| Message ID | 20220402010903.727604-5-seanjc@google.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | KVM: SVM: Fix soft int/ex re-injection | expand |
On Sat, 2022-04-02 at 01:08 +0000, Sean Christopherson wrote: > If NRIPS is supported in hardware but disabled in KVM, set next_rip to > the next RIP when advancing RIP as part of emulating INT3 injection. > There is no flag to tell the CPU that KVM isn't using next_rip, and so > leaving next_rip is left as is will result in the CPU pushing garbage > onto the stack when vectoring the injected event. > > Fixes: 66b7138f9136 ("KVM: SVM: Emulate nRIP feature when reinjecting INT3") > Signed-off-by: Sean Christopherson <seanjc@google.com> > --- > arch/x86/kvm/svm/svm.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c > index 30cef3b10838..6ea8f16e39ac 100644 > --- a/arch/x86/kvm/svm/svm.c > +++ b/arch/x86/kvm/svm/svm.c > @@ -391,6 +391,10 @@ static void svm_queue_exception(struct kvm_vcpu *vcpu) > */ > (void)svm_skip_emulated_instruction(vcpu); > rip = kvm_rip_read(vcpu); > + > + if (boot_cpu_has(X86_FEATURE_NRIPS)) > + svm->vmcb->control.next_rip = rip; > + > svm->int3_rip = rip + svm->vmcb->save.cs.base; > svm->int3_injected = rip - old_rip; > } Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com> Best regards, Maxim Levitsky
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 30cef3b10838..6ea8f16e39ac 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -391,6 +391,10 @@ static void svm_queue_exception(struct kvm_vcpu *vcpu) */ (void)svm_skip_emulated_instruction(vcpu); rip = kvm_rip_read(vcpu); + + if (boot_cpu_has(X86_FEATURE_NRIPS)) + svm->vmcb->control.next_rip = rip; + svm->int3_rip = rip + svm->vmcb->save.cs.base; svm->int3_injected = rip - old_rip; }
If NRIPS is supported in hardware but disabled in KVM, set next_rip to the next RIP when advancing RIP as part of emulating INT3 injection. There is no flag to tell the CPU that KVM isn't using next_rip, and so leaving next_rip is left as is will result in the CPU pushing garbage onto the stack when vectoring the injected event. Fixes: 66b7138f9136 ("KVM: SVM: Emulate nRIP feature when reinjecting INT3") Signed-off-by: Sean Christopherson <seanjc@google.com> --- arch/x86/kvm/svm/svm.c | 4 ++++ 1 file changed, 4 insertions(+)