Merge 4.14.50 into android-4.14

# SPDX-License-Identifier: GPL-2.0

VERSION = 4

PATCHLEVEL = 14

SUBLEVEL = 49

SUBLEVEL = 50

EXTRAVERSION =

NAME = Petit Gorille

	 *  @addr:  [IN ] Linear address from which to read.

	 *  @val:   [OUT] Value read from memory, zero-extended to 'u_long'.

	 *  @bytes: [IN ] Number of bytes to read from memory.

	 *  @system:[IN ] Whether the access is forced to be at CPL0.

	 */

	int (*read_std)(struct x86_emulate_ctxt *ctxt,

			unsigned long addr, void *val,

			unsigned int bytes,

			struct x86_exception *fault);

			struct x86_exception *fault, bool system);

	/*

	 * read_phys: Read bytes of standard (non-emulated/special) memory.

	 *  @addr:  [IN ] Linear address to which to write.

	 *  @val:   [OUT] Value write to memory, zero-extended to 'u_long'.

	 *  @bytes: [IN ] Number of bytes to write to memory.

	 *  @system:[IN ] Whether the access is forced to be at CPL0.

	 */

	int (*write_std)(struct x86_emulate_ctxt *ctxt,

			 unsigned long addr, void *val, unsigned int bytes,

			 struct x86_exception *fault);

			 struct x86_exception *fault, bool system);

	/*

	 * fetch: Read bytes of standard (non-emulated/special) memory.

	 *        Used for instruction fetch.

	return assign_eip_near(ctxt, ctxt->_eip + rel);

}

static int linear_read_system(struct x86_emulate_ctxt *ctxt, ulong linear,

			      void *data, unsigned size)

{

	return ctxt->ops->read_std(ctxt, linear, data, size, &ctxt->exception, true);

}

static int linear_write_system(struct x86_emulate_ctxt *ctxt,

			       ulong linear, void *data,

			       unsigned int size)

{

	return ctxt->ops->write_std(ctxt, linear, data, size, &ctxt->exception, true);

}

static int segmented_read_std(struct x86_emulate_ctxt *ctxt,

			      struct segmented_address addr,

			      void *data,

	rc = linearize(ctxt, addr, size, false, &linear);

	if (rc != X86EMUL_CONTINUE)

		return rc;

	return ctxt->ops->read_std(ctxt, linear, data, size, &ctxt->exception);

	return ctxt->ops->read_std(ctxt, linear, data, size, &ctxt->exception, false);

}

static int segmented_write_std(struct x86_emulate_ctxt *ctxt,

	rc = linearize(ctxt, addr, size, true, &linear);

	if (rc != X86EMUL_CONTINUE)

		return rc;

	return ctxt->ops->write_std(ctxt, linear, data, size, &ctxt->exception);

	return ctxt->ops->write_std(ctxt, linear, data, size, &ctxt->exception, false);

}

/*

		return emulate_gp(ctxt, index << 3 | 0x2);

	addr = dt.address + index * 8;

	return ctxt->ops->read_std(ctxt, addr, desc, sizeof *desc,

				   &ctxt->exception);

	return linear_read_system(ctxt, addr, desc, sizeof *desc);

}

static void get_descriptor_table_ptr(struct x86_emulate_ctxt *ctxt,

	if (rc != X86EMUL_CONTINUE)

		return rc;

	return ctxt->ops->read_std(ctxt, *desc_addr_p, desc, sizeof(*desc),

				   &ctxt->exception);

	return linear_read_system(ctxt, *desc_addr_p, desc, sizeof(*desc));

}

/* allowed just for 8 bytes segments */

	if (rc != X86EMUL_CONTINUE)

		return rc;

	return ctxt->ops->write_std(ctxt, addr, desc, sizeof *desc,

				    &ctxt->exception);

	return linear_write_system(ctxt, addr, desc, sizeof *desc);

}

static int __load_segment_descriptor(struct x86_emulate_ctxt *ctxt,

				return ret;

		}

	} else if (ctxt->mode == X86EMUL_MODE_PROT64) {

		ret = ctxt->ops->read_std(ctxt, desc_addr+8, &base3,

				sizeof(base3), &ctxt->exception);

		ret = linear_read_system(ctxt, desc_addr+8, &base3, sizeof(base3));

		if (ret != X86EMUL_CONTINUE)

			return ret;

		if (emul_is_noncanonical_address(get_desc_base(&seg_desc) |

	eip_addr = dt.address + (irq << 2);

	cs_addr = dt.address + (irq << 2) + 2;

	rc = ops->read_std(ctxt, cs_addr, &cs, 2, &ctxt->exception);

	rc = linear_read_system(ctxt, cs_addr, &cs, 2);

	if (rc != X86EMUL_CONTINUE)

		return rc;

	rc = ops->read_std(ctxt, eip_addr, &eip, 2, &ctxt->exception);

	rc = linear_read_system(ctxt, eip_addr, &eip, 2);

	if (rc != X86EMUL_CONTINUE)

		return rc;

