From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from mail-ot0-f194.google.com ([74.125.82.194]:35130 "EHLO
        mail-ot0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753058AbdF0L6S (ORCPT
        <rfc822;stable@vger.kernel.org>); Tue, 27 Jun 2017 07:58:18 -0400
MIME-Version: 1.0
In-Reply-To: <d892b7b0-b02f-a8b6-cb34-822a63fb1d44@redhat.com>
References: <20170622151040.16231-1-rkrcmar@redhat.com> <CANRm+Cyu4dmm=BdZyghR8JDa17EdrOOUp3TKZV8OK+G1mOZ7Tg@mail.gmail.com>
 <bf9c19ff-f3f8-e453-93f1-adb00614d8fe@redhat.com> <CANRm+Cz369Ff_sLqTuLFRqCx4qwgWtZZungL_fgBLiodad5Lvg@mail.gmail.com>
 <d892b7b0-b02f-a8b6-cb34-822a63fb1d44@redhat.com>
From: Wanpeng Li <kernellwp@gmail.com>
Date: Tue, 27 Jun 2017 19:58:17 +0800
Message-ID: <CANRm+CyDbHm-0K1fAMon_qs_2GQUug9ZSk2evNEk9wAv2Q2CqA@mail.gmail.com>
Subject: Re: [PATCH] KVM: x86: fix singlestepping over syscall
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= <rkrcmar@redhat.com>,
        kvm <kvm@vger.kernel.org>, P J P <ppandit@redhat.com>,
        Steve Rutherford <srutherford@google.com>,
        Andrew Honig <ahonig@google.com>,
        Andy Lutomirski <luto@amacapital.net>,
        "# v3 . 10+" <stable@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

2017-06-27 18:09 GMT+08:00 Paolo Bonzini <pbonzini@redhat.com>:
>
>
> On 27/06/2017 11:50, Wanpeng Li wrote:
>> 2017-06-27 16:20 GMT+08:00 Paolo Bonzini <pbonzini@redhat.com>:
>>>
>>>
>>> On 27/06/2017 05:41, Wanpeng Li wrote:
>>>>> KVM emulates syscall so that it can trap 32-bit syscall on Intel proc=
essors.
>>>>
>>>> We have a discussion to not expose syscall/sysret to Intel 32-bit
>>>> guest two years ago. https://lkml.org/lkml/2015/11/19/225 The
>>>> syscall/sysret just makes sense against long mode instead of
>>
>> s/long mode/64-bit mode
>>
>>>> compatibility/legacy mode of Intel CPU. We will get a #UD in 32-bit
>>>> guest, and syscall emulation is introduced by commit 66bb2ccd (KVM:
>>>> x86 emulator: add syscall emulation) to handle it. So why we still
>>>> expose syscall/sysret to Intel 32-bit guest?
>>>
>>> Because you didn't post v2 of that patch, I guess. :)
>>>
>>>>> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
>>>>> index 87d3cb901935..0e846f0cb83b 100644
>>>>> --- a/arch/x86/kvm/x86.c
>>>>> +++ b/arch/x86/kvm/x86.c
>>>>> @@ -5313,6 +5313,8 @@ static void init_emulate_ctxt(struct kvm_vcpu *=
vcpu)
>>>>>         kvm_x86_ops->get_cs_db_l_bits(vcpu, &cs_db, &cs_l);
>>>>>
>>>>>         ctxt->eflags =3D kvm_get_rflags(vcpu);
>>>>> +       ctxt->tf =3D (ctxt->eflags & X86_EFLAGS_TF) !=3D 0;
>>>>> +
>>>>
>>>> I guess this is used for "the sysret is executed the #DB is taken "as
>>>> if" the syscall insn just completed", however, there is no sysret
>>>> emulation, so how the #DB is taken after the sysret?
>>>
>>> No, it's used for instructions other than syscall and sysret:
>>>
>>>> +               if (r =3D=3D EMULATE_DONE &&
>>>> +                   (ctxt->tf || (vcpu->guest_debug & KVM_GUESTDBG_SIN=
GLESTEP)))
>>>> +                       kvm_vcpu_do_singlestep(vcpu, &r);
>>>
>>> syscall (and sysret if it were emulated) overwrite ctxt->tf with the
>>> value of TF at the end of the instruction.  Other instructions don't, s=
o
>>> that singlestep depends on EFLAGS.TF before the instruction is executed=
.
>>
>> Why sysret is not emulated since SDM said that it can incur a #UD if
>> not in 64-bit mode?
>
> "64-bit ring 0 to 32-bit ring 3" sysret ("sysretl") is supported by Intel=
:
>
>         IF (operand size is 64-bit)
>         THEN CS.Selector =E2=86=90 IA32_STAR[63:48]+16;
>         ELSE CS.Selector =E2=86=90 IA32_STAR[63:48];
>         FI;

I see. :)

Regards,
Wanpeng Li