Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp3024179imm;
        Sun, 13 May 2018 02:25:44 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZpiKE7DnM4D26VfvC+jnNddm9nlgIVnYB0e1zMcV/9bG2tEA9W99HAEjYLPGAjK9q/JViV8
X-Received: by 2002:a17:902:8d81:: with SMTP id v1-v6mr5185791plo.383.1526203544210;
        Sun, 13 May 2018 02:25:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1526203544; cv=none;
        d=google.com; s=arc-20160816;
        b=t00vjtwXHujggUt6NKNJ6wwLeNz40wAlbyOcndAbIzEfKw8Wy9U7Z1CG7cfSFCWVik
         zmWmpfAc5nv6er2IgS9vJgigPYvakTzIZsBp4mvTnWYnjy9Mkk3x8vqs5wx/EkzZG7+W
         w1ULRIcVV8KmgcMhRms+s3QUJvjdzMJTmA06O4foQiq4KwfCRjsQOFbZzbn6e70I2MLE
         7J+4theJ0xg9O3ThDSu/0Se4c5EpC3QD1eQb+B7bRejLT06ER0jhCtFVWeTXWwgMsO4U
         kyxPRJHBfQ4ELQk9CTHZBmCaMqhiq/aLcJGrf2+yFrTSD/OZBALJegtDnToPIzOY+UfY
         +57Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature
         :arc-authentication-results;
        bh=McP6BaM4xp3INcUg2+ZOlPLAVqMtmKwxvwYXn77S5b4=;
        b=ksbFZxVFs69ATCbdChJIzkubGHmGrK4xKX68KA+5gHwnwDhY94BEX279ufm5leLIZ2
         nGH8ctZMCzyM+TfGbFJnOEMvZh8hvktrs8UYKtljPUrkPxpYrT81040jc1jWYyGr3jAo
         VCnKWmbFu9lJNX1Bd1R3G3UEndgrvqvr5GlyoCp0hfI+AK4ykpr7RfyMJOHbfubVWHyG
         NfUVlQajBkQ3zpL1cr6RMWi6Rp+loVR+lW/31rN5x/UeQuX7QH7iDLxNAhYEKbOlGJ4b
         yeDhr+gX8D+7/xsj2/Cw7jhxtoELMavyI9lw2/INCplzj/trJuNqIuy6Q08UBQH5AEuS
         1Qmg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=ArUHHLiu;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id l18-v6si7392356pfe.299.2018.05.13.02.25.28;
        Sun, 13 May 2018 02:25:44 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=ArUHHLiu;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751762AbeEMJZT (ORCPT <rfc822;plaguedbypenguins@gmail.com>
        + 99 others); Sun, 13 May 2018 05:25:19 -0400
Received: from mail-pl0-f66.google.com ([209.85.160.66]:34418 "EHLO
        mail-pl0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751198AbeEMJZS (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 13 May 2018 05:25:18 -0400
Received: by mail-pl0-f66.google.com with SMTP id ay10-v6so5673083plb.1;
        Sun, 13 May 2018 02:25:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=McP6BaM4xp3INcUg2+ZOlPLAVqMtmKwxvwYXn77S5b4=;
        b=ArUHHLiugnRKZCP307tIhkonNdM5IEwIVzxiLq5OorTAbDtIhgQbVjlPFZZ/B5/SvW
         ZopHdJtJfPgSrOzDjPmfibPnOWa3f/KV2x4JePAy02x1CdGmZkHnNinJHH0NrqoRle1z
         j6u3RMMfD50Gp3MmwG/HfdJOoWI3XfSwkrWdxJ4+Nt6H1fEweFzFmpY2l0QZmj891o78
         5b4pXRhGlyeb88IQq2Fx1AhPZj4S3sOuH4GumiQ4G41ZDY2oh6tLbQIHszmW0td6bdEU
         PuEA8qDVatXYSYSKztaTIhAQLywMpAKsORmMq6GVgaFt28pLyWlnmW/EWB8tRozGsysV
         6e2Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=McP6BaM4xp3INcUg2+ZOlPLAVqMtmKwxvwYXn77S5b4=;
        b=KVHM1t37Yrc8S9sCugL3rPpsQ0xMFqfVUClT925cjDnc5eWtPMfbm7I8LT2LPbn0XA
         9DfRjvWL+aCxeADrxK5nsPl1RY3mcIL0vjEy9ueMdB46bnYWYuWuHxy6bfTBalm25alg
         s04pYecXAYeOpE2Dv+/lFUkEob0y2y+Or7rzl8P6AqWTKKwJh68kEDGVq/SLCfNdg3ga
         NHW5sswnE0ha6DNwi3GgScbphQ3BuGsy4SWhzpHbyeKiCeVL6RPgKNAxgfa7PbDWn8qo
         60QRVK2O30RIDWrViODKdF1vvd5LUrbVHuSzKHOmXYinUSNeV10PT0LnO8ocJ1qMWhJ6
         B8Kg==
X-Gm-Message-State: ALKqPwfxatH3FKbngpRQiJmFomSnOBeX8sim/03v5g7D7vrL0BZobNfV
        JQOyGX8/mW1z/XDcI7qXERsa22pw
X-Received: by 2002:a17:902:24c7:: with SMTP id l7-v6mr5470784plg.327.1526203517365;
        Sun, 13 May 2018 02:25:17 -0700 (PDT)
Received: from localhost.localdomain ([223.72.71.79])
        by smtp.googlemail.com with ESMTPSA id b5-v6sm11059232pgc.16.2018.05.13.02.25.13
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
        Sun, 13 May 2018 02:25:16 -0700 (PDT)
From:   Wanpeng Li <kernellwp@gmail.com>
X-Google-Original-From: Wanpeng Li <wanpengli@tencent.com>
To:     linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Cc:     Paolo Bonzini <pbonzini@redhat.com>,
        =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com>,
        Junaid Shahid <junaids@google.com>,
        Liran Alon <liran.alon@oracle.com>
Subject: [PATCH v2] KVM: X86: Fix CR3 reserve bits
Date:   Sun, 13 May 2018 02:24:47 -0700
Message-Id: <1526203487-4967-1-git-send-email-wanpengli@tencent.com>
X-Mailer: git-send-email 2.7.4
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Wanpeng Li <wanpengli@tencent.com>

