| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152 |
- From 3a99d9781d2d3ccf58d70b1dc7edfda886f5d271 Mon Sep 17 00:00:00 2001
- From: Maxim Levitsky <[email protected]>
- Date: Tue, 25 Oct 2022 15:47:31 +0300
- Subject: [PATCH] KVM: x86: emulator: update the emulation mode after CR0 write
- Update the emulation mode when handling writes to CR0, because
- toggling CR0.PE switches between Real and Protected Mode, and toggling
- CR0.PG when EFER.LME=1 switches between Long and Protected Mode.
- This is likely a benign bug because there is no writeback of state,
- other than the RIP increment, and when toggling CR0.PE, the CPU has
- to execute code from a very low memory address.
- Signed-off-by: Maxim Levitsky <[email protected]>
- ---
- arch/x86/kvm/emulate.c | 16 +++++++++++++++-
- 1 file changed, 15 insertions(+), 1 deletion(-)
- diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
- index 4365137d823b..5d7d4c1be843 100644
- --- a/arch/x86/kvm/emulate.c
- +++ b/arch/x86/kvm/emulate.c
- @@ -3288,11 +3288,25 @@ static int em_movbe(struct x86_emulate_ctxt *ctxt)
-
- static int em_cr_write(struct x86_emulate_ctxt *ctxt)
- {
- - if (ctxt->ops->set_cr(ctxt, ctxt->modrm_reg, ctxt->src.val))
- + int cr_num = ctxt->modrm_reg;
- + int r;
- +
- + if (ctxt->ops->set_cr(ctxt, cr_num, ctxt->src.val))
- return emulate_gp(ctxt, 0);
-
- /* Disable writeback. */
- ctxt->dst.type = OP_NONE;
- +
- + if (cr_num == 0) {
- + /*
- + * CR0 write might have updated CR0.PE and/or CR0.PG
- + * which can affect the cpu's execution mode.
- + */
- + r = emulator_recalc_and_set_mode(ctxt);
- + if (r != X86EMUL_CONTINUE)
- + return r;
- + }
- +
- return X86EMUL_CONTINUE;
- }
-
- --
- 2.38.1
|
