Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 64610059 authored by Paolo Bonzini's avatar Paolo Bonzini Committed by Greg Kroah-Hartman
Browse files

kvm: x86: fix RSM when PCID is non-zero 



commit fae1a3e775cca8c3a9e0eb34443b310871a15a92 upstream.

rsm_load_state_64() and rsm_enter_protected_mode() load CR3, then
CR4 & ~PCIDE, then CR0, then CR4.

However, setting CR4.PCIDE fails if CR3[11:0] != 0.  It's probably easier
in the long run to replace rsm_enter_protected_mode() with an emulator
callback that sets all the special registers (like KVM_SET_SREGS would
do).  For now, set the PCID field of CR3 only after CR4.PCIDE is 1.

Reported-by: default avatarLaszlo Ersek <lersek@redhat.com>
Tested-by: default avatarLaszlo Ersek <lersek@redhat.com>
Fixes: 660a5d51
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 6cc3f6f1

arch/x86/kvm/emulate.c

+25 −7
Original line number Diff line number Diff line
@@ -2404,9 +2404,21 @@ static int rsm_load_seg_64(struct x86_emulate_ctxt *ctxt, u64 smbase, int n) 
}



static int rsm_enter_protected_mode(struct x86_emulate_ctxt *ctxt,

				     u64 cr0, u64 cr4)

				    u64 cr0, u64 cr3, u64 cr4)

{

	int bad;

	u64 pcid;



	/* In order to later set CR4.PCIDE, CR3[11:0] must be zero.  */

	pcid = 0;

	if (cr4 & X86_CR4_PCIDE) {

		pcid = cr3 & 0xfff;

		cr3 &= ~0xfff;

	}



	bad = ctxt->ops->set_cr(ctxt, 3, cr3);

	if (bad)

		return X86EMUL_UNHANDLEABLE;



	/*

	 * First enable PAE, long mode needs it before CR0.PG = 1 is set.
@@ -2425,6 +2437,12 @@ static int rsm_enter_protected_mode(struct x86_emulate_ctxt *ctxt, 
		bad = ctxt->ops->set_cr(ctxt, 4, cr4);

		if (bad)

			return X86EMUL_UNHANDLEABLE;

		if (pcid) {

			bad = ctxt->ops->set_cr(ctxt, 3, cr3 | pcid);

			if (bad)

				return X86EMUL_UNHANDLEABLE;

		}



	}



	return X86EMUL_CONTINUE;
@@ -2435,11 +2453,11 @@ static int rsm_load_state_32(struct x86_emulate_ctxt *ctxt, u64 smbase) 
	struct desc_struct desc;

	struct desc_ptr dt;

	u16 selector;

	u32 val, cr0, cr4;

	u32 val, cr0, cr3, cr4;

	int i;



	cr0 =                      GET_SMSTATE(u32, smbase, 0x7ffc);

	ctxt->ops->set_cr(ctxt, 3, GET_SMSTATE(u32, smbase, 0x7ff8));

	cr3 =                      GET_SMSTATE(u32, smbase, 0x7ff8);

	ctxt->eflags =             GET_SMSTATE(u32, smbase, 0x7ff4) | X86_EFLAGS_FIXED;

	ctxt->_eip =               GET_SMSTATE(u32, smbase, 0x7ff0);
@@ -2481,14 +2499,14 @@ static int rsm_load_state_32(struct x86_emulate_ctxt *ctxt, u64 smbase) 


	ctxt->ops->set_smbase(ctxt, GET_SMSTATE(u32, smbase, 0x7ef8));



	return rsm_enter_protected_mode(ctxt, cr0, cr4);

	return rsm_enter_protected_mode(ctxt, cr0, cr3, cr4);

}



static int rsm_load_state_64(struct x86_emulate_ctxt *ctxt, u64 smbase)

{

	struct desc_struct desc;

	struct desc_ptr dt;

	u64 val, cr0, cr4;

	u64 val, cr0, cr3, cr4;

	u32 base3;

	u16 selector;

	int i, r;
@@ -2505,7 +2523,7 @@ static int rsm_load_state_64(struct x86_emulate_ctxt *ctxt, u64 smbase) 
	ctxt->ops->set_dr(ctxt, 7, (val & DR7_VOLATILE) | DR7_FIXED_1);



	cr0 =                       GET_SMSTATE(u64, smbase, 0x7f58);

	ctxt->ops->set_cr(ctxt, 3,  GET_SMSTATE(u64, smbase, 0x7f50));

	cr3 =                       GET_SMSTATE(u64, smbase, 0x7f50);

	cr4 =                       GET_SMSTATE(u64, smbase, 0x7f48);

	ctxt->ops->set_smbase(ctxt, GET_SMSTATE(u32, smbase, 0x7f00));

	val =                       GET_SMSTATE(u64, smbase, 0x7ed0);
@@ -2533,7 +2551,7 @@ static int rsm_load_state_64(struct x86_emulate_ctxt *ctxt, u64 smbase) 
	dt.address =                GET_SMSTATE(u64, smbase, 0x7e68);

	ctxt->ops->set_gdt(ctxt, &dt);



	r = rsm_enter_protected_mode(ctxt, cr0, cr4);

	r = rsm_enter_protected_mode(ctxt, cr0, cr3, cr4);

	if (r != X86EMUL_CONTINUE)

		return r;