Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp4134048pxb; Mon, 8 Feb 2021 08:42:55 -0800 (PST) X-Google-Smtp-Source: ABdhPJx0U6zE68fyIrKDBj/zKgB1L3jLMghaTUf6j3yneNFNaALaCft358pJb2fPOKVYtdvCfrEF X-Received: by 2002:a17:906:73c2:: with SMTP id n2mr17927069ejl.224.1612802575037; Mon, 08 Feb 2021 08:42:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612802575; cv=none; d=google.com; s=arc-20160816; b=xgkWjULflL9mKmssFjnX8cHDouRfgvO8UMKqduj4WYuGMSpLEMq6r+z4ZDrRnbXfyb 9ZuS3PCKyA5zovQ1HsPkRUFJO52UTWPQ78WqzwOAXK9vGgyKhewGJbmcJ9iUnEqA6qMb wWcFVudS5mEMX2OBvgaC5nmQs3O8/+PToV/VAo9luWVlJlWlwWq51+d5iQfGxK3pxzrO AGQtuneN89zdvL4wW6Jjn5mgyF7tUe9bWkxFSxRSpp1ewSM8nGAp8VryHMwDdC2ibkDf WMU33U9uCdntqRIwR4DtyZvjCwZLhgr1uwMrofkFe7zk0RAAKB3zeVOXc8OX8PPab+3C xqOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=ffDGdKoM7c67ZS1jxMJuws92AT6355vUfU8z2a+oTpg=; b=N/Re0tx17CXV/I3hpmYozzaOyZ3HV4OkLPcmZ2UPwYn9y8V2RncnSbY18jhmRkfM6f izp4YvSNLxlarImngS78OQoHjqK5undvi1xyAokDTp1i6JNVPsSLq/IRwOI5tP5PZ7Ml dejI3LvjrDWquN2DpTAVNnP1IlOYJMRDWAbfrAcKl1jwX+tC2+3dZz/uAtEaM3zgcBYk Za29t2T3aDdG+7MIH8Xmdo1oUwREnLIb+Sncsz44p7i64Ooi8Agi1bbrvcRxuSkAO23R 8neaIRzF0Uvu7FAiecgBvzNjBCvRnCwwCh8RRNA2BKgnIrMxZojRB3K5zqxovEThYhDz 4Kow== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=B9xaY+yN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v4si15106271edj.37.2021.02.08.08.42.31; Mon, 08 Feb 2021 08:42:55 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=B9xaY+yN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231782AbhBHQku (ORCPT + 99 others); Mon, 8 Feb 2021 11:40:50 -0500 Received: from mail.kernel.org ([198.145.29.99]:60340 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233546AbhBHPPW (ORCPT ); Mon, 8 Feb 2021 10:15:22 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id ADECF64E87; Mon, 8 Feb 2021 15:11:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1612797068; bh=T+U4VjxvmnnnSs/rMh/18B9t/QKOrQGDp6Zyxma2JlE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=B9xaY+yNsEnnMksYMT5Kr/cPk1LCYGrxwub6QJLsTqFMCGitsNuJVzX+QU7yHQ8Pe BmXuaXOxsVZqCvpRKqEf1kcnrkbPgFbIyTptENDy09JlMbbXAYDmE8mHMfuTP1pI9S /YMjpUXe9OPpE+Gp1+lX/GWQl3i9JNY5UEolUsbg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jonny Barker , Sean Christopherson , Paolo Bonzini Subject: [PATCH 5.4 46/65] KVM: x86: Update emulator context mode if SYSENTER xfers to 64-bit mode Date: Mon, 8 Feb 2021 16:01:18 +0100 Message-Id: <20210208145812.001226891@linuxfoundation.org> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210208145810.230485165@linuxfoundation.org> References: <20210208145810.230485165@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sean Christopherson commit 943dea8af21bd896e0d6c30ea221203fb3cd3265 upstream. Set the emulator context to PROT64 if SYSENTER transitions from 32-bit userspace (compat mode) to a 64-bit kernel, otherwise the RIP update at the end of x86_emulate_insn() will incorrectly truncate the new RIP. Note, this bug is mostly limited to running an Intel virtual CPU model on an AMD physical CPU, as other combinations of virtual and physical CPUs do not trigger full emulation. On Intel CPUs, SYSENTER in compatibility mode is legal, and unconditionally transitions to 64-bit mode. On AMD CPUs, SYSENTER is illegal in compatibility mode and #UDs. If the vCPU is AMD, KVM injects a #UD on SYSENTER in compat mode. If the pCPU is Intel, SYSENTER will execute natively and not trigger #UD->VM-Exit (ignoring guest TLB shenanigans). Fixes: fede8076aab4 ("KVM: x86: handle wrap around 32-bit address space") Cc: stable@vger.kernel.org Signed-off-by: Jonny Barker [sean: wrote changelog] Signed-off-by: Sean Christopherson Message-Id: <20210202165546.2390296-1-seanjc@google.com> Signed-off-by: Paolo Bonzini Signed-off-by: Greg Kroah-Hartman --- arch/x86/kvm/emulate.c | 2 ++ 1 file changed, 2 insertions(+) --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -2890,6 +2890,8 @@ static int em_sysenter(struct x86_emulat ops->get_msr(ctxt, MSR_IA32_SYSENTER_ESP, &msr_data); *reg_write(ctxt, VCPU_REGS_RSP) = (efer & EFER_LMA) ? msr_data : (u32)msr_data; + if (efer & EFER_LMA) + ctxt->mode = X86EMUL_MODE_PROT64; return X86EMUL_CONTINUE; }