Received: by 2002:ac0:da4c:0:0:0:0:0 with SMTP id a12csp466705imi; Thu, 21 Jul 2022 04:56:16 -0700 (PDT) X-Google-Smtp-Source: AGRyM1uXounsjIUHOLioi++IObdZcWC2ByCsK7yqjveHAeAFU/ocUPPkfaf14Qa2GJ+CQCBC/tNg X-Received: by 2002:a17:902:ecc7:b0:16c:46ef:94b6 with SMTP id a7-20020a170902ecc700b0016c46ef94b6mr43310748plh.139.1658404576011; Thu, 21 Jul 2022 04:56:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658404576; cv=none; d=google.com; s=arc-20160816; b=iRvDZsTr/3pjbqxJSVPTePTGNinl9X0v09oaRQ6lmKylC4LvK6g2NK1brgUL666Vtw dNC2aGCaIUxp2RMjm49Fv1+xQUEb374C9HiTeYy/WeHO5qRWnYRCbpAQq0Koy8/gemHJ 4MqqkW9IJeL6PFh1ECdXB+VESVfvrc8kpH7I65JC/w5M2em1+MU4v0JoEmEXWO0rtKkh enqcZO8VTh9twJ94nYstH1CozORdXBOzegNvarhVQr6bX2hQc81Ri0tvJKtmUjXTS+1W 4kv/vYoc1/lmPA+LtrBf7EUPbxhztbTn5g18uEknJmwV/bqZDL959WRHSPcwwOXmR2e3 Q6PQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature; bh=PaTMkS9CUmeszJi8ZetWqsZilZKnUJOSPYJnnbmFWaY=; b=nJ169/WMb7DK5XGyzvBJ1MBhepFpEHi3OlWcZdi01X6ct4FixqVx/YEEePsJ+OZVDi cobjtOHi5j73IsTUP/FW9yf9FM5JLVpcXVLusISCNwG9gQVVMrMZk8BMKLc9G0tdC1uC NWztyjYHpun0poiXmDn6QXABNGW0psv9Bc2cUIq39NmruCbS5/Hx8PAiUE3rjsnXuBzX y5PMGgHjWJYqWcVfy3Z9pMcpz39tV0knZPLEfCUzws6D6ExDCtFvO18bgKzqLCSFmi5N SwZk91fhZe1oSPb2L4RH0+RNs+jb7Vmruo6UNgCnwVvCrLFIlQxzecTRj4pVZNdHb3aV PMZA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=JiIRZxOr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q16-20020a056a00151000b0052b1467e6e1si2572224pfu.149.2022.07.21.04.56.01; Thu, 21 Jul 2022 04:56:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=JiIRZxOr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232853AbiGULxy (ORCPT + 99 others); Thu, 21 Jul 2022 07:53:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33790 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230047AbiGULxx (ORCPT ); Thu, 21 Jul 2022 07:53:53 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id E51657B7B6 for ; Thu, 21 Jul 2022 04:53:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1658404432; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PaTMkS9CUmeszJi8ZetWqsZilZKnUJOSPYJnnbmFWaY=; b=JiIRZxOrUpLLxBu2E3UAjdVVKrfFygU/gix22kumXufEogymBNO8G+Xfhyd5BA1YWSAumD 4isvI2ZHH27Bsh4cqmRXJW22jP2W+ZdUhNXZlL2P8GqI5974vTHQsDG7F2UsHtE5z27SLN CZemaCqDvCniRo3BbIbG+qMa9OKu2gQ= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-595-VGu78coLOd-ZkuUkM_nzLQ-1; Thu, 21 Jul 2022 07:53:48 -0400 X-MC-Unique: VGu78coLOd-ZkuUkM_nzLQ-1 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id B978C8115B1; Thu, 21 Jul 2022 11:53:47 +0000 (UTC) Received: from starship (unknown [10.40.192.46]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3B63C401E92; Thu, 21 Jul 2022 11:53:44 +0000 (UTC) Message-ID: <532c71cbca049004bd6860508fdc056ae118ab1f.camel@redhat.com> Subject: Re: [PATCH v2 05/11] KVM: x86: emulator: update the emulation mode after CR0 write From: Maxim Levitsky To: Sean Christopherson Cc: kvm@vger.kernel.org, x86@kernel.org, Kees Cook , Dave Hansen , linux-kernel@vger.kernel.org, "H. Peter Anvin" , Borislav Petkov , Joerg Roedel , Ingo Molnar , Paolo Bonzini , Thomas Gleixner , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson Date: Thu, 21 Jul 2022 14:53:43 +0300 In-Reply-To: References: <20220621150902.46126-1-mlevitsk@redhat.com> <20220621150902.46126-6-mlevitsk@redhat.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.36.5 (3.36.5-2.fc32) MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.85 on 10.11.54.10 X-Spam-Status: No, score=-3.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW, SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 2022-07-20 at 23:50 +0000, Sean Christopherson wrote: > On Tue, Jun 21, 2022, Maxim Levitsky wrote: > > CR0.PE toggles real/protected mode, thus its update > > should update the emulation mode. > > > > This is likely a benign bug because there is no writeback > > of state, other than the RIP increment, and when toggling > > CR0.PE, the CPU has to execute code from a very low memory address. > > > > Signed-off-by: Maxim Levitsky > > --- > > arch/x86/kvm/emulate.c | 13 ++++++++++++- > > 1 file changed, 12 insertions(+), 1 deletion(-) > > > > diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c > > index 6f4632babc4cd8..002687d17f9364 100644 > > --- a/arch/x86/kvm/emulate.c > > +++ b/arch/x86/kvm/emulate.c > > @@ -3659,11 +3659,22 @@ static int em_movbe(struct x86_emulate_ctxt *ctxt) > > > > static int em_cr_write(struct x86_emulate_ctxt *ctxt) > > { > > - if (ctxt->ops->set_cr(ctxt, ctxt->modrm_reg, ctxt->src.val)) > > + int cr_num = ctxt->modrm_reg; > > + int r; > > + > > + if (ctxt->ops->set_cr(ctxt, cr_num, ctxt->src.val)) > > return emulate_gp(ctxt, 0); > > > > /* Disable writeback. */ > > ctxt->dst.type = OP_NONE; > > + > > + if (cr_num == 0) { > > + /* CR0 write might have updated CR0.PE */ > > Or toggled CR0.PG. I thought about it but paging actually does not affect the CPU mode. E.g if you are in protected mode, instructions execute the same regardless if you have paging or not. (There are probably some exceptions but you understand what I mean). Best regards, Maxim Levitsky > It's probably also worth noting that ->set_cr() handles side > effects to other registers, e.g. the lack of an EFER.LMA update makes this look > suspicious at first glance. > > > + r = update_emulation_mode(ctxt); > > + if (r != X86EMUL_CONTINUE) > > + return r; > > + } > > + > > return X86EMUL_CONTINUE; > > } > > > > -- > > 2.26.3 > >