From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 69A22C47258 for ; Tue, 5 May 2020 01:23:53 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4CD4720705 for ; Tue, 5 May 2020 01:23:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728176AbgEEBXw (ORCPT ); Mon, 4 May 2020 21:23:52 -0400 Received: from mga07.intel.com ([134.134.136.100]:22407 "EHLO mga07.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726516AbgEEBXv (ORCPT ); Mon, 4 May 2020 21:23:51 -0400 IronPort-SDR: sunHmm+kiGumHcZf9ajMrfRs7nKkGdpMiDTlUNrV5tY9j85bg5fEpn26+A/ZdLczaoL2bTqo4k 6WJUwC3a7MuA== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 May 2020 18:23:50 -0700 IronPort-SDR: 4vpPMRE6u3zAj2xA5lVwirll6SiYnhFEoN9EnQ9bsPkIXfQ3NOGjz9eRpRCdH3vtB7gi6ca927 Njn5U3VDZ3aw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,354,1583222400"; d="scan'208";a="406663375" Received: from sjchrist-coffee.jf.intel.com ([10.54.74.152]) by orsmga004.jf.intel.com with ESMTP; 04 May 2020 18:23:49 -0700 From: Sean Christopherson To: stable@vger.kernel.org, Greg Kroah-Hartman , Ben Hutchings , Sasha Levin Cc: Paolo Bonzini , linux-kernel@vger.kernel.org, Tobias Urdin Subject: [PATCH 4.19 STABLE 2/2] KVM: VMX: Mark RCX, RDX and RSI as clobbered in vmx_vcpu_run()'s asm blob Date: Mon, 4 May 2020 18:23:48 -0700 Message-Id: <20200505012348.17099-3-sean.j.christopherson@intel.com> X-Mailer: git-send-email 2.26.0 In-Reply-To: <20200505012348.17099-1-sean.j.christopherson@intel.com> References: <20200505012348.17099-1-sean.j.christopherson@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Save RCX, RDX and RSI to fake outputs to coerce the compiler into treating them as clobbered. RCX in particular is likely to be reused by the compiler to dereference the 'struct vcpu_vmx' pointer, which will result in a null pointer dereference now that RCX is zeroed by the asm blob. Add ASM_CALL_CONSTRAINT to fudge around an issue where during modpost can't find vmx_return when specifying output constraints. Reported-by: Tobias Urdin Fixes: b4be98039a92 ("KVM: VMX: Zero out *all* general purpose registers after VM-Exit") Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 5b06a98ffd4c..54c8b4dc750d 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -10882,7 +10882,8 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) ".global vmx_return \n\t" "vmx_return: " _ASM_PTR " 2b \n\t" ".popsection" - : : "c"(vmx), "d"((unsigned long)HOST_RSP), "S"(evmcs_rsp), + : ASM_CALL_CONSTRAINT, "=c"((int){0}), "=d"((int){0}), "=S"((int){0}) + : "c"(vmx), "d"((unsigned long)HOST_RSP), "S"(evmcs_rsp), [launched]"i"(offsetof(struct vcpu_vmx, __launched)), [fail]"i"(offsetof(struct vcpu_vmx, fail)), [host_rsp]"i"(offsetof(struct vcpu_vmx, host_rsp)), -- 2.26.0