mirror of
				git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
				synced 2025-09-04 20:19:47 +08:00 
			
		
		
		
	KVM: X86: Fix reserved bits check for MOV to CR3
MSB of CR3 is a reserved bit if the PCIDE bit is not set in CR4.
It should be checked when PCIDE bit is not set, however commit
'd1cd3ce900441 ("KVM: MMU: check guest CR3 reserved bits based on
its physical address width")' removes the bit 63 checking
unconditionally. This patch fixes it by checking bit 63 of CR3
when PCIDE bit is not set in CR4.
Fixes: d1cd3ce900 (KVM: MMU: check guest CR3 reserved bits based on its physical address width)
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: Liran Alon <liran.alon@oracle.com>
Cc: stable@vger.kernel.org
Reviewed-by: Junaid Shahid <junaids@google.com>
Signed-off-by: Wanpeng Li <wanpengli@tencent.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
			
			
This commit is contained in:
		
							parent
							
								
									64f7a11586
								
							
						
					
					
						commit
						a780a3ea62
					
				| @ -4189,7 +4189,9 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt) | |||||||
| 				maxphyaddr = eax & 0xff; | 				maxphyaddr = eax & 0xff; | ||||||
| 			else | 			else | ||||||
| 				maxphyaddr = 36; | 				maxphyaddr = 36; | ||||||
| 			rsvd = rsvd_bits(maxphyaddr, 62); | 			rsvd = rsvd_bits(maxphyaddr, 63); | ||||||
|  | 			if (ctxt->ops->get_cr(ctxt, 4) & X86_CR4_PCIDE) | ||||||
|  | 				rsvd &= ~CR3_PCID_INVD; | ||||||
| 		} | 		} | ||||||
| 
 | 
 | ||||||
| 		if (new_val & rsvd) | 		if (new_val & rsvd) | ||||||
|  | |||||||
| @ -856,7 +856,7 @@ int kvm_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3) | |||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	if (is_long_mode(vcpu) && | 	if (is_long_mode(vcpu) && | ||||||
| 	    (cr3 & rsvd_bits(cpuid_maxphyaddr(vcpu), 62))) | 	    (cr3 & rsvd_bits(cpuid_maxphyaddr(vcpu), 63))) | ||||||
| 		return 1; | 		return 1; | ||||||
| 	else if (is_pae(vcpu) && is_paging(vcpu) && | 	else if (is_pae(vcpu) && is_paging(vcpu) && | ||||||
| 		   !load_pdptrs(vcpu, vcpu->arch.walk_mmu, cr3)) | 		   !load_pdptrs(vcpu, vcpu->arch.walk_mmu, cr3)) | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user
	 Wanpeng Li
						Wanpeng Li