From: Nadav Amit <namit@cs.technion.ac.il>
To: pbonzini@redhat.com
Cc: gleb@kernel.org, tglx@linutronix.de, mingo@redhat.com,
hpa@zytor.com, x86@kernel.org, kvm@vger.kernel.org,
linux-kernel@vger.kernel.org,
Nadav Amit <namit@cs.technion.ac.il>
Subject: [PATCH 3/9] KVM: x86: Loading segments on 64-bit mode may be wrong
Date: Mon, 2 Jun 2014 18:34:05 +0300 [thread overview]
Message-ID: <1401723251-8034-4-git-send-email-namit@cs.technion.ac.il> (raw)
In-Reply-To: <1401723251-8034-1-git-send-email-namit@cs.technion.ac.il>
The current emulator implementation ignores the high 32 bits of the base in
long-mode. During segment load from the LDT, the base of the LDT is calculated
incorrectly and may cause the wrong segment to be loaded.
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
---
arch/x86/kvm/emulate.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index 136088f..7e4a45c 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -1358,17 +1358,19 @@ static void get_descriptor_table_ptr(struct x86_emulate_ctxt *ctxt,
u16 selector, struct desc_ptr *dt)
{
const struct x86_emulate_ops *ops = ctxt->ops;
+ u32 base3 = 0;
if (selector & 1 << 2) {
struct desc_struct desc;
u16 sel;
memset (dt, 0, sizeof *dt);
- if (!ops->get_segment(ctxt, &sel, &desc, NULL, VCPU_SREG_LDTR))
+ if (!ops->get_segment(ctxt, &sel, &desc, &base3,
+ VCPU_SREG_LDTR))
return;
dt->size = desc_limit_scaled(&desc); /* what if limit > 65535? */
- dt->address = get_desc_base(&desc);
+ dt->address = get_desc_base(&desc) | ((u64)base3 << 32);
} else
ops->get_gdt(ctxt, dt);
}
--
1.9.1
next prev parent reply other threads:[~2014-06-02 15:37 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-02 15:34 [PATCH 0/9] KVM: x86: Fixes for various emulator bugs Nadav Amit
2014-06-02 15:34 ` [PATCH 1/9] KVM: x86: Mark VEX-prefix instructions emulation as unimplemented Nadav Amit
2014-06-02 15:34 ` [PATCH 2/9] KVM: x86: Emulator ignores LDTR/TR extended base on LLDT/LTR Nadav Amit
2014-06-02 15:34 ` Nadav Amit [this message]
2014-06-02 15:34 ` [PATCH 4/9] KVM: x86: sgdt and sidt are not privilaged Nadav Amit
2014-06-02 15:34 ` [PATCH 5/9] KVM: x86: cmpxchg emulation should compare in reverse order Nadav Amit
2014-06-02 15:34 ` [PATCH 6/9] KVM: x86: movnti minimum op size of 32-bit is not kept Nadav Amit
2014-06-02 15:34 ` [PATCH 7/9] KVM: x86: rdpmc emulation checks the counter incorrectly Nadav Amit
2014-06-02 15:34 ` [PATCH 8/9] KVM: x86: Return error on cmpxchg16b emulation Nadav Amit
2014-06-02 15:34 ` [PATCH 9/9] KVM: x86: smsw emulation is incorrect in 64-bit mode Nadav Amit
2014-06-05 14:53 ` Paolo Bonzini
2014-06-05 15:02 ` Nadav Amit
2014-06-05 15:04 ` H. Peter Anvin
2014-06-05 15:27 ` Paolo Bonzini
2014-06-05 23:56 ` [PATCH kvm-unit-tests 0/2] x86: Additional smsw tests Nadav Amit
2014-06-05 23:56 ` [PATCH kvm-unit-tests1/2] x86: emulator: additional smsw test-case Nadav Amit
2014-06-09 11:36 ` Paolo Bonzini
2014-06-05 23:56 ` [PATCH kvm-unit-tests 2/2] x86: realmode: test smsw behavior with register operand Nadav Amit
2014-06-06 8:04 ` [PATCH kvm-unit-tests 0/2] x86: Additional smsw tests Paolo Bonzini
2014-06-08 10:02 ` [PATCH kvm-unit-tests v2] x86: emulator: long mode " Nadav Amit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1401723251-8034-4-git-send-email-namit@cs.technion.ac.il \
--to=namit@cs.technion.ac.il \
--cc=gleb@kernel.org \
--cc=hpa@zytor.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.