MSB of CR3 is a reserved bit if the PCIDE bit is not set in CR4. 
It should be checked when PCIDE bit is not set, however commit 
'd1cd3ce900441 ("KVM: MMU: check guest CR3 reserved bits based on 
its physical address width")' removes the bit 63 checking 
unconditionally. This patch fixes it by checking bit 63 of CR3 
when PCIDE bit is not set in CR4.

Fixes: d1cd3ce900441 (KVM: MMU: check guest CR3 reserved bits based on its physical address width)
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: Junaid Shahid <junaids@google.com>
Cc: Liran Alon <liran.alon@oracle.com>
Signed-off-by: Wanpeng Li <wanpengli@tencent.com>
---
v1 -> v2:
 * remove CR3_PCID_INVD in rsvd when PCIDE is 1 instead of 
   removing CR3_PCID_INVD in new_value

 arch/x86/kvm/emulate.c | 4 +++-
 arch/x86/kvm/x86.c     | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index b3705ae..143b7ae 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -4189,7 +4189,9 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt)
 				maxphyaddr = eax & 0xff;
 			else
 				maxphyaddr = 36;
-			rsvd = rsvd_bits(maxphyaddr, 62);
+			rsvd = rsvd_bits(maxphyaddr, 63);
+			if (ctxt->ops->get_cr(ctxt, 4) & X86_CR4_PCIDE)
+				rsvd &= ~CR3_PCID_INVD;
 		}
 
 		if (new_val & rsvd)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 87e4805..9a90668 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -863,7 +863,7 @@ int kvm_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3)
 	}
 
 	if (is_long_mode(vcpu) &&
-	    (cr3 & rsvd_bits(cpuid_maxphyaddr(vcpu), 62)))
+	    (cr3 & rsvd_bits(cpuid_maxphyaddr(vcpu), 63)))
 		return 1;
 	else if (is_pae(vcpu) && is_paging(vcpu) &&
 		   !load_pdptrs(vcpu, vcpu->arch.walk_mmu, cr3))
-- 
2.7.4