#ifdef CONFIG_X86_64

	base |= ((u64)base3) << 32;

#endif

	r = ops->read_std(ctxt, base + 102, &io_bitmap_ptr, 2, NULL);

	r = ops->read_std(ctxt, base + 102, &io_bitmap_ptr, 2, NULL, true);

	if (r != X86EMUL_CONTINUE)

		return false;

	if (io_bitmap_ptr + port/8 > desc_limit_scaled(&tr_seg))

		return false;

	r = ops->read_std(ctxt, base + io_bitmap_ptr + port/8, &perm, 2, NULL);

	r = ops->read_std(ctxt, base + io_bitmap_ptr + port/8, &perm, 2, NULL, true);

	if (r != X86EMUL_CONTINUE)

		return false;

	if ((perm >> bit_idx) & mask)

			  u16 tss_selector, u16 old_tss_sel,

			  ulong old_tss_base, struct desc_struct *new_desc)

{

	const struct x86_emulate_ops *ops = ctxt->ops;

	struct tss_segment_16 tss_seg;

	int ret;

	u32 new_tss_base = get_desc_base(new_desc);

	ret = ops->read_std(ctxt, old_tss_base, &tss_seg, sizeof tss_seg,

			    &ctxt->exception);

	ret = linear_read_system(ctxt, old_tss_base, &tss_seg, sizeof tss_seg);

	if (ret != X86EMUL_CONTINUE)

		return ret;

	save_state_to_tss16(ctxt, &tss_seg);

	ret = ops->write_std(ctxt, old_tss_base, &tss_seg, sizeof tss_seg,

			     &ctxt->exception);

	ret = linear_write_system(ctxt, old_tss_base, &tss_seg, sizeof tss_seg);

	if (ret != X86EMUL_CONTINUE)

		return ret;

	ret = ops->read_std(ctxt, new_tss_base, &tss_seg, sizeof tss_seg,

			    &ctxt->exception);

	ret = linear_read_system(ctxt, new_tss_base, &tss_seg, sizeof tss_seg);

	if (ret != X86EMUL_CONTINUE)

		return ret;

	if (old_tss_sel != 0xffff) {

		tss_seg.prev_task_link = old_tss_sel;

		ret = ops->write_std(ctxt, new_tss_base,

		ret = linear_write_system(ctxt, new_tss_base,

					  &tss_seg.prev_task_link,

				     sizeof tss_seg.prev_task_link,

				     &ctxt->exception);

					  sizeof tss_seg.prev_task_link);

		if (ret != X86EMUL_CONTINUE)

			return ret;

	}

			  u16 tss_selector, u16 old_tss_sel,

			  ulong old_tss_base, struct desc_struct *new_desc)

{

	const struct x86_emulate_ops *ops = ctxt->ops;

	struct tss_segment_32 tss_seg;

	int ret;

	u32 new_tss_base = get_desc_base(new_desc);

	u32 eip_offset = offsetof(struct tss_segment_32, eip);

	u32 ldt_sel_offset = offsetof(struct tss_segment_32, ldt_selector);

	ret = ops->read_std(ctxt, old_tss_base, &tss_seg, sizeof tss_seg,

			    &ctxt->exception);

	ret = linear_read_system(ctxt, old_tss_base, &tss_seg, sizeof tss_seg);

	if (ret != X86EMUL_CONTINUE)

		return ret;

	save_state_to_tss32(ctxt, &tss_seg);

	/* Only GP registers and segment selectors are saved */

	ret = ops->write_std(ctxt, old_tss_base + eip_offset, &tss_seg.eip,

			     ldt_sel_offset - eip_offset, &ctxt->exception);

	ret = linear_write_system(ctxt, old_tss_base + eip_offset, &tss_seg.eip,

				  ldt_sel_offset - eip_offset);

	if (ret != X86EMUL_CONTINUE)

		return ret;

	ret = ops->read_std(ctxt, new_tss_base, &tss_seg, sizeof tss_seg,

			    &ctxt->exception);

	ret = linear_read_system(ctxt, new_tss_base, &tss_seg, sizeof tss_seg);

	if (ret != X86EMUL_CONTINUE)

		return ret;

	if (old_tss_sel != 0xffff) {

		tss_seg.prev_task_link = old_tss_sel;

		ret = ops->write_std(ctxt, new_tss_base,

		ret = linear_write_system(ctxt, new_tss_base,

					  &tss_seg.prev_task_link,

				     sizeof tss_seg.prev_task_link,

				     &ctxt->exception);

					  sizeof tss_seg.prev_task_link);

		if (ret != X86EMUL_CONTINUE)

			return ret;

