From patchwork Mon Mar 19 16:12:45 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Sasha Levin X-Patchwork-Id: 10293163 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id A6C2C60385 for ; Mon, 19 Mar 2018 16:35:52 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9687426E49 for ; Mon, 19 Mar 2018 16:35:52 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 88D2428854; Mon, 19 Mar 2018 16:35:52 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E221426E49 for ; Mon, 19 Mar 2018 16:35:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S935527AbeCSQfX (ORCPT ); Mon, 19 Mar 2018 12:35:23 -0400 Received: from mail-dm3nam03on0123.outbound.protection.outlook.com ([104.47.41.123]:2048 "EHLO NAM03-DM3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S935293AbeCSQN0 (ORCPT ); Mon, 19 Mar 2018 12:13:26 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=AZ1ny/gpNhhan937mS4xHNjIEY+F7bnYWpTk28RqRio=; b=LInpvKAs1nObdpeqsIIEOOwFy5+3DBh5yTSf0qhjIAQK2mSj2nh06nM5505aj0P8uAJvOZ7MkcKlcSypfH0zS7nNwN2bfJ32Ilrl+ukIJv0am7belA+XzSXmFfLuWVFgMQgaEPTGtNsmpYZJrXPLGZ8tfaUeLKWstLBffQWq7xc= Received: from DM5PR2101MB1032.namprd21.prod.outlook.com (52.132.128.13) by DM5PR2101MB1032.namprd21.prod.outlook.com (52.132.128.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.631.0; Mon, 19 Mar 2018 16:13:17 +0000 Received: from DM5PR2101MB1032.namprd21.prod.outlook.com ([fe80::3d9b:79e7:94eb:5d62]) by DM5PR2101MB1032.namprd21.prod.outlook.com ([fe80::3d9b:79e7:94eb:5d62%5]) with mapi id 15.20.0631.004; Mon, 19 Mar 2018 16:13:17 +0000 From: Sasha Levin To: "linux-kernel@vger.kernel.org" , "stable@vger.kernel.org" CC: Roman Pen , Mikhail Sennikovskii , Paolo Bonzini , =?utf-8?B?UmFkaW0gS3LDhG3Dg8Khw4XihKI=?= , "kvm@vger.kernel.org" , Sasha Levin Subject: [PATCH AUTOSEL for 3.18 061/102] KVM: SVM: do not zero out segment attributes if segment is unusable or not present Thread-Topic: [PATCH AUTOSEL for 3.18 061/102] KVM: SVM: do not zero out segment attributes if segment is unusable or not present Thread-Index: AQHTv50d9kaHbKThZEmjqjO7gqLGKQ== Date: Mon, 19 Mar 2018 16:12:45 +0000 Message-ID: <20180319161117.17833-61-alexander.levin@microsoft.com> References: <20180319161117.17833-1-alexander.levin@microsoft.com> In-Reply-To: <20180319161117.17833-1-alexander.levin@microsoft.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [52.168.54.252] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; DM5PR2101MB1032; 7:GJU0jbELJ/Lenp6C+9/8szMaCvHrupSNZ6pxN/v9UqVeVCVCjz/HBgH9+wFIlRpqVxTLGKwWsFO8NCyo9pa/mSUeDgO55szLp0i0dV+JhTVz6R/neDNY5gIwRWczdhYll3DOQaQIbkf3P18/lF2TkHaCURvLON+x2Qh+glBZ4AEMEX99hHbc6ruJNkTtM6b85zJ9XmGDE0kjtPptG+somr+aG0ZZdh6b81G8padfnDYhIcztIgSLdOLjGnOWvGPX; 20:NDiwrl2pK5rPNdqduxkvNKnyPg8FOJCwXK+i5e+BXddjvehb6vX8+4jABp6TyHcTMqYnp6aDqIgWgZcREB9SZ4+EIl/E3Adi1lrcQdpjhhk/DhJg0yWjcz9XQKyty/TlKuMZ6THC3r7BP5hqjypoLlWrKkBdCxQqHS5g/jKzvgw= x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 433e281e-f8d5-471a-acd7-08d58db45324 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7193020); SRVR:DM5PR2101MB1032; x-ms-traffictypediagnostic: DM5PR2101MB1032: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Alexander.Levin@microsoft.com; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(28532068793085)(89211679590171)(9452136761055)(85827821059158); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(61425038)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3231221)(944501300)(52105095)(3002001)(6055026)(61426038)(61427038)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123562045)(20161123558120)(20161123560045)(6072148)(201708071742011); SRVR:DM5PR2101MB1032; BCL:0; PCL:0; RULEID:; SRVR:DM5PR2101MB1032; x-forefront-prvs: 06167FAD59 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39380400002)(39860400002)(346002)(376002)(366004)(396003)(199004)(189003)(3660700001)(5250100002)(3280700002)(8936002)(3846002)(6116002)(1076002)(10090500001)(105586002)(72206003)(81156014)(8676002)(81166006)(2906002)(5660300001)(97736004)(2501003)(36756003)(6666003)(2900100001)(14454004)(6512007)(6436002)(2950100002)(53936002)(4326008)(54906003)(305945005)(6486002)(25786009)(68736007)(22452003)(316002)(59450400001)(6506007)(86612001)(66066001)(76176011)(102836004)(7736002)(10290500003)(110136005)(106356001)(99286004)(107886003)(26005)(186003)(575784001)(86362001)(478600001)(22906009)(217873001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR2101MB1032; H:DM5PR2101MB1032.