Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.1:kernel-2.6.32
xen
19953-x86-fsgs-base.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 19953-x86-fsgs-base.patch of Package xen
# HG changeset patch # User Keir Fraser <keir.fraser@citrix.com> # Date 1247736415 -3600 # Node ID fe4c6845a9d7453f5a72cd69cb26c17b4df1c9af # Parent 1033c6cdec62098b38990aaeedbe5111e0ad2e61 vmx: Fix handling of FS/GS base MSRs. Firstly, these MSRs are always accessible if the CPU supports them -- we should not check for EFER.LMA. Secondly, we should not use teh cached value of shadow_gs while the VCPU is running. It can be stale if the guest has executed SWAPGS (which we cannot trap). Hence always access the underlying host MSR when emulating guest accesses. The latter bug was found and a patch proposed by <leonid@3tera.com> Signed-off-by: Keir Fraser <keir.fraser@citrix.com> --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -174,20 +174,14 @@ static enum handler_return long_mode_do_ case MSR_FS_BASE: msr_content = __vmread(GUEST_FS_BASE); - goto check_long_mode; + break; case MSR_GS_BASE: msr_content = __vmread(GUEST_GS_BASE); - goto check_long_mode; + break; case MSR_SHADOW_GS_BASE: - msr_content = v->arch.hvm_vmx.shadow_gs; - check_long_mode: - if ( !(hvm_long_mode_enabled(v)) ) - { - vmx_inject_hw_exception(v, TRAP_gp_fault, 0); - return HNDL_exception_raised; - } + rdmsrl(MSR_SHADOW_GS_BASE, msr_content); break; case MSR_STAR: @@ -238,9 +232,6 @@ static enum handler_return long_mode_do_ case MSR_FS_BASE: case MSR_GS_BASE: case MSR_SHADOW_GS_BASE: - if ( !hvm_long_mode_enabled(v) ) - goto gp_fault; - if ( !is_canonical_address(msr_content) ) goto uncanonical_address; @@ -249,10 +240,7 @@ static enum handler_return long_mode_do_ else if ( ecx == MSR_GS_BASE ) __vmwrite(GUEST_GS_BASE, msr_content); else - { - v->arch.hvm_vmx.shadow_gs = msr_content; wrmsrl(MSR_SHADOW_GS_BASE, msr_content); - } break; @@ -281,7 +269,6 @@ static enum handler_return long_mode_do_ uncanonical_address: HVM_DBG_LOG(DBG_LEVEL_0, "Not cano address of msr write %x", ecx); - gp_fault: vmx_inject_hw_exception(v, TRAP_gp_fault, 0); exception_raised: return HNDL_exception_raised; @@ -308,7 +295,10 @@ static void vmx_restore_host_msrs(void) static void vmx_save_guest_msrs(struct vcpu *v) { - /* MSR_SHADOW_GS_BASE may have been changed by swapgs instruction. */ + /* + * We cannot cache SHADOW_GS_BASE while the VCPU runs, as it can + * be updated at any time via SWAPGS, which we cannot trap. + */ rdmsrl(MSR_SHADOW_GS_BASE, v->arch.hvm_vmx.shadow_gs); }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor