Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0367f205 authored by Paolo Bonzini's avatar Paolo Bonzini
Browse files

KVM: vmx: add support for emulating UMIP 



UMIP can be emulated almost perfectly on Intel processor by enabling
descriptor-table exits.  SMSW does not cause a vmexit and hence it
cannot be changed into a #GP fault, but all in all it's the most
"innocuous" of the unprivileged instructions that UMIP blocks.

In fact, Linux is _also_ emulating SMSW instructions on behalf of the
program that executes them, because some 16-bit programs expect to use
SMSW to detect vm86 mode, so this is an even smaller issue.

Reviewed-by: default avatarWanpeng Li <wanpeng.li@hotmail.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parent 66336cab

arch/x86/kvm/vmx.c

+27 −2
Original line number Original line Diff line number Diff line
@@ -3662,6 +3662,7 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf) 
			SECONDARY_EXEC_ENABLE_EPT |

			SECONDARY_EXEC_ENABLE_EPT |

			SECONDARY_EXEC_UNRESTRICTED_GUEST |

			SECONDARY_EXEC_UNRESTRICTED_GUEST |

			SECONDARY_EXEC_PAUSE_LOOP_EXITING |

			SECONDARY_EXEC_PAUSE_LOOP_EXITING |

			SECONDARY_EXEC_DESC |

			SECONDARY_EXEC_RDTSCP |

			SECONDARY_EXEC_RDTSCP |

			SECONDARY_EXEC_ENABLE_INVPCID |

			SECONDARY_EXEC_ENABLE_INVPCID |

			SECONDARY_EXEC_APIC_REGISTER_VIRT |

			SECONDARY_EXEC_APIC_REGISTER_VIRT |
@@ -4369,6 +4370,14 @@ static int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) 
		(to_vmx(vcpu)->rmode.vm86_active ?

		(to_vmx(vcpu)->rmode.vm86_active ?

		 KVM_RMODE_VM_CR4_ALWAYS_ON : KVM_PMODE_VM_CR4_ALWAYS_ON);

		 KVM_RMODE_VM_CR4_ALWAYS_ON : KVM_PMODE_VM_CR4_ALWAYS_ON);





	if ((cr4 & X86_CR4_UMIP) && !boot_cpu_has(X86_FEATURE_UMIP)) {

		vmcs_set_bits(SECONDARY_VM_EXEC_CONTROL,

			      SECONDARY_EXEC_DESC);

		hw_cr4 &= ~X86_CR4_UMIP;

	} else

		vmcs_clear_bits(SECONDARY_VM_EXEC_CONTROL,

				SECONDARY_EXEC_DESC);



	if (cr4 & X86_CR4_VMXE) {

	if (cr4 & X86_CR4_VMXE) {

		/*

		/*

		 * To use VMXON (and later other VMX instructions), a guest

		 * To use VMXON (and later other VMX instructions), a guest
@@ -5308,6 +5317,7 @@ static void vmx_compute_secondary_exec_control(struct vcpu_vmx *vmx) 
	struct kvm_vcpu *vcpu = &vmx->vcpu;

	struct kvm_vcpu *vcpu = &vmx->vcpu;





	u32 exec_control = vmcs_config.cpu_based_2nd_exec_ctrl;

	u32 exec_control = vmcs_config.cpu_based_2nd_exec_ctrl;



	if (!cpu_need_virtualize_apic_accesses(vcpu))

	if (!cpu_need_virtualize_apic_accesses(vcpu))

		exec_control &= ~SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES;

		exec_control &= ~SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES;

	if (vmx->vpid == 0)

	if (vmx->vpid == 0)
@@ -5326,6 +5336,11 @@ static void vmx_compute_secondary_exec_control(struct vcpu_vmx *vmx) 
		exec_control &= ~(SECONDARY_EXEC_APIC_REGISTER_VIRT |

		exec_control &= ~(SECONDARY_EXEC_APIC_REGISTER_VIRT |

				  SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY);

				  SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY);

	exec_control &= ~SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE;

	exec_control &= ~SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE;



	/* SECONDARY_EXEC_DESC is enabled/disabled on writes to CR4.UMIP,

	 * in vmx_set_cr4.  */

	exec_control &= ~SECONDARY_EXEC_DESC;



	/* SECONDARY_EXEC_SHADOW_VMCS is enabled when L1 executes VMPTRLD

	/* SECONDARY_EXEC_SHADOW_VMCS is enabled when L1 executes VMPTRLD

	   (handle_vmptrld).

	   (handle_vmptrld).

	   We can NOT enable shadow_vmcs here because we don't have yet

	   We can NOT enable shadow_vmcs here because we don't have yet
@@ -6101,6 +6116,12 @@ static int handle_set_cr4(struct kvm_vcpu *vcpu, unsigned long val) 
		return kvm_set_cr4(vcpu, val);

		return kvm_set_cr4(vcpu, val);

}

}





static int handle_desc(struct kvm_vcpu *vcpu)

{

	WARN_ON(!(vcpu->arch.cr4 & X86_CR4_UMIP));

	return emulate_instruction(vcpu, 0) == EMULATE_DONE;

}



static int handle_cr(struct kvm_vcpu *vcpu)

static int handle_cr(struct kvm_vcpu *vcpu)

{

{

	unsigned long exit_qualification, val;

	unsigned long exit_qualification, val;
@@ -8193,6 +8214,8 @@ static int (*const kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = { 
	[EXIT_REASON_XSETBV]                  = handle_xsetbv,

	[EXIT_REASON_XSETBV]                  = handle_xsetbv,

	[EXIT_REASON_TASK_SWITCH]             = handle_task_switch,

	[EXIT_REASON_TASK_SWITCH]             = handle_task_switch,

	[EXIT_REASON_MCE_DURING_VMENTRY]      = handle_machine_check,

	[EXIT_REASON_MCE_DURING_VMENTRY]      = handle_machine_check,

	[EXIT_REASON_GDTR_IDTR]		      = handle_desc,

	[EXIT_REASON_LDTR_TR]		      = handle_desc,

	[EXIT_REASON_EPT_VIOLATION]	      = handle_ept_violation,

	[EXIT_REASON_EPT_VIOLATION]	      = handle_ept_violation,

	[EXIT_REASON_EPT_MISCONFIG]           = handle_ept_misconfig,

	[EXIT_REASON_EPT_MISCONFIG]           = handle_ept_misconfig,

	[EXIT_REASON_PAUSE_INSTRUCTION]       = handle_pause,

	[EXIT_REASON_PAUSE_INSTRUCTION]       = handle_pause,
@@ -9157,7 +9180,8 @@ static bool vmx_xsaves_supported(void) 




static bool vmx_umip_emulated(void)

static bool vmx_umip_emulated(void)

{

{

	return false;

	return vmcs_config.cpu_based_2nd_exec_ctrl &

		SECONDARY_EXEC_DESC;

}

}





static void vmx_recover_nmi_blocking(struct vcpu_vmx *vmx)

static void vmx_recover_nmi_blocking(struct vcpu_vmx *vmx)
@@ -9755,7 +9779,8 @@ static void vmcs_set_secondary_exec_control(u32 new_ctl) 
	u32 mask =

	u32 mask =

		SECONDARY_EXEC_SHADOW_VMCS |

		SECONDARY_EXEC_SHADOW_VMCS |

		SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |

		SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |

		SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES;

		SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |

		SECONDARY_EXEC_DESC;





	u32 cur_ctl = vmcs_read32(SECONDARY_VM_EXEC_CONTROL);

	u32 cur_ctl = vmcs_read32(SECONDARY_VM_EXEC_CONTROL);