diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2021-07-22 18:32:02 +0100 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2021-07-22 18:32:02 +0100 |
| commit | 7b7ca8ebde4ee6fba171004b2726ae1ff5489c03 (patch) | |
| tree | f3327a0520948327ac540ad77792aee2df8a60d2 /target/i386/tcg | |
| parent | beb191385882a2a283ce777d76b1a77e71813d14 (diff) | |
| parent | 0848f8aca6f7b13f2a755c2593b0a1cbb39f658e (diff) | |
Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging
Bugfixes.
# gpg: Signature made Thu 22 Jul 2021 14:11:27 BST
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini-gitlab/tags/for-upstream:
configure: Let --without-default-features disable vhost-kernel and vhost-vdpa
configure: Fix the default setting of the "xen" feature
configure: Allow vnc to get disabled with --without-default-features
configure: Fix --without-default-features propagation to meson
meson: fix dependencies for modinfo
configure: Drop obsolete check for the alloc_size attribute
target/i386: Added consistency checks for EFER
target/i386: Added consistency checks for CR4
target/i386: Added V_INTR_PRIO check to virtual interrupts
qemu-config: restore "machine" in qmp_query_command_line_options()
usb: fix usb-host dependency check
chardev-spice: add missing module_obj directive
vl: Parse legacy default_machine_opts
qemu-config: fix memory leak on ferror()
qemu-config: never call the callback after an error, fix leak
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'target/i386/tcg')
| -rw-r--r-- | target/i386/tcg/sysemu/misc_helper.c | 3 | ||||
| -rw-r--r-- | target/i386/tcg/sysemu/svm_helper.c | 60 |
2 files changed, 59 insertions, 4 deletions
diff --git a/target/i386/tcg/sysemu/misc_helper.c b/target/i386/tcg/sysemu/misc_helper.c index db0d8a9d79..a2af2c9bba 100644 --- a/target/i386/tcg/sysemu/misc_helper.c +++ b/target/i386/tcg/sysemu/misc_helper.c @@ -99,6 +99,9 @@ void helper_write_crN(CPUX86State *env, int reg, target_ulong t0) cpu_x86_update_cr3(env, t0); break; case 4: + if (t0 & cr4_reserved_bits(env)) { + cpu_vmexit(env, SVM_EXIT_ERR, 0, GETPC()); + } if (((t0 ^ env->cr[4]) & CR4_LA57_MASK) && (env->hflags & HF_CS64_MASK)) { raise_exception_ra(env, EXCP0D_GPF, GETPC()); diff --git a/target/i386/tcg/sysemu/svm_helper.c b/target/i386/tcg/sysemu/svm_helper.c index 00618cff23..4d64ec378e 100644 --- a/target/i386/tcg/sysemu/svm_helper.c +++ b/target/i386/tcg/sysemu/svm_helper.c @@ -65,6 +65,51 @@ static inline void svm_load_seg_cache(CPUX86State *env, hwaddr addr, sc->base, sc->limit, sc->flags); } +static inline bool ctl_has_irq(uint32_t int_ctl) +{ + uint32_t int_prio; + uint32_t tpr; + + int_prio = (int_ctl & V_INTR_PRIO_MASK) >> V_INTR_MASKING_SHIFT; + tpr = int_ctl & V_TPR_MASK; + return (int_ctl & V_IRQ_MASK) && (int_prio >= tpr); +} + +static inline bool is_efer_invalid_state (CPUX86State *env) +{ + if (!(env->efer & MSR_EFER_SVME)) { + return true; + } + + if (env->efer & MSR_EFER_RESERVED) { + return true; + } + + if ((env->efer & (MSR_EFER_LMA | MSR_EFER_LME)) && + !(env->features[FEAT_8000_0001_EDX] & CPUID_EXT2_LM)) { + return true; + } + + if ((env->efer & MSR_EFER_LME) && (env->cr[0] & CR0_PG_MASK) + && !(env->cr[4] & CR4_PAE_MASK)) { + return true; + } + + if ((env->efer & MSR_EFER_LME) && (env->cr[0] & CR0_PG_MASK) + && !(env->cr[0] & CR0_PE_MASK)) { + return true; + } + + if ((env->efer & MSR_EFER_LME) && (env->cr[0] & CR0_PG_MASK) + && (env->cr[4] & CR4_PAE_MASK) + && (env->segs[R_CS].flags & DESC_L_MASK) + && (env->segs[R_CS].flags & DESC_B_MASK)) { + return true; + } + + return false; +} + void helper_vmrun(CPUX86State *env, int aflag, int next_eip_addend) { CPUState *cs = env_cpu(env); @@ -75,6 +120,7 @@ void helper_vmrun(CPUX86State *env, int aflag, int next_eip_addend) uint32_t int_ctl; uint32_t asid; uint64_t new_cr0; + uint64_t new_cr4; cpu_svm_check_intercept_param(env, SVM_EXIT_VMRUN, 0, GETPC()); @@ -215,14 +261,16 @@ void helper_vmrun(CPUX86State *env, int aflag, int next_eip_addend) if ((new_cr0 & CR0_NW_MASK) && !(new_cr0 & CR0_CD_MASK)) { cpu_vmexit(env, SVM_EXIT_ERR, 0, GETPC()); } + new_cr4 = x86_ldq_phys(cs, env->vm_vmcb + offsetof(struct vmcb, save.cr4)); + if (new_cr4 & cr4_reserved_bits(env)) { + cpu_vmexit(env, SVM_EXIT_ERR, 0, GETPC()); + } /* clear exit_info_2 so we behave like the real hardware */ x86_stq_phys(cs, env->vm_vmcb + offsetof(struct vmcb, control.exit_info_2), 0); cpu_x86_update_cr0(env, new_cr0); - cpu_x86_update_cr4(env, x86_ldq_phys(cs, - env->vm_vmcb + offsetof(struct vmcb, - save.cr4))); + cpu_x86_update_cr4(env, new_cr4); cpu_x86_update_cr3(env, x86_ldq_phys(cs, env->vm_vmcb + offsetof(struct vmcb, save.cr3))); @@ -278,6 +326,10 @@ void helper_vmrun(CPUX86State *env, int aflag, int next_eip_addend) } #endif + if (is_efer_invalid_state(env)) { + cpu_vmexit(env, SVM_EXIT_ERR, 0, GETPC()); + } + switch (x86_ldub_phys(cs, env->vm_vmcb + offsetof(struct vmcb, control.tlb_ctl))) { case TLB_CONTROL_DO_NOTHING: @@ -290,7 +342,7 @@ void helper_vmrun(CPUX86State *env, int aflag, int next_eip_addend) env->hflags2 |= HF2_GIF_MASK; - if (int_ctl & V_IRQ_MASK) { + if (ctl_has_irq(int_ctl)) { CPUState *cs = env_cpu(env); cs->interrupt_request |= CPU_INTERRUPT_VIRQ; |