From patchwork Mon Mar 19 16:07:39 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Sasha Levin X-Patchwork-Id: 10292939 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 856F6602BD for ; Mon, 19 Mar 2018 16:10:34 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6AEA52953A for ; Mon, 19 Mar 2018 16:10:34 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 627AB29512; Mon, 19 Mar 2018 16:10:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 545DE2953A for ; Mon, 19 Mar 2018 16:10:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965784AbeCSQKN (ORCPT ); Mon, 19 Mar 2018 12:10:13 -0400 Received: from mail-by2nam01on0091.outbound.protection.outlook.com ([104.47.34.91]:17618 "EHLO NAM01-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S966563AbeCSQKH (ORCPT ); Mon, 19 Mar 2018 12:10:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=WAgpU7OKDyA5gN3toW9LUihhvWE4JoVZSG8pavuLWKo=; b=gtYMh0vu7OWwOe5rhcVFMbcuhTUPrJrp05d7bzEPy0ocBk24aMsoWMqAH+xI7qYHjUCY0tXuQtru84V9uCFCM78gJGyinpqhXDQww3w4cYFte8GFJ/90vJFwm2kxmILEv1hy7YnqUdW/Lsuj0iQDe5jCtrktAECugarAx9imjJY= Received: from DM5PR2101MB1032.namprd21.prod.outlook.com (52.132.128.13) by DM5PR2101MB0919.namprd21.prod.outlook.com (52.132.132.164) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.631.0; Mon, 19 Mar 2018 16:09:58 +0000 Received: from DM5PR2101MB1032.namprd21.prod.outlook.com ([fe80::3d9b:79e7:94eb:5d62]) by DM5PR2101MB1032.namprd21.prod.outlook.com ([fe80::3d9b:79e7:94eb:5d62%5]) with mapi id 15.20.0631.004; Mon, 19 Mar 2018 16:09:58 +0000 From: Sasha Levin To: "linux-kernel@vger.kernel.org" , "stable@vger.kernel.org" CC: Roman Pen , Mikhail Sennikovskii , Paolo Bonzini , =?utf-8?B?UmFkaW0gS3LDhG3Dg8Khw4XihKI=?= , "kvm@vger.kernel.org" , Sasha Levin Subject: [PATCH AUTOSEL for 4.4 110/167] KVM: SVM: do not zero out segment attributes if segment is unusable or not present Thread-Topic: [PATCH AUTOSEL for 4.4 110/167] KVM: SVM: do not zero out segment attributes if segment is unusable or not present Thread-Index: AQHTv5xnBX769WC0n0mZTQI7OG7gfA== Date: Mon, 19 Mar 2018 16:07:39 +0000 Message-ID: <20180319160513.16384-110-alexander.levin@microsoft.com> References: <20180319160513.16384-1-alexander.levin@microsoft.com> In-Reply-To: <20180319160513.16384-1-alexander.levin@microsoft.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [52.168.54.252] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; DM5PR2101MB0919; 7:kFdqNt+2YfouP+C7aeDxN3pVjHYHl346wrUwurux4K39XtMBB1lYu3kCMK28GYpJ7tBLnuJcbsHHwFnPnweWyxNvbgBJTcjCjsDShAJx8MFAEBl2rwMYt0mcnT/xWokZ4TX0IRqHmcochfAIuD6Flc1kVvxSxoZkkh9QlHJwChlPzOr500kRE7ci2+3gYqN82x08lHK9hm3o1Cnp9FoenTOwFzFQkYp/R9PjrCKri9phR8D1+S6DPf4hXsRx6C8a; 20:aN8Mti+lYTONFwDVFH5RRRQPcx5QZVqg9k7hvczgviUnavqffpHW4vmAZBwqhb+Low4L6tOd5/XGxLbYub9GffI+HxG3xTHQhHYUZw8QdRuzWRvjMN3ivuO/AZ9jC+4RH8v5OkQfxDb99PolPmow/tVigqhsJao/ZaPjbiqmtvY= x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 7e9daa2e-a828-4952-5943-08d58db3dccf x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7193020); SRVR:DM5PR2101MB0919; x-ms-traffictypediagnostic: DM5PR2101MB0919: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Alexander.Levin@microsoft.com; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(28532068793085)(89211679590171)(9452136761055)(85827821059158); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(61425038)(6040522)(2401047)(5005006)(8121501046)(3231221)(944501300)(52105095)(3002001)(93006095)(93001095)(10201501046)(6055026)(61426038)(61427038)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(20161123564045)(20161123558120)(6072148)(201708071742011); SRVR:DM5PR2101MB0919; BCL:0; PCL:0; RULEID:; SRVR:DM5PR2101MB0919; x-forefront-prvs: 06167FAD59 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(39380400002)(396003)(39860400002)(376002)(366004)(199004)(189003)(66066001)(575784001)(2906002)(86362001)(10290500003)(105586002)(8676002)(305945005)(110136005)(478600001)(4326008)(7736002)(81166006)(3280700002)(6506007)(97736004)(107886003)(5660300001)(36756003)(8936002)(53936002)(86612001)(14454004)(59450400001)(1076002)(2501003)(6116002)(10090500001)(76176011)(186003)(3846002)(5250100002)(6512007)(99286004)(102836004)(106356001)(72206003)(81156014)(2950100002)(6666003)(54906003)(3660700001)(22452003)(68736007)(6486002)(25786009)(26005)(316002)(2900100001)(6436002)(22906009)(217873001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR2101MB0919; H:DM5PR2101MB1032.