Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp2774341imm;
        Sat, 12 May 2018 20:23:13 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZpBUW0TyNkmG9An+VZKAMAGqf71Q9whhEfuuicD3m4Dui94ZLn4o+aBRsR/AD0eCffRNzal
X-Received: by 2002:a17:902:164:: with SMTP id 91-v6mr4622225plb.134.1526181793248;
        Sat, 12 May 2018 20:23:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1526181793; cv=none;
        d=google.com; s=arc-20160816;
        b=lz89EmrryBWKHLxYH8s0qk/kPWxT46xR3e+6cA1NkIh4KOUlWrZZ9LasE9q7/LenaD
         yNK3MOuunak57XJAjLUuWyGkaM3JlHPQxnaHsOR010TvsK7xQLCWVzSfBFPJo9V1SS85
         Eghxf/QJj46x3ZNITeRVB6uI3BKEno3xTz6N7N64rOjjamdiLLNwTVVlD6UKTjuCN5Pl
         n6WG4j1YNCTauvvNRk8eid8GN6xOI0IowrA6XNHjpv5jODPQxQonBE/HpCpG/2xwTukD
         9EMJri34uoyoPZq/haQ78WF8OQKDHZ+/PuU9qDa+Yukw8x4hrMYug1ATqyYUS1LcKsyL
         XsRA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature
         :arc-authentication-results;
        bh=61Wmy0u1JHJhsnf4/i0pDV9F3Gb0O7p1dA9WiYGN/EI=;
        b=Y0YANH387GamFqvZ355tVf0dhsDDm2RCLGhYOLGnbqBKt0F0Kgc0Mlz1zg6QiImC7P
         w1w0ylwTpdwvJsWRJI6t1w6BL5zzCsuvrMZI5flMJqzBD10JDR+9OcUgmJ7dt/3NdpTV
         Y9jQh2xQzwOUluv6TrD7t43XZhjyrkGH23QcDX/LGRIA6BuWwShU8yhpgwgTLIoojN2a
         fvgZfzNOHWXOgYYG5awnuAoLRzTqmfUQkwEG5NjqM6cVTacH2NbBE0Lzs9BSgvkaMl3y
         kk4tdeMPEk8Lvegzro3MfKePYhjWpfSCBBqrvICefvTe2Eoc+Ah5mxp8tjVxfBE1pdMy
         +wyQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=mNHhsRHf;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id x25-v6si7229394pfj.347.2018.05.12.20.22.43;
        Sat, 12 May 2018 20:23:13 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=mNHhsRHf;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751053AbeEMDWg (ORCPT <rfc822;plaguedbypenguins@gmail.com>
        + 99 others); Sat, 12 May 2018 23:22:36 -0400
Received: from mail-pg0-f67.google.com ([74.125.83.67]:37689 "EHLO
        mail-pg0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1750812AbeEMDWe (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 12 May 2018 23:22:34 -0400
Received: by mail-pg0-f67.google.com with SMTP id a13-v6so4027497pgu.4;
        Sat, 12 May 2018 20:22:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=61Wmy0u1JHJhsnf4/i0pDV9F3Gb0O7p1dA9WiYGN/EI=;
        b=mNHhsRHfiCIgbOMV2PaChfC38c71R/6Mngii7g+t/PKLqtBk69BKJkeoMjk6PCe1I9
         VHtn3NRWyEDcTEWFAX2RD4OWMBXQTTxsneLi7ypfF9B4O35M8y6LbzEXshsJqT52Emqm
         KwFR/ZT5JF1OGnyPnIG7xNhvJXukk10LTB199D8hSNrdw2BJMQjgaMFp9JLlANP0mswM
         FxBKtSb9q+SNklsJDJqLQQ3M/akbA0wUoI5OyKrOGuqh506ogtgCz3IsnGVUw91UzVZq
         E0i1KIdlNFLLgWAi8tpKOMl3bmKRObesfWogB6IhUeYCYvZkRpdsVovlMsVLLmIHN5Y2
         B+4Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=61Wmy0u1JHJhsnf4/i0pDV9F3Gb0O7p1dA9WiYGN/EI=;
        b=MPngRW0UMUIhrmvKHg/Ucz39j1M3N5yyv/HWVndSuS487G80+FabHe1blO9uVnHoKZ
         NtDNrVr68vPk5D25hWuGDRtR4E3VwBkbiXojamAdXpQtHFYesDYh7UURZhCuJVfRs0lS
         QMzgT7gqNUFjiC1AAKfOIpPT0lngf5qXOhKJgUCgsIqvJl/OI1DZucdlv1qGIAGUOpv/
         jhYuHFLIzPo3xrc8/W0GHRt3xf5B4aX7t2D8OfuuOM2qIp1G0YOXCv35WA3vZsnBNfrK
         HH0R4eh57qGZwsaOmpp3xkZTjtDWoUOjUqhK1fZca6CtFeFrNUQRqPkIz5XX3gy/uhcZ
         ZV1w==
X-Gm-Message-State: ALKqPwdkIWRyBB1GJ5oPgNd2l9naiQOn2AitDFwPFbuSxCmL5OqurWRn
        XRknOnCFbZE6PyMs2FVPUyHf71ZF5+g=
X-Received: by 2002:a62:1f03:: with SMTP id f3-v6mr5128842pff.213.1526181753907;
        Sat, 12 May 2018 20:22:33 -0700 (PDT)
Received: from localhost.localdomain ([223.72.71.79])
        by smtp.googlemail.com with ESMTPSA id g8-v6sm3970712pgc.0.2018.05.12.20.22.29
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
        Sat, 12 May 2018 20:22:33 -0700 (PDT)
From:   Wanpeng Li <kernellwp@gmail.com>
X-Google-Original-From: Wanpeng Li <wanpengli@tencent.com>
To:     linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Cc:     Paolo Bonzini <pbonzini@redhat.com>,
        =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com>,
        Junaid Shahid <junaids@google.com>
Subject: [PATCH 1/2] KVM: X86: Fix CR3 reserve bits
Date:   Sat, 12 May 2018 20:22:05 -0700
Message-Id: <1526181725-3568-1-git-send-email-wanpengli@tencent.com>
X-Mailer: git-send-email 2.7.4
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Wanpeng Li <wanpengli@tencent.com>

