AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-20 02:36:47 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
946c522b60
linux_dsm_epyc7002/arch/x86
History
Sean Christopherson 946c522b60 KVM: nVMX: Sign extend displacements of VMX instr's mem operands 
The VMCS.EXIT_QUALIFCATION field reports the displacements of memory
operands for various instructions, including VMX instructions, as a
naturally sized unsigned value, but masks the value by the addr size,
e.g. given a ModRM encoded as -0x28(%ebp), the -0x28 displacement is
reported as 0xffffffd8 for a 32-bit address size.  Despite some weird
wording regarding sign extension, the SDM explicitly states that bits
beyond the instructions address size are undefined:

    In all cases, bits of this field beyond the instruction’s address
    size are undefined.

Failure to sign extend the displacement results in KVM incorrectly
treating a negative displacement as a large positive displacement when
the address size of the VMX instruction is smaller than KVM's native
size, e.g. a 32-bit address size on a 64-bit KVM.

The very original decoding, added by commit 064aea7747 ("KVM: nVMX:
Decoding memory operands of VMX instructions"), sort of modeled sign
extension by truncating the final virtual/linear address for a 32-bit
address size.  I.e. it messed up the effective address but made it work
by adjusting the final address.

When segmentation checks were added, the truncation logic was kept
as-is and no sign extension logic was introduced.  In other words, it
kept calculating the wrong effective address while mostly generating
the correct virtual/linear address.  As the effective address is what's
used in the segment limit checks, this results in KVM incorreclty
injecting #GP/#SS faults due to non-existent segment violations when
a nested VMM uses negative displacements with an address size smaller
than KVM's native address size.

Using the -0x28(%ebp) example, an EBP value of 0x1000 will result in
KVM using 0x100000fd8 as the effective address when checking for a
segment limit violation.  This causes a 100% failure rate when running
a 32-bit KVM build as L1 on top of a 64-bit KVM L0.

Fixes: f9eb4af67c ("KVM: nVMX: VMX instructions: add checks for #GP/#SS exceptions")
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-20 22:48:22 +01:00
..
boot x86/boot/compressed/64: Do not corrupt EDX on EFER.LME=1 setting 2019-02-06 18:56:18 +01:00
configs PCI: consolidate PCI config entry in drivers/pci 2018-11-23 11:45:34 +09:00
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2018-12-27 13:53:32 -08:00
entry x86/entry/64/compat: Fix stack switching for XEN PV 2019-01-18 00:39:33 +01:00
events perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() 2019-02-04 08:44:51 +01:00
hyperv x86/hyper-v: Add HvFlushGuestAddressList hypercall support 2018-12-21 11:28:39 +01:00
ia32 Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
include KVM: x86: Explicitly #define the VCPU_REGS_* indices 2019-02-20 22:47:38 +01:00
kernel x86/kvmclock: set offset for kvm unstable clock 2019-02-20 22:48:19 +01:00
kvm KVM: nVMX: Sign extend displacements of VMX instr's mem operands 2019-02-20 22:48:22 +01:00
lib x86: explicitly align IO accesses in memcpy_{to,from}io 2019-02-01 09:07:48 -08:00
math-emu Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
mm x86/mm/cpa: Fix set_mce_nospec() 2019-02-08 14:31:56 +01:00
net bpf: Add bpf_line_info support 2018-12-09 13:54:38 -08:00
oprofile
pci pci-v4.21-changes 2019-01-05 17:57:34 -08:00
platform Merge branch 'x86-platform-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-12-26 18:42:51 -08:00
power mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
purgatory kbuild: move bin2c back to scripts/ from scripts/basic/ 2018-07-18 01:18:05 +09:00
ras
realmode
tools x86: Clean up 'sizeof x' => 'sizeof(x)' 2018-10-29 07:13:28 +01:00
um Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
video
xen xen: fixes for 5.0-rc3 2019-01-19 05:53:41 +12:00
.gitignore
Kbuild KVM: x86: Allow Qemu/KVM to use PVH entry point 2018-12-13 13:41:49 -05:00
Kconfig x86/resctrl: Avoid confusion over the new X86_RESCTRL config 2019-02-02 10:34:52 +01:00
Kconfig.cpu x86/cpu: Create Hygon Dhyana architecture support file 2018-09-27 16:14:05 +02:00
Kconfig.debug x86/kconfig: Remove redundant 'default n' lines from all x86 Kconfig's 2018-10-17 08:39:42 +02:00
Makefile jump_label: move 'asm goto' support test to Kconfig 2019-01-06 09:46:51 +09:00
Makefile_32.cpu
Makefile.um x86, powerpc: Remove -funit-at-a-time compiler option entirely 2018-12-09 11:55:32 +01:00