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: MAT2XkcAGk7vXdFlpo2AJHGhbI2hmTyjBoIJUUQU82ctGt60rIlhCnmaecv85EqG+ZLwEBNMCkDd26z0sDvOqX1PnseRd+g/CjhFEy0R8+hZkenuLLqef9TCHGpNIrP0xdXZNRlzXuZfv5Ox9tl4/VuYGDhzGCTbmWi5Q1IsO320T3T7lCZXMwd70wyn7Dwno/e+1/mgGTauw5sUN9ThpLpCT1VcJzrZpSgJtTL4U1RLyXMq/98ILIk54OhEgdMScvDYHO3k//HUYDL0r6ZTNc7gfpF+tlxHQWpuqsr+okdm3iac94nwIsI1CHITNa0a94xSbPRhLSrUSZMgILLC1w== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-ID: <35F45444BF56C54FA0D759DD965043B0@namprd21.prod.outlook.com> MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-Network-Message-Id: 433e281e-f8d5-471a-acd7-08d58db45324 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Mar 2018 16:12:45.8574 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR2101MB1032 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Roman Pen [ Upstream commit d9c1b5431d5f0e07575db785a022bce91051ac1d ] This is a fix for the problem [1], where VMCB.CPL was set to 0 and interrupt was taken on userspace stack. The root cause lies in the specific AMD CPU behaviour which manifests itself as unusable segment attributes on SYSRET. The corresponding work around for the kernel is the following: 61f01dd941ba ("x86_64, asm: Work around AMD SYSRET SS descriptor attribute issue") In other turn virtualization side treated unusable segment incorrectly and restored CPL from SS attributes, which were zeroed out few lines above. In current patch it is assured only that P bit is cleared in VMCB.save state and segment attributes are not zeroed out if segment is not presented or is unusable, therefore CPL can be safely restored from DPL field. This is only one part of the fix, since QEMU side should be fixed accordingly not to zero out attributes on its side. Corresponding patch will follow. [1] Message id: CAJrWOzD6Xq==b-zYCDdFLgSRMPM-NkNuTSDFEtX=7MreT45i7Q@mail.gmail.com Signed-off-by: Roman Pen Signed-off-by: Mikhail Sennikovskii Cc: Paolo Bonzini Cc: Radim KrÄmář Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Paolo Bonzini Signed-off-by: Sasha Levin --- arch/x86/kvm/svm.c | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) -- 2.14.1 diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 36414d13289f..2e0c64a08549 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -1467,6 +1467,7 @@ static void svm_get_segment(struct kvm_vcpu *vcpu, */ if (var->unusable) var->db = 0; + /* This is symmetric with svm_set_segment() */ var->dpl = to_svm(vcpu)->vmcb->save.cpl; break; } @@ -1611,18 +1612,14 @@ static void svm_set_segment(struct kvm_vcpu *vcpu, s->base = var->base; s->limit = var->limit; s->selector = var->selector; - if (var->unusable) - s->attrib = 0; - else { - s->attrib = (var->type & SVM_SELECTOR_TYPE_MASK); - s->attrib |= (var->s & 1) << SVM_SELECTOR_S_SHIFT; - s->attrib |= (var->dpl & 3) << SVM_SELECTOR_DPL_SHIFT; - s->attrib |= (var->present & 1) << SVM_SELECTOR_P_SHIFT; - s->attrib |= (var->avl & 1) << SVM_SELECTOR_AVL_SHIFT; - s->attrib |= (var->l & 1) << SVM_SELECTOR_L_SHIFT; - s->attrib |= (var->db & 1) << SVM_SELECTOR_DB_SHIFT; - s->attrib |= (var->g & 1) << SVM_SELECTOR_G_SHIFT; - } + s->attrib = (var->type & SVM_SELECTOR_TYPE_MASK); + s->attrib |= (var->s & 1) << SVM_SELECTOR_S_SHIFT; + s->attrib |= (var->dpl & 3) << SVM_SELECTOR_DPL_SHIFT; + s->attrib |= ((var->present & 1) && !var->unusable) << SVM_SELECTOR_P_SHIFT; + s->attrib |= (var->avl & 1) << SVM_SELECTOR_AVL_SHIFT; + s->attrib |= (var->l & 1) << SVM_SELECTOR_L_SHIFT; + s->attrib |= (var->db & 1) << SVM_SELECTOR_DB_SHIFT; + s->attrib |= (var->g & 1) << SVM_SELECTOR_G_SHIFT; /* * This is always accurate, except if SYSRET returned to a segment @@ -1631,7 +1628,8 @@ static void svm_set_segment(struct kvm_vcpu *vcpu, * would entail passing the CPL to userspace and back. */ if (seg == VCPU_SREG_SS) - svm->vmcb->save.cpl = (s->attrib >> SVM_SELECTOR_DPL_SHIFT) & 3; + /* This is symmetric with svm_get_segment() */ + svm->vmcb->save.cpl = (var->dpl & 3); mark_dirty(svm->vmcb, VMCB_SEG); }