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: 3M8AFXTlsk4fV0qapBB5k/qPdBciGcfB0DvrDmDynyKbERaaBBH5CAijTeLpa3S0qGyaVcS5x8RpQpIE5D4pZyD93dWXLCUsMaE8C6W5ylSKgLtvnmRCMSvJWAAyh3ZqnJZyphUJe1uc1N7nFLc4JIlky+GjK5o/VU2A7+Qa/JhdflOqOOyTldoM8lgaodcriIPPiBCGVaLJ5CJEI2PEcnEWyvzEVe3Q4u02cdMeeaOGeoE29PJZXTl6nfTzYs8NEFur9rtO681MlWMwvQRyHObXidzpTDoKDZGMvfQCyZ3ATGIgiYKHIBAsT/YLaGGZe4/7V2oyilqICF46KaU/fA== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-ID: <2191C64FEBDAA94EB5A61383D63233DC@namprd21.prod.outlook.com> MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7e9daa2e-a828-4952-5943-08d58db3dccf X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Mar 2018 16:07:39.9169 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR2101MB0919 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Roman Pen [ Upstream commit d9c1b5431d5f0e07575db785a022bce91051ac1d ] This is a fix for the problem [1], where VMCB.CPL was set to 0 and interrupt was taken on userspace stack. The root cause lies in the specific AMD CPU behaviour which manifests itself as unusable segment attributes on SYSRET. The corresponding work around for the kernel is the following: 61f01dd941ba ("x86_64, asm: Work around AMD SYSRET SS descriptor attribute issue") In other turn virtualization side treated unusable segment incorrectly and restored CPL from SS attributes, which were zeroed out few lines above. In current patch it is assured only that P bit is cleared in VMCB.save state and segment attributes are not zeroed out if segment is not presented or is unusable, therefore CPL can be safely restored from DPL field. This is only one part of the fix, since QEMU side should be fixed accordingly not to zero out attributes on its side. Corresponding patch will follow. [1] Message id: CAJrWOzD6Xq==b-zYCDdFLgSRMPM-NkNuTSDFEtX=7MreT45i7Q@mail.gmail.com Signed-off-by: Roman Pen Signed-off-by: Mikhail Sennikovskii Cc: Paolo Bonzini Cc: Radim KrÄmář Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Paolo Bonzini Signed-off-by: Sasha Levin --- arch/x86/kvm/svm.c | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) -- 2.14.1 diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 2038e5bacce6..42654375b73f 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -1386,6 +1386,7 @@ static void svm_get_segment(struct kvm_vcpu *vcpu, */ if (var->unusable) var->db = 0; + /* This is symmetric with svm_set_segment() */ var->dpl = to_svm(vcpu)->vmcb->save.cpl; break; } @@ -1531,18 +1532,14 @@ static void svm_set_segment(struct kvm_vcpu *vcpu, s->base = var->base; s->limit = var->limit; s->selector = var->selector; - if (var->unusable) - s->attrib = 0; - else { - s->attrib = (var->type & SVM_SELECTOR_TYPE_MASK); - s->attrib |= (var->s & 1) << SVM_SELECTOR_S_SHIFT; - s->attrib |= (var->dpl & 3) << SVM_SELECTOR_DPL_SHIFT; - s->attrib |= (var->present & 1) << SVM_SELECTOR_P_SHIFT; - s->attrib |= (var->avl & 1) << SVM_SELECTOR_AVL_SHIFT; - s->attrib |= (var->l & 1) << SVM_SELECTOR_L_SHIFT; - s->attrib |= (var->db & 1) << SVM_SELECTOR_DB_SHIFT; - s->attrib |= (var->g & 1) << SVM_SELECTOR_G_SHIFT; - } + s->attrib = (var->type & SVM_SELECTOR_TYPE_MASK); + s->attrib |= (var->s & 1) << SVM_SELECTOR_S_SHIFT; + s->attrib |= (var->dpl & 3) << SVM_SELECTOR_DPL_SHIFT; + s->attrib |= ((var->present & 1) && !var->unusable) << SVM_SELECTOR_P_SHIFT; + s->attrib |= (var->avl & 1) << SVM_SELECTOR_AVL_SHIFT; + s->attrib |= (var->l & 1) << SVM_SELECTOR_L_SHIFT; + s->attrib |= (var->db & 1) << SVM_SELECTOR_DB_SHIFT; + s->attrib |= (var->g & 1) << SVM_SELECTOR_G_SHIFT; /* * This is always accurate, except if SYSRET returned to a segment @@ -1551,7 +1548,8 @@ static void svm_set_segment(struct kvm_vcpu *vcpu, * would entail passing the CPL to userspace and back. */ if (seg == VCPU_SREG_SS) - svm->vmcb->save.cpl = (s->attrib >> SVM_SELECTOR_DPL_SHIFT) & 3; + /* This is symmetric with svm_get_segment() */ + svm->vmcb->save.cpl = (var->dpl & 3); mark_dirty(svm->vmcb, VMCB_SEG); }