Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp4171587pxb;
        Mon, 8 Feb 2021 09:32:56 -0800 (PST)
X-Google-Smtp-Source: ABdhPJyP1VJKIcu7lYdLai7mI03Zv9DGQ6QnklUsuohLyJ4ezyXci8cFEgK9C9021ClZyhB4Nqed
X-Received: by 2002:a17:906:8507:: with SMTP id i7mr18202645ejx.175.1612805575929;
        Mon, 08 Feb 2021 09:32:55 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1612805575; cv=none;
        d=google.com; s=arc-20160816;
        b=lnyW2/LjanCJfo2AHAmiMxRdJwLTMs+r49gQA/g5G+Q3e8lNEX+Fx3Zm9JcUMLZy69
         Zz9JBepal5rxyuj9VhV9xnOl3iHwx2IHRC74AuyYLEQe1/M99tok/xyFVDQMcHBu/l6P
         Cx3XZO9SXisFi7HGUMWWwaVpDF519HW3+uesB63e2rS+dd9VbLOxOCc9d3r9w3rPO3V7
         7GlzMLrdIVZYtJTZsa60tvKnhb+/PmYU4w15Ig+sq8/QDX6b6kQpyZ+lzeCbGwCoacOT
         4acPMuXmbHEOY0asD1NUtYEtKEp4j2dGgMEvcd65A4VYaj7DXMAX/caTHYstXsn9Zysb
         hiDQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=AvDI5yYcVxjsepvuUAQZhOVSWIxahB2AN+JD3TTgRUk=;
        b=o3mGLR5z151ytr03zZ7FIyvliW/et0t2ZlTDUo4fJF4cybMauqg7fB9untvpcYfQo6
         9F1FBVBV/yd+R5RqLEqvNAm0go6zhpdcT3jD4g0wS/s3NBXGSDeoPs5x+NywJyHAT+J+
         z9YBEK1pCfMLW66p34k4csUbV84TRdJnREAS7ROTWMSKIff88Q4bgHVmzsVH1ymYJIV4
         xoa1aUZYM5oR/7lNoKQG0gA7LqH/SmEGgbFY0Ceo2jmnPL31VivluFdUsGmVe/JU4gnl
         mDFce2tigKF8B4mARc5cf97kElMpMbvSsmEVOKWNt1IFIYwSTWceHdupbiFUYbPvR2G6
         32yA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=QetT1jA5;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id m9si13772045ejj.472.2021.02.08.09.32.32;
        Mon, 08 Feb 2021 09:32:55 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=QetT1jA5;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234938AbhBHRcB (ORCPT <rfc822;lkmlinbox@gmail.com> + 99 others);
        Mon, 8 Feb 2021 12:32:01 -0500
Received: from mail.kernel.org ([198.145.29.99]:37400 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S232400AbhBHP3N (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 8 Feb 2021 10:29:13 -0500
Received: by mail.kernel.org (Postfix) with ESMTPSA id D963764F2C;
        Mon,  8 Feb 2021 15:16:30 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1612797391;
        bh=+ilpT1PhqISqHoReyBiQkxJUbTKBcAk0zlMlZUFCXOI=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=QetT1jA5uBLo6Dz6r77+CnwWjobHVGZx23lFPr6BdvLh96VCcy/dL8/eKlNM5YuA0
         abaJph1eOegA5ht6Unf0vkS9HDmJ9QdLmpL2lMOan9xwbynqdSSqX0pdw/ZA9j/y+3
         lBf3yh211MZQU4+8KfI0z91kgug7T24ECPjZwrbk=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Jonny Barker <jonny@jonnybarker.com>,
        Sean Christopherson <seanjc@google.com>,
        Paolo Bonzini <pbonzini@redhat.com>
Subject: [PATCH 5.10 092/120] KVM: x86: Update emulator context mode if SYSENTER xfers to 64-bit mode
Date:   Mon,  8 Feb 2021 16:01:19 +0100
Message-Id: <20210208145822.068123770@linuxfoundation.org>
X-Mailer: git-send-email 2.30.0
In-Reply-To: <20210208145818.395353822@linuxfoundation.org>
References: <20210208145818.395353822@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Sean Christopherson <seanjc@google.com>

commit 943dea8af21bd896e0d6c30ea221203fb3cd3265 upstream.

Set the emulator context to PROT64 if SYSENTER transitions from 32-bit
userspace (compat mode) to a 64-bit kernel, otherwise the RIP update at
the end of x86_emulate_insn() will incorrectly truncate the new RIP.

Note, this bug is mostly limited to running an Intel virtual CPU model on
an AMD physical CPU, as other combinations of virtual and physical CPUs
do not trigger full emulation.  On Intel CPUs, SYSENTER in compatibility
mode is legal, and unconditionally transitions to 64-bit mode.  On AMD
CPUs, SYSENTER is illegal in compatibility mode and #UDs.  If the vCPU is
AMD, KVM injects a #UD on SYSENTER in compat mode.  If the pCPU is Intel,
SYSENTER will execute natively and not trigger #UD->VM-Exit (ignoring
guest TLB shenanigans).

Fixes: fede8076aab4 ("KVM: x86: handle wrap around 32-bit address space")
Cc: stable@vger.kernel.org
Signed-off-by: Jonny Barker <jonny@jonnybarker.com>
[sean: wrote changelog]
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20210202165546.2390296-1-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/x86/kvm/emulate.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -2879,6 +2879,8 @@ static int em_sysenter(struct x86_emulat
 	ops->get_msr(ctxt, MSR_IA32_SYSENTER_ESP, &msr_data);
 	*reg_write(ctxt, VCPU_REGS_RSP) = (efer & EFER_LMA) ? msr_data :
 							      (u32)msr_data;
+	if (efer & EFER_LMA)
+		ctxt->mode = X86EMUL_MODE_PROT64;
 
 	return X86EMUL_CONTINUE;
 }