From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AB75EC433F2 for ; Mon, 20 Jul 2020 15:45:01 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 66D9B2064B for ; Mon, 20 Jul 2020 15:45:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1595259901; bh=oDCW72n+tBqlUxPcK9GKINASzwNcdmNvRubE7YDEEE8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=izyih8omiMVa7VrEBjmXtqFFivsV30RxT1Qr7IV+Dr3RJEN+iCFe33y3J9h5euo7Q Y/t+qs2XkNQTp9WOWwxqXcrF+cIDzEX7DxNS1fyqMXZC6/VzHviShb1TcHKr2cMS1J zUz62LivBjmQMyMr/lGsZWYnld7Ju2vNgg1Ndjew= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730474AbgGTPo7 (ORCPT ); Mon, 20 Jul 2020 11:44:59 -0400 Received: from mail.kernel.org ([198.145.29.99]:39064 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730465AbgGTPoz (ORCPT ); Mon, 20 Jul 2020 11:44:55 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 0A2612065E; Mon, 20 Jul 2020 15:44:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1595259894; bh=oDCW72n+tBqlUxPcK9GKINASzwNcdmNvRubE7YDEEE8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=l4Q+kaRnCEM9UTOj9BM0Y032EpXpUgnrL7qOJKslIKQLBDoJhxMrB/3u1wSN9w42Z MKq7i+i76w4J1Q19LsZSoo1fFYJUc2lH3HQPWOsakXvudMQBKsPo0bL71caylwEbwJ Ky/W7DvYvUurPm+QllwMSHvGOV0a7xGC3ogJZ/yE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sebastien Boeuf , Sean Christopherson , Paolo Bonzini Subject: [PATCH 4.14 032/125] KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode Date: Mon, 20 Jul 2020 17:36:11 +0200 Message-Id: <20200720152804.534985140@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200720152802.929969555@linuxfoundation.org> References: <20200720152802.929969555@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sean Christopherson commit d74fcfc1f0ff4b6c26ecef1f9e48d8089ab4eaac upstream. Inject a #GP on MOV CR4 if CR4.LA57 is toggled in 64-bit mode, which is illegal per Intel's SDM: CR4.LA57 57-bit linear addresses (bit 12 of CR4) ... blah blah blah ... This bit cannot be modified in IA-32e mode. Note, the pseudocode for MOV CR doesn't call out the fault condition, which is likely why the check was missed during initial development. This is arguably an SDM bug and will hopefully be fixed in future release of the SDM. Fixes: fd8cb433734ee ("KVM: MMU: Expose the LA57 feature to VM.") Cc: stable@vger.kernel.org Reported-by: Sebastien Boeuf Signed-off-by: Sean Christopherson Message-Id: <20200703021714.5549-1-sean.j.christopherson@intel.com> Signed-off-by: Paolo Bonzini Signed-off-by: Greg Kroah-Hartman --- arch/x86/kvm/x86.c | 2 ++ 1 file changed, 2 insertions(+) --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -806,6 +806,8 @@ int kvm_set_cr4(struct kvm_vcpu *vcpu, u if (is_long_mode(vcpu)) { if (!(cr4 & X86_CR4_PAE)) return 1; + if ((cr4 ^ old_cr4) & X86_CR4_LA57) + return 1; } else if (is_paging(vcpu) && (cr4 & X86_CR4_PAE) && ((cr4 ^ old_cr4) & pdptr_bits) && !load_pdptrs(vcpu, vcpu->arch.walk_mmu,