50 lines
1.5 KiB
Diff
50 lines
1.5 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Maxim Levitsky <mlevitsk@redhat.com>
|
|
Date: Wed, 3 Aug 2022 18:50:03 +0300
|
|
Subject: [PATCH] KVM: x86: emulator: update the emulation mode after CR0 write
|
|
|
|
CR0.PE toggles real/protected mode, thus its update
|
|
should update the emulation mode.
|
|
|
|
This is likely a benign bug because there is no writeback
|
|
of state, other than the RIP increment, and when toggling
|
|
CR0.PE, the CPU has to execute code from a very low memory address.
|
|
|
|
Also CR0.PG toggle when EFER.LMA is set, toggles the long mode.
|
|
|
|
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
|
|
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
|
---
|
|
arch/x86/kvm/emulate.c | 14 +++++++++++++-
|
|
1 file changed, 13 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
|
|
index f2a0a34f4687..874d124438d1 100644
|
|
--- a/arch/x86/kvm/emulate.c
|
|
+++ b/arch/x86/kvm/emulate.c
|
|
@@ -3645,11 +3645,23 @@ static int em_movbe(struct x86_emulate_ctxt *ctxt)
|
|
|
|
static int em_cr_write(struct x86_emulate_ctxt *ctxt)
|
|
{
|
|
- if (ctxt->ops->set_cr(ctxt, ctxt->modrm_reg, ctxt->src.val))
|
|
+ int cr_num = ctxt->modrm_reg;
|
|
+ int r;
|
|
+
|
|
+ if (ctxt->ops->set_cr(ctxt, cr_num, ctxt->src.val))
|
|
return emulate_gp(ctxt, 0);
|
|
|
|
/* Disable writeback. */
|
|
ctxt->dst.type = OP_NONE;
|
|
+
|
|
+ if (cr_num == 0) {
|
|
+ /* CR0 write might have updated CR0.PE and/or CR0.PG
|
|
+ * which can affect the cpu execution mode */
|
|
+ r = emulator_recalc_and_set_mode(ctxt);
|
|
+ if (r != X86EMUL_CONTINUE)
|
|
+ return r;
|
|
+ }
|
|
+
|
|
return X86EMUL_CONTINUE;
|
|
}
|
|
|