	}

				maxphyaddr = eax & 0xff;

			else

				maxphyaddr = 36;

			rsvd = rsvd_bits(maxphyaddr, 62);

			rsvd = rsvd_bits(maxphyaddr, 63);

			if (ctxt->ops->get_cr(ctxt, 4) & X86_CR4_PCIDE)

				rsvd &= ~CR3_PCID_INVD;

		}

		if (new_val & rsvd)

			vmcs_read32(VMX_INSTRUCTION_INFO), false, &gva))

		return 1;

	if (kvm_read_guest_virt(&vcpu->arch.emulate_ctxt, gva, vmpointer,

				sizeof(*vmpointer), &e)) {

	if (kvm_read_guest_virt(vcpu, gva, vmpointer, sizeof(*vmpointer), &e)) {

		kvm_inject_page_fault(vcpu, &e);

		return 1;

	}

		return 1;

	}

	/* CPL=0 must be checked manually. */

	if (vmx_get_cpl(vcpu)) {

		kvm_queue_exception(vcpu, UD_VECTOR);

		return 1;

	}

	if (vmx->nested.vmxon) {

		nested_vmx_failValid(vcpu, VMXERR_VMXON_IN_VMX_ROOT_OPERATION);

		return kvm_skip_emulated_instruction(vcpu);

 */

static int nested_vmx_check_permission(struct kvm_vcpu *vcpu)

{

	if (vmx_get_cpl(vcpu)) {

		kvm_queue_exception(vcpu, UD_VECTOR);

		return 0;

	}

	if (!to_vmx(vcpu)->nested.vmxon) {

		kvm_queue_exception(vcpu, UD_VECTOR);

		return 0;

		if (get_vmx_mem_address(vcpu, exit_qualification,

				vmx_instruction_info, true, &gva))

			return 1;

		/* _system ok, as hardware has verified cpl=0 */

		kvm_write_guest_virt_system(&vcpu->arch.emulate_ctxt, gva,

			     &field_value, (is_long_mode(vcpu) ? 8 : 4), NULL);

		/* _system ok, nested_vmx_check_permission has verified cpl=0 */

		kvm_write_guest_virt_system(vcpu, gva, &field_value,

					    (is_long_mode(vcpu) ? 8 : 4), NULL);

	}

	nested_vmx_succeed(vcpu);

		if (get_vmx_mem_address(vcpu, exit_qualification,

				vmx_instruction_info, false, &gva))

			return 1;

		if (kvm_read_guest_virt(&vcpu->arch.emulate_ctxt, gva,

			   &field_value, (is_64_bit_mode(vcpu) ? 8 : 4), &e)) {

		if (kvm_read_guest_virt(vcpu, gva, &field_value,

					(is_64_bit_mode(vcpu) ? 8 : 4), &e)) {

			kvm_inject_page_fault(vcpu, &e);

			return 1;

		}

	if (get_vmx_mem_address(vcpu, exit_qualification,

			vmx_instruction_info, true, &vmcs_gva))

		return 1;

	/* ok to use *_system, as hardware has verified cpl=0 */

	if (kvm_write_guest_virt_system(&vcpu->arch.emulate_ctxt, vmcs_gva,

	/* *_system ok, nested_vmx_check_permission has verified cpl=0 */

	if (kvm_write_guest_virt_system(vcpu, vmcs_gva,

					(void *)&to_vmx(vcpu)->nested.current_vmptr,

					sizeof(u64), &e)) {

		kvm_inject_page_fault(vcpu, &e);

	if (get_vmx_mem_address(vcpu, vmcs_readl(EXIT_QUALIFICATION),

			vmx_instruction_info, false, &gva))

		return 1;

	if (kvm_read_guest_virt(&vcpu->arch.emulate_ctxt, gva, &operand,

				sizeof(operand), &e)) {

	if (kvm_read_guest_virt(vcpu, gva, &operand, sizeof(operand), &e)) {

		kvm_inject_page_fault(vcpu, &e);

		return 1;

