[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 36/45] target/i386: Added consistency checks for CR0
From: |
Paolo Bonzini |
Subject: |
[PULL 36/45] target/i386: Added consistency checks for CR0 |
Date: |
Thu, 17 Jun 2021 11:31:25 +0200 |
From: Lara Lazier <laramglazier@gmail.com>
The combination of unset CD and set NW bit in CR0 is illegal.
CR0[63:32] are also reserved and need to be zero.
(AMD64 Architecture Programmer's Manual, V2, 15.5)
Signed-off-by: Lara Lazier <laramglazier@gmail.com>
Message-Id: <20210616123907.17765-4-laramglazier@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/cpu.h | 2 ++
target/i386/svm.h | 2 ++
target/i386/tcg/sysemu/svm_helper.c | 12 +++++++++---
3 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 64b4e46731..1e11071d81 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -224,6 +224,8 @@ typedef enum X86Seg {
#define CR0_NE_MASK (1U << 5)
#define CR0_WP_MASK (1U << 16)
#define CR0_AM_MASK (1U << 18)
+#define CR0_NW_MASK (1U << 29)
+#define CR0_CD_MASK (1U << 30)
#define CR0_PG_MASK (1U << 31)
#define CR4_VME_MASK (1U << 0)
diff --git a/target/i386/svm.h b/target/i386/svm.h
index 87965e5bc2..5098733053 100644
--- a/target/i386/svm.h
+++ b/target/i386/svm.h
@@ -135,6 +135,8 @@
#define SVM_NPTEXIT_GPA (1ULL << 32)
#define SVM_NPTEXIT_GPT (1ULL << 33)
+#define SVM_CR0_RESERVED_MASK 0xffffffff00000000U
+
struct QEMU_PACKED vmcb_control_area {
uint16_t intercept_cr_read;
uint16_t intercept_cr_write;
diff --git a/target/i386/tcg/sysemu/svm_helper.c
b/target/i386/tcg/sysemu/svm_helper.c
index 902bf03fc3..1c2dbc1862 100644
--- a/target/i386/tcg/sysemu/svm_helper.c
+++ b/target/i386/tcg/sysemu/svm_helper.c
@@ -73,6 +73,7 @@ void helper_vmrun(CPUX86State *env, int aflag, int
next_eip_addend)
uint32_t event_inj;
uint32_t int_ctl;
uint32_t asid;
+ uint64_t new_cr0;
cpu_svm_check_intercept_param(env, SVM_EXIT_VMRUN, 0, GETPC());
@@ -192,13 +193,18 @@ void helper_vmrun(CPUX86State *env, int aflag, int
next_eip_addend)
env->idt.limit = x86_ldl_phys(cs, env->vm_vmcb + offsetof(struct vmcb,
save.idtr.limit));
+ new_cr0 = x86_ldq_phys(cs, env->vm_vmcb + offsetof(struct vmcb, save.cr0));
+ if (new_cr0 & SVM_CR0_RESERVED_MASK) {
+ cpu_vmexit(env, SVM_EXIT_ERR, 0, GETPC());
+ }
+ if ((new_cr0 & CR0_NW_MASK) && !(new_cr0 & CR0_CD_MASK)) {
+ cpu_vmexit(env, SVM_EXIT_ERR, 0, GETPC());
+ }
/* clear exit_info_2 so we behave like the real hardware */
x86_stq_phys(cs,
env->vm_vmcb + offsetof(struct vmcb, control.exit_info_2), 0);
- cpu_x86_update_cr0(env, x86_ldq_phys(cs,
- env->vm_vmcb + offsetof(struct vmcb,
- save.cr0)));
+ cpu_x86_update_cr0(env, new_cr0);
cpu_x86_update_cr4(env, x86_ldq_phys(cs,
env->vm_vmcb + offsetof(struct vmcb,
save.cr4)));
--
2.31.1
- [PULL 13/45] esp: fix migration version check in esp_is_version_5(), (continued)
- [PULL 13/45] esp: fix migration version check in esp_is_version_5(), Paolo Bonzini, 2021/06/17
- [PULL 12/45] esp: correctly accumulate extended messages for PDMA, Paolo Bonzini, 2021/06/17
- [PULL 17/45] softmmu/physmem: Fix qemu_ram_remap() to handle shared anonymous memory, Paolo Bonzini, 2021/06/17
- [PULL 19/45] util/mmap-alloc: Factor out reserving of a memory region to mmap_reserve(), Paolo Bonzini, 2021/06/17
- [PULL 20/45] util/mmap-alloc: Factor out activating of memory to mmap_activate(), Paolo Bonzini, 2021/06/17
- [PULL 22/45] softmmu/memory: Pass ram_flags to memory_region_init_ram_shared_nomigrate(), Paolo Bonzini, 2021/06/17
- [PULL 26/45] util/mmap-alloc: Support RAM_NORESERVE via MAP_NORESERVE under Linux, Paolo Bonzini, 2021/06/17
- [PULL 23/45] softmmu/memory: Pass ram_flags to qemu_ram_alloc() and qemu_ram_alloc_internal(), Paolo Bonzini, 2021/06/17
- [PULL 29/45] qmp: Include "share" property of memory backends, Paolo Bonzini, 2021/06/17
- [PULL 33/45] configure: map x32 to cpu_family x86_64 for meson, Paolo Bonzini, 2021/06/17
- [PULL 36/45] target/i386: Added consistency checks for CR0,
Paolo Bonzini <=
- [PULL 38/45] configure: Use -std=gnu11, Paolo Bonzini, 2021/06/17
- [PULL 40/45] util: Use real functions for thread-posix QemuRecMutex, Paolo Bonzini, 2021/06/17
- [PULL 42/45] util: Use unique type for QemuRecMutex in thread-posix.h, Paolo Bonzini, 2021/06/17
- [PULL 37/45] target/i386: Added Intercept CR0 writes check, Paolo Bonzini, 2021/06/17
- [PULL 44/45] qemu/compiler: Remove QEMU_GENERIC, Paolo Bonzini, 2021/06/17
- [PULL 43/45] include/qemu/lockable: Use _Generic instead of QEMU_GENERIC, Paolo Bonzini, 2021/06/17
- [PULL 21/45] softmmu/memory: Pass ram_flags to qemu_ram_alloc_from_fd(), Paolo Bonzini, 2021/06/17
- [PULL 25/45] memory: Introduce RAM_NORESERVE and wire it up in qemu_ram_mmap(), Paolo Bonzini, 2021/06/17
- [PULL 24/45] util/mmap-alloc: Pass flags instead of separate bools to qemu_ram_mmap(), Paolo Bonzini, 2021/06/17
- [PULL 27/45] hostmem: Wire up RAM_NORESERVE via "reserve" property, Paolo Bonzini, 2021/06/17