xen/26096-SVM-nested-vmexit-emul.patch

# HG changeset patch
# User Christoph Egger <Christoph.Egger@amd.com>
# Date 1350976467 -7200
# Node ID d642720e1ea996ce85203fc9718f64cf2cab0468
# Parent  a7503ce27d462056421c6d74737cee08ab4ae31e
nestedsvm: fix VMEXIT emulation

Values in regs can be newer than those in the shadow vmcb (e.g. due to
an instruction emulation right before). So use the values from regs.

Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Jan Beulich <jbeulich@suse.com>

--- a/xen/arch/x86/hvm/svm/nestedsvm.c
+++ b/xen/arch/x86/hvm/svm/nestedsvm.c
@@ -995,7 +995,7 @@ nsvm_vmcb_guest_intercepts_trap(struct v
 }
 
 static int
-nsvm_vmcb_prepare4vmexit(struct vcpu *v)
+nsvm_vmcb_prepare4vmexit(struct vcpu *v, struct cpu_user_regs *regs)
 {
     struct nestedvcpu *nv = &vcpu_nestedhvm(v);
     struct nestedsvm *svm = &vcpu_nestedsvm(v);
@@ -1119,17 +1119,22 @@ nsvm_vmcb_prepare4vmexit(struct vcpu *v)
     ns_vmcb->_dr7 = n2vmcb->_dr7;
     ns_vmcb->_dr6 = n2vmcb->_dr6;
 
+    /* Restore registers from regs as those values
+     * can be newer than in n2vmcb (e.g. due to an
+     * instruction emulation right before).
+     */
+
     /* RFLAGS */
-    ns_vmcb->rflags = n2vmcb->rflags;
+    ns_vmcb->rflags = n2vmcb->rflags = regs->eflags;
 
     /* RIP */
-    ns_vmcb->rip = n2vmcb->rip;
+    ns_vmcb->rip = n2vmcb->rip = regs->eip;
 
     /* RSP */
-    ns_vmcb->rsp = n2vmcb->rsp;
+    ns_vmcb->rsp = n2vmcb->rsp = regs->esp;
 
     /* RAX */
-    ns_vmcb->rax = n2vmcb->rax;
+    ns_vmcb->rax = n2vmcb->rax = regs->eax;
 
     /* Keep the l2 guest values of the fs, gs, ldtr, tr, kerngsbase,
      * star, lstar, cstar, sfmask, sysenter_cs, sysenter_esp,
@@ -1363,7 +1368,7 @@ nestedsvm_vmexit_n2n1(struct vcpu *v, st
     ASSERT(vcpu_nestedhvm(v).nv_vmswitch_in_progress);
     ASSERT(nestedhvm_vcpu_in_guestmode(v));
 
-    rc = nsvm_vmcb_prepare4vmexit(v);
+    rc = nsvm_vmcb_prepare4vmexit(v, regs);
     if (rc)
         ret = NESTEDHVM_VMEXIT_ERROR;
- bnc#777628 - guest "disappears" after live migration Updated block-dmmd script - fate#310510 - fix xenpaging restore changes to integrate paging into xm/xend xenpaging.autostart.patch xenpaging.doc.patch - bnc#787163 - VUL-0: CVE-2012-4544: xen: Domain builder Out-of- memory due to malicious kernel/ramdisk (XSA 25) CVE-2012-4544-xsa25.patch - bnc#779212 - VUL-0: CVE-2012-4411: XEN / qemu: guest administrator can access qemu monitor console (XSA-19) CVE-2012-4411-xsa19.patch - bnc#786516 - VUL-0: CVE-2012-4535: xen: Timer overflow DoS vulnerability CVE-2012-4535-xsa20.patch - bnc#786518 - VUL-0: CVE-2012-4536: xen: pirq range check DoS vulnerability CVE-2012-4536-xsa21.patch - bnc#786517 - VUL-0: CVE-2012-4537: xen: Memory mapping failure DoS vulnerability CVE-2012-4537-xsa22.patch - bnc#786519 - VUL-0: CVE-2012-4538: xen: Unhooking empty PAE entries DoS vulnerability CVE-2012-4538-xsa23.patch - bnc#786520 - VUL-0: CVE-2012-4539: xen: Grant table hypercall infinite loop DoS vulnerability CVE-2012-4539-xsa24.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=212 2012-11-19 13:58:33 +00:00			`# HG changeset patch`
			`# User Christoph Egger <Christoph.Egger@amd.com>`
			`# Date 1350976467 -7200`
			`# Node ID d642720e1ea996ce85203fc9718f64cf2cab0468`
			`# Parent a7503ce27d462056421c6d74737cee08ab4ae31e`
			`nestedsvm: fix VMEXIT emulation`

			`Values in regs can be newer than those in the shadow vmcb (e.g. due to`
			`an instruction emulation right before). So use the values from regs.`

			`Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>`
			`Acked-by: Tim Deegan <tim@xen.org>`
			`Committed-by: Jan Beulich <jbeulich@suse.com>`

			`--- a/xen/arch/x86/hvm/svm/nestedsvm.c`
			`+++ b/xen/arch/x86/hvm/svm/nestedsvm.c`
			`@@ -995,7 +995,7 @@ nsvm_vmcb_guest_intercepts_trap(struct v`
			`}`

			`static int`
			`-nsvm_vmcb_prepare4vmexit(struct vcpu *v)`
			`+nsvm_vmcb_prepare4vmexit(struct vcpu v, struct cpu_user_regs regs)`
			`{`
			`struct nestedvcpu *nv = &vcpu_nestedhvm(v);`
			`struct nestedsvm *svm = &vcpu_nestedsvm(v);`
			`@@ -1119,17 +1119,22 @@ nsvm_vmcb_prepare4vmexit(struct vcpu *v)`
			`ns_vmcb->_dr7 = n2vmcb->_dr7;`
			`ns_vmcb->_dr6 = n2vmcb->_dr6;`

			`+ /* Restore registers from regs as those values`
			`+ * can be newer than in n2vmcb (e.g. due to an`
			`+ * instruction emulation right before).`
			`+ */`
			`+`
			`/* RFLAGS */`
			`- ns_vmcb->rflags = n2vmcb->rflags;`
			`+ ns_vmcb->rflags = n2vmcb->rflags = regs->eflags;`

			`/* RIP */`
			`- ns_vmcb->rip = n2vmcb->rip;`
			`+ ns_vmcb->rip = n2vmcb->rip = regs->eip;`

			`/* RSP */`
			`- ns_vmcb->rsp = n2vmcb->rsp;`
			`+ ns_vmcb->rsp = n2vmcb->rsp = regs->esp;`

			`/* RAX */`
			`- ns_vmcb->rax = n2vmcb->rax;`
			`+ ns_vmcb->rax = n2vmcb->rax = regs->eax;`

			`/* Keep the l2 guest values of the fs, gs, ldtr, tr, kerngsbase,`
			`* star, lstar, cstar, sfmask, sysenter_cs, sysenter_esp,`
			`@@ -1363,7 +1368,7 @@ nestedsvm_vmexit_n2n1(struct vcpu *v, st`
			`ASSERT(vcpu_nestedhvm(v).nv_vmswitch_in_progress);`
			`ASSERT(nestedhvm_vcpu_in_guestmode(v));`

			`- rc = nsvm_vmcb_prepare4vmexit(v);`
			`+ rc = nsvm_vmcb_prepare4vmexit(v, regs);`
			`if (rc)`
			`ret = NESTEDHVM_VMEXIT_ERROR;`