_gdt(ctxt, &dt);
- r = rsm_enter_protected_mode(ctxt, cr0, cr4);
+ r = rsm_enter_protected_mode(ctxt, cr0, cr3, cr4);
if (r != X86EMUL_CONTINUE)
return r;
next prev parent reply other threads:[~2017-12-27 16:46 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-27 16:46 [PATCH 4.9 00/21] 4.9.73-stable review Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 01/21] ACPI: APEI / ERST: Fix missing error handling in erst_reader() Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 02/21] acpi, nfit: fix health event notification Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 03/21] crypto: mcryptd - protect the per-CPU queue with a lock Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 04/21] mfd: cros ec: spi: Dont send first message too soon Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 05/21] mfd: twl4030-audio: Fix sibling-node lookup Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 06/21] mfd: twl6040: Fix child-node lookup Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 07/21] ALSA: rawmidi: Avoid racy info ioctl via ctl device Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 08/21] ALSA: usb-audio: Add native DSD support for Esoteric D-05X Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 09/21] ALSA: usb-audio: Fix the missing ctl name suffix at parsing SU Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 10/21] PCI / PM: Force devices to D0 in pci_pm_thaw_noirq() Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 11/21] parisc: Hide Diva-built-in serial aux and graphics card Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 12/21] spi: xilinx: Detect stall with Unknown commands Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 13/21] pinctrl: cherryview: Mask all interrupts on Intel_Strago based systems Greg Kroah-Hartman
2017-12-27 16:46 ` Greg Kroah-Hartman [this message]
2017-12-27 16:46 ` [PATCH 4.9 16/21] clk: sunxi: sun9i-mmc: Implement reset callback for reset controls Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 17/21] powerpc/perf: Dereference BHRB entries safely Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 18/21] libnvdimm, pfn: fix start_pad handling for aligned namespaces Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 19/21] net: mvneta: clear interface link status on port disable Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 20/21] net: mvneta: use proper rxq_number in loop on rx queues Greg Kroah-Hartman
2017-12-27 16:46 ` [PATCH 4.9 21/21] net: mvneta: eliminate wrong call to handle rx descriptor error Greg Kroah-Hartman
2017-12-28 15:42 ` [PATCH 4.9 00/21] 4.9.73-stable review Guenter Roeck
2017-12-28 16:33 ` Naresh Kamboju
2017-12-29 9:18 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171227164600.831677398@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=lersek@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).