MSB of CR3 is a reserved bit if the PCIDE bit is not set in CR4. 
It should be checked when PCIDE bit is not set, however commit 
'd1cd3ce900441 ("KVM: MMU: check guest CR3 reserved bits based on 
its physical address width")' removes the bit 63 checking 
unconditionally. This patch fixes it by checking bit 63 of CR3 
when PCIDE bit is not set in CR4.

Fixes: d1cd3ce900441 (KVM: MMU: check guest CR3 reserved bits based on its physical address width)
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: Junaid Shahid <junaids@google.com>
Signed-off-by: Wanpeng Li <wanpengli@tencent.com>
---
 arch/x86/kvm/emulate.c | 4 +++-
 arch/x86/kvm/x86.c     | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index b3705ae..b21f427 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -4189,7 +4189,9 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt)
 				maxphyaddr = eax & 0xff;
 			else
 				maxphyaddr = 36;
-			rsvd = rsvd_bits(maxphyaddr, 62);
+			if (ctxt->ops->get_cr(ctxt, 4) & X86_CR4_PCIDE)
+				new_val &= ~CR3_PCID_INVD;
+			rsvd = rsvd_bits(maxphyaddr, 63);
 		}
 
 		if (new_val & rsvd)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 87e4805..9a90668 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -863,7 +863,7 @@ int kvm_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3)
 	}
 
 	if (is_long_mode(vcpu) &&
-	    (cr3 & rsvd_bits(cpuid_maxphyaddr(vcpu), 62)))
+	    (cr3 & rsvd_bits(cpuid_maxphyaddr(vcpu), 63)))
 		return 1;
 	else if (is_pae(vcpu) && is_paging(vcpu) &&
 		   !load_pdptrs(vcpu, vcpu->arch.walk_mmu, cr3))
-- 
2.7.4