	}

	if (get_vmx_mem_address(vcpu, vmcs_readl(EXIT_QUALIFICATION),

			vmx_instruction_info, false, &gva))

		return 1;

	if (kvm_read_guest_virt(&vcpu->arch.emulate_ctxt, gva, &operand,

				sizeof(operand), &e)) {

	if (kvm_read_guest_virt(vcpu, gva, &operand, sizeof(operand), &e)) {

		kvm_inject_page_fault(vcpu, &e);

		return 1;

	}

	}

	if (is_long_mode(vcpu) &&

	    (cr3 & rsvd_bits(cpuid_maxphyaddr(vcpu), 62)))

	    (cr3 & rsvd_bits(cpuid_maxphyaddr(vcpu), 63)))

		return 1;

	else if (is_pae(vcpu) && is_paging(vcpu) &&

		   !load_pdptrs(vcpu, vcpu->arch.walk_mmu, cr3))

	return X86EMUL_CONTINUE;

}

int kvm_read_guest_virt(struct x86_emulate_ctxt *ctxt,

int kvm_read_guest_virt(struct kvm_vcpu *vcpu,

			       gva_t addr, void *val, unsigned int bytes,

			       struct x86_exception *exception)

{

	struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);

	u32 access = (kvm_x86_ops->get_cpl(vcpu) == 3) ? PFERR_USER_MASK : 0;

	return kvm_read_guest_virt_helper(addr, val, bytes, vcpu, access,

}

EXPORT_SYMBOL_GPL(kvm_read_guest_virt);

static int kvm_read_guest_virt_system(struct x86_emulate_ctxt *ctxt,

static int emulator_read_std(struct x86_emulate_ctxt *ctxt,

			     gva_t addr, void *val, unsigned int bytes,

				      struct x86_exception *exception)

			     struct x86_exception *exception, bool system)

{

	struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);

	return kvm_read_guest_virt_helper(addr, val, bytes, vcpu, 0, exception);

	u32 access = 0;

	if (!system && kvm_x86_ops->get_cpl(vcpu) == 3)

		access |= PFERR_USER_MASK;

	return kvm_read_guest_virt_helper(addr, val, bytes, vcpu, access, exception);

}

static int kvm_read_guest_phys_system(struct x86_emulate_ctxt *ctxt,

	return r < 0 ? X86EMUL_IO_NEEDED : X86EMUL_CONTINUE;

}

int kvm_write_guest_virt_system(struct x86_emulate_ctxt *ctxt,

				       gva_t addr, void *val,

				       unsigned int bytes,

static int kvm_write_guest_virt_helper(gva_t addr, void *val, unsigned int bytes,

				      struct kvm_vcpu *vcpu, u32 access,

				      struct x86_exception *exception)

{

	struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);

	void *data = val;

	int r = X86EMUL_CONTINUE;

	while (bytes) {

		gpa_t gpa =  vcpu->arch.walk_mmu->gva_to_gpa(vcpu, addr,

							     PFERR_WRITE_MASK,

							     access,

							     exception);

		unsigned offset = addr & (PAGE_SIZE-1);

		unsigned towrite = min(bytes, (unsigned)PAGE_SIZE - offset);

out:

	return r;

}

static int emulator_write_std(struct x86_emulate_ctxt *ctxt, gva_t addr, void *val,

			      unsigned int bytes, struct x86_exception *exception,

			      bool system)

{

	struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);

	u32 access = PFERR_WRITE_MASK;

	if (!system && kvm_x86_ops->get_cpl(vcpu) == 3)

		access |= PFERR_USER_MASK;

	return kvm_write_guest_virt_helper(addr, val, bytes, vcpu,

					   access, exception);

}

int kvm_write_guest_virt_system(struct kvm_vcpu *vcpu, gva_t addr, void *val,

				unsigned int bytes, struct x86_exception *exception)

{

	return kvm_write_guest_virt_helper(addr, val, bytes, vcpu,

					   PFERR_WRITE_MASK, exception);

}

EXPORT_SYMBOL_GPL(kvm_write_guest_virt_system);

static int vcpu_is_mmio_gpa(struct kvm_vcpu *vcpu, unsigned long gva,

static const struct x86_emulate_ops emulate_ops = {

	.read_gpr            = emulator_read_gpr,

	.write_gpr           = emulator_write_gpr,

	.read_std            = kvm_read_guest_virt_system,

	.write_std           = kvm_write_guest_virt_system,

	.read_std            = emulator_read_std,

	.write_std           = emulator_write_std,

	.read_phys           = kvm_read_guest_phys_system,

	.fetch               = kvm_fetch_guest_virt,

	.read_emulated       = emulator_read_emulated,