|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen master] VT-x: simplify/clarify vmx_load_pdptrs()
commit 1969576661f3e34318e9b0a61a1a38f9a5aee16f
Author: Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Tue Jul 14 10:00:45 2020 +0200
Commit: Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Tue Jul 14 10:00:45 2020 +0200
VT-x: simplify/clarify vmx_load_pdptrs()
* Guests outside of long mode can't have PCID enabled. Drop the
respective check to make more obvious that there's no security issue
(from potentially accessing past the mapped page's boundary).
* Only bits 5...31 of CR3 are relevant in 32-bit PAE mode; all others
are ignored. The high 32 ones may in particular have remained
unchanged after leaving long mode.
* Drop the unnecessary and badly typed local variable p.
* Don't open-code hvm_long_mode_active() (and extend this to the related
nested VT-x code).
* Constify guest_pdptes to clarify that we're only reading from the
page.
* Drop the "crash" label now that there's only a single path leading
there.
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
Reviewed-by: Kevin Tian <kevin.tian@xxxxxxxxx>
---
xen/arch/x86/hvm/vmx/vmx.c | 24 ++++++++----------------
xen/arch/x86/hvm/vmx/vvmx.c | 4 ++--
2 files changed, 10 insertions(+), 18 deletions(-)
diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index cc6d4ece22..eb54aadfba 100644
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -1312,19 +1312,15 @@ static void vmx_set_interrupt_shadow(struct vcpu *v,
unsigned int intr_shadow)
static void vmx_load_pdptrs(struct vcpu *v)
{
- unsigned long cr3 = v->arch.hvm.guest_cr[3];
- uint64_t *guest_pdptes;
+ uint32_t cr3 = v->arch.hvm.guest_cr[3];
+ const uint64_t *guest_pdptes;
struct page_info *page;
p2m_type_t p2mt;
- char *p;
/* EPT needs to load PDPTRS into VMCS for PAE. */
- if ( !hvm_pae_enabled(v) || (v->arch.hvm.guest_efer & EFER_LMA) )
+ if ( !hvm_pae_enabled(v) || hvm_long_mode_active(v) )
return;
- if ( (cr3 & 0x1fUL) && !hvm_pcid_enabled(v) )
- goto crash;
-
page = get_page_from_gfn(v->domain, cr3 >> PAGE_SHIFT, &p2mt, P2M_ALLOC);
if ( !page )
{
@@ -1332,14 +1328,13 @@ static void vmx_load_pdptrs(struct vcpu *v)
* queue, but this is the wrong place. We're holding at least
* the paging lock */
gdprintk(XENLOG_ERR,
- "Bad cr3 on load pdptrs gfn %lx type %d\n",
+ "Bad cr3 on load pdptrs gfn %"PRIx32" type %d\n",
cr3 >> PAGE_SHIFT, (int) p2mt);
- goto crash;
+ domain_crash(v->domain);
+ return;
}
- p = __map_domain_page(page);
-
- guest_pdptes = (uint64_t *)(p + (cr3 & ~PAGE_MASK));
+ guest_pdptes = __map_domain_page(page) + (cr3 & ~(PAGE_MASK | 0x1f));
/*
* We do not check the PDPTRs for validity. The CPU will do this during
@@ -1356,12 +1351,9 @@ static void vmx_load_pdptrs(struct vcpu *v)
vmx_vmcs_exit(v);
- unmap_domain_page(p);
+ unmap_domain_page(guest_pdptes);
put_page(page);
return;
-
- crash:
- domain_crash(v->domain);
}
static void vmx_update_host_cr3(struct vcpu *v)
diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c
index 7dfff6c445..1e51689ef3 100644
--- a/xen/arch/x86/hvm/vmx/vvmx.c
+++ b/xen/arch/x86/hvm/vmx/vvmx.c
@@ -1234,7 +1234,7 @@ static void virtual_vmentry(struct cpu_user_regs *regs)
paging_update_paging_modes(v);
if ( nvmx_ept_enabled(v) && hvm_pae_enabled(v) &&
- !(v->arch.hvm.guest_efer & EFER_LMA) )
+ !hvm_long_mode_active(v) )
vvmcs_to_shadow_bulk(v, ARRAY_SIZE(gpdpte_fields), gpdpte_fields);
regs->rip = get_vvmcs(v, GUEST_RIP);
@@ -1437,7 +1437,7 @@ static void virtual_vmexit(struct cpu_user_regs *regs)
sync_exception_state(v);
if ( nvmx_ept_enabled(v) && hvm_pae_enabled(v) &&
- !(v->arch.hvm.guest_efer & EFER_LMA) )
+ !hvm_long_mode_active(v) )
shadow_to_vvmcs_bulk(v, ARRAY_SIZE(gpdpte_fields), gpdpte_fields);
/* This will clear current pCPU bit in p2m->dirty_cpumask */
--
generated by git-patchbot for /home/xen/git/xen.git#master
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |