From nobody Tue Nov 26 22:42:01 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1703268034; cv=none; d=zohomail.com; s=zohoarc; b=VflRbWiHQPZYhVXfxFRuON1WCphuETeq9S7vlb6CJLdmgwReCROzlQlAEqXfIJA3SG319hpZ+yyhqPjLRkpBn0lQUtm4AFcr/GZh9i9ZwbPgi7QI7Mo+MDkherN79sa01eyDWQf7GNFGFlHm+JWYglu6YzL1sv5FzlLNxAZLoas= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1703268034; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=z4el3FsUgZFP9kUFar2QDkzqENXHe2AFPJ5BKdoS5aM=; b=nr9mzmjC3FoIx3aySDjYr2GZwt1JVRXXWd2GslGy3uWeM/Hc5/xAyD8868zBhk03m+2QGeFH1eeRZjLLv899KJZkCXwcmxNCIAEXQUtt07v86jKIbQlC4OWgZMJpkTzsU9TONozTF1vorHn9wKpnDyomEncH4zXKZCAp2ljgbTQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1703268034173614.0463722966288; Fri, 22 Dec 2023 10:00:34 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rGjoi-0001vg-Rj; Fri, 22 Dec 2023 13:00:12 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rGjoh-0001vJ-1C for qemu-devel@nongnu.org; Fri, 22 Dec 2023 13:00:11 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rGjoZ-00041O-2m for qemu-devel@nongnu.org; Fri, 22 Dec 2023 13:00:04 -0500 Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-682-frPKqiDlPU-U7vzIuO6q9g-1; Fri, 22 Dec 2023 13:00:00 -0500 Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-40c4a824c4bso14812025e9.2 for ; Fri, 22 Dec 2023 10:00:00 -0800 (PST) Received: from [192.168.10.118] ([2001:b07:6468:f312:9af8:e5f5:7516:fa89]) by smtp.gmail.com with ESMTPSA id d22-20020a05600c34d600b0040d42f8b8dasm4001993wmq.15.2023.12.22.09.59.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Dec 2023 09:59:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1703268002; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=z4el3FsUgZFP9kUFar2QDkzqENXHe2AFPJ5BKdoS5aM=; b=LKhnxu7ny4gsJ3YiS1JLVdUqnZJhdSvfg93qIIcQ9ljT/w3D11AqkI6NVftVWUjAOJTD7D +T4cgQFRAyDPesofzudPGHHj16gMyyiZK9horAkKUwfQQMASompG7fR9mqfI21pidn2vgR 0Yod+zWhCDKE04QfuRx2447/OCijw/g= X-MC-Unique: frPKqiDlPU-U7vzIuO6q9g-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703267998; x=1703872798; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=z4el3FsUgZFP9kUFar2QDkzqENXHe2AFPJ5BKdoS5aM=; b=UbyjGq5sFJjNmVIq4vzFLMd959v92DGMCD0puKHcJTZ8kWT9xNN4a53Pk6/lwcOx2w jxrgbffNWczRaCRmB+MkDiK5M49fdSwQkMX8g5k4D75BamOpUOecbinUWRjjrAD/vFQG HhQ9pV0fOn8VYybQnriW7v010RZ6MYkhDaVvkEHMTWYQSDDqdKAAzZWT6vhyb3Ds7TQt uim2HHyHXE8EG21ewdoV0lVOu6YD+SwpJoAtnE9LxrhS0vl8EnA5WQXHCXAAvmHP2a3l Z5xr6Cn0tvJJGBbvYIKu8uCv9ggIxn6N7+aQLowRDx0Qn/oOinfe78cJb1li1K1Er9Ka VdWg== X-Gm-Message-State: AOJu0YzuPFEBZ+e0x6FP4mDarozMSjgKmSRJnAHcTjy1oeIhHiv1NG6Y UtW9LolJDYguNMRioonmZn9AzYFklBQVB2zqMWOT2/B1Uk4GdlnVozqKGcjkpP/aUs4aKZ8JSI1 Z2oA6CBZcCVwsHxB2ewCVFn+DbE3zaVWnE+A8XjOslN1vJ8pDPgKuXwQHoM/6n5Zza5eT9C0fNs bJDbtgEPM= X-Received: by 2002:a05:600c:4595:b0:40d:1778:cdae with SMTP id r21-20020a05600c459500b0040d1778cdaemr1001778wmo.25.1703267998216; Fri, 22 Dec 2023 09:59:58 -0800 (PST) X-Google-Smtp-Source: AGHT+IEa+WJTwPc1wookDV/f51BPJO8buAEkuXjpn8OKNSme6mKxszogysJGN/Fi1zkh+DHrRnUYoA== X-Received: by 2002:a05:600c:4595:b0:40d:1778:cdae with SMTP id r21-20020a05600c459500b0040d1778cdaemr1001770wmo.25.1703267997751; Fri, 22 Dec 2023 09:59:57 -0800 (PST) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: richard.henderson@linaro.org, mcb30@ipxe.org, qemu-stable@nongnu.org Subject: [PATCH 1/5] target/i386: mask high bits of CR3 in 32-bit mode Date: Fri, 22 Dec 2023 18:59:47 +0100 Message-ID: <20231222175951.172669-2-pbonzini@redhat.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20231222175951.172669-1-pbonzini@redhat.com> References: <20231222175951.172669-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -21 X-Spam_score: -2.2 X-Spam_bar: -- X-Spam_report: (-2.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1703268035529100019 Content-Type: text/plain; charset="utf-8" CR3 bits 63:32 are ignored in 32-bit mode (either legacy 2-level paging or PAE paging). Do this in mmu_translate() to remove the last where get_physical_address() meaningfully drops the high bits of the address. Cc: qemu-stable@nongnu.org Suggested-by: Richard Henderson Fixes: 4a1e9d4d11c ("target/i386: Use atomic operations for pte updates", 2= 022-10-18) Signed-off-by: Paolo Bonzini Reviewed-by: Richard Henderson --- target/i386/tcg/sysemu/excp_helper.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/target/i386/tcg/sysemu/excp_helper.c b/target/i386/tcg/sysemu/= excp_helper.c index 5b86f439add..11126c860d4 100644 --- a/target/i386/tcg/sysemu/excp_helper.c +++ b/target/i386/tcg/sysemu/excp_helper.c @@ -238,7 +238,7 @@ static bool mmu_translate(CPUX86State *env, const Trans= lateParams *in, /* * Page table level 3 */ - pte_addr =3D ((in->cr3 & ~0x1f) + ((addr >> 27) & 0x18)) & a20= _mask; + pte_addr =3D ((in->cr3 & 0xffffffe0ULL) + ((addr >> 27) & 0x18= )) & a20_mask; if (!ptw_translate(&pte_trans, pte_addr)) { return false; } @@ -306,7 +306,7 @@ static bool mmu_translate(CPUX86State *env, const Trans= lateParams *in, /* * Page table level 2 */ - pte_addr =3D ((in->cr3 & ~0xfff) + ((addr >> 20) & 0xffc)) & a20_m= ask; + pte_addr =3D ((in->cr3 & 0xfffff000ULL) + ((addr >> 20) & 0xffc)) = & a20_mask; if (!ptw_translate(&pte_trans, pte_addr)) { return false; } --=20 2.43.0 From nobody Tue Nov 26 22:42:01 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1703268031; cv=none; d=zohomail.com; s=zohoarc; b=BPyztz4N9UYXtZ7mEGeI+hOfkV0tgCIWnNBS0QUDsehq5b0/byar/8/1tLonMA7cVb12mBKdvYPlToSfMul2MDqg2/AKmVVeuVJEILtootOJVUZ5EFYXMkft1/3TNJrZiyDPM1gOMLblBMPG4eFiIhiPUr52pzXl/uOuAhBgz0w= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1703268031; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=UTiSU/rkllP5B8KDi/rXfGwcVGdKreTkW03nmSyR0OM=; b=BH/tQL/WcI524Vm7WMzJBZeUIWutkQy4SwJ9rrJUk47k/H0Yq2taxdVjbLA/fx75y08wU0zSqcf1MVhKs6OwUZoy3l/bcz3kGoClwZWPKXXaUbOpqajkTEq2AttCMZe1OF8OrUnnZ3pX/H4hF515o3NopYZGKs4VCaLGLkO2iYI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1703268031835241.98539407417047; Fri, 22 Dec 2023 10:00:31 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rGjok-0001xG-TC; Fri, 22 Dec 2023 13:00:14 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rGjoj-0001vk-MV for qemu-devel@nongnu.org; Fri, 22 Dec 2023 13:00:13 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rGjoe-0004BJ-6h for qemu-devel@nongnu.org; Fri, 22 Dec 2023 13:00:12 -0500 Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-33-hNRAbH0ZNl-fgXaViYSQHQ-1; Fri, 22 Dec 2023 13:00:02 -0500 Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-40d3eabab1eso12872205e9.2 for ; Fri, 22 Dec 2023 10:00:02 -0800 (PST) Received: from [192.168.10.118] ([2001:b07:6468:f312:9af8:e5f5:7516:fa89]) by smtp.gmail.com with ESMTPSA id h7-20020a05600c350700b0040d2e37c06dsm7585492wmq.20.2023.12.22.09.59.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Dec 2023 09:59:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1703268003; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=UTiSU/rkllP5B8KDi/rXfGwcVGdKreTkW03nmSyR0OM=; b=JfYDZfwNUM4UuYkM2YX7emJjqZyd9W3L6Xf3s1LH46t3lwIZFcFH6hXykagvLkXgun9DQF 4aMaFI2r8DFxGL3wx9hQ7luAW1I3zCB2gPbi4Gi8ndG4tZ2T6Rso0ytNE0M+bDuoWL03if XnIpyV4AXiCWxq9tzVQaQEQi1I/uu88= X-MC-Unique: hNRAbH0ZNl-fgXaViYSQHQ-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703268000; x=1703872800; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=UTiSU/rkllP5B8KDi/rXfGwcVGdKreTkW03nmSyR0OM=; b=AdoSXFE1F6ee371jHYOqgplwFy893pUBoNYlvSAQAVJkBdd1TiyGiTztiHXB1LhIoN Dpdc73Bo05eY4wUDla4OPPfgw5MPjg4ph7Ym5hl7ieqffL4ZTmpFe2JqqJNG+AjMendq qi2lxqi99vBVdY/YOvL6kQY2uQJnZCCFyVwSWEyESq6D+TtLmQ80mYnDoLbLMH4eolZQ U4mPnirYxw8RvwGrYRgGgqD5ei1KA+ohCGc/islEyJUtMUyJinYkFYKuhnj5c6Tx7stu KUongXszVvl5GLzBuHx8Paa2K6Ad+NlWtg5K1BEAWgxyFxbMMWK8XlqbXPz0AkntDByg XAuQ== X-Gm-Message-State: AOJu0Yyega2pNHRKAoOVPMvjid9hFmCS4/HQB1mXg0a557YodoXVnp9C R+TUIZM6ndLZcO5JPHFn0FTwwmZdXJAX9uoJ5SOETTaEWiJR4kOhz09+f0rNjaGudneUzbsW3Xt c4Fp89jNfj59jqkH8zvH0s9CsU/OFwWYBA5SB9SXQXwDgunpwHnV/20KPmbAx8aWfMFovU0uTXP w+vqm2YIs= X-Received: by 2002:a05:600c:378a:b0:40c:4904:bb72 with SMTP id o10-20020a05600c378a00b0040c4904bb72mr979126wmr.18.1703268000761; Fri, 22 Dec 2023 10:00:00 -0800 (PST) X-Google-Smtp-Source: AGHT+IEiMRP6MB1Mq0qr3NIcvLE8JyHGEFao7bZhNjqPjQSP2gmHIBeBoUohcwDGFwZvgT4YxMudRQ== X-Received: by 2002:a05:600c:378a:b0:40c:4904:bb72 with SMTP id o10-20020a05600c378a00b0040c4904bb72mr979115wmr.18.1703268000371; Fri, 22 Dec 2023 10:00:00 -0800 (PST) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: richard.henderson@linaro.org, mcb30@ipxe.org, qemu-stable@nongnu.org Subject: [PATCH 2/5] target/i386: check validity of VMCB addresses Date: Fri, 22 Dec 2023 18:59:48 +0100 Message-ID: <20231222175951.172669-3-pbonzini@redhat.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20231222175951.172669-1-pbonzini@redhat.com> References: <20231222175951.172669-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -21 X-Spam_score: -2.2 X-Spam_bar: -- X-Spam_report: (-2.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1703268033539100008 Content-Type: text/plain; charset="utf-8" MSR_VM_HSAVE_PA bits 0-11 are reserved, as are the bits above the maximum physical address width of the processor. Setting them to 1 causes a #GP (see "15.30.4 VM_HSAVE_PA MSR" in the AMD manual). The same is true of VMCB addresses passed to VMRUN/VMLOAD/VMSAVE, even though the manual is not clear on that. Cc: qemu-stable@nongnu.org Fixes: 4a1e9d4d11c ("target/i386: Use atomic operations for pte updates", 2= 022-10-18) Signed-off-by: Paolo Bonzini --- target/i386/tcg/sysemu/misc_helper.c | 3 +++ target/i386/tcg/sysemu/svm_helper.c | 27 +++++++++++++++++++++------ 2 files changed, 24 insertions(+), 6 deletions(-) diff --git a/target/i386/tcg/sysemu/misc_helper.c b/target/i386/tcg/sysemu/= misc_helper.c index e1528b7f80b..1901712ecef 100644 --- a/target/i386/tcg/sysemu/misc_helper.c +++ b/target/i386/tcg/sysemu/misc_helper.c @@ -201,6 +201,9 @@ void helper_wrmsr(CPUX86State *env) tlb_flush(cs); break; case MSR_VM_HSAVE_PA: + if (val & (0xfff | ((~0ULL) << env_archcpu(env)->phys_bits))) { + goto error; + } env->vm_hsave =3D val; break; #ifdef TARGET_X86_64 diff --git a/target/i386/tcg/sysemu/svm_helper.c b/target/i386/tcg/sysemu/s= vm_helper.c index 32ff0dbb13c..5d6de2294fa 100644 --- a/target/i386/tcg/sysemu/svm_helper.c +++ b/target/i386/tcg/sysemu/svm_helper.c @@ -164,14 +164,19 @@ void helper_vmrun(CPUX86State *env, int aflag, int ne= xt_eip_addend) uint64_t new_cr3; uint64_t new_cr4; =20 - cpu_svm_check_intercept_param(env, SVM_EXIT_VMRUN, 0, GETPC()); - if (aflag =3D=3D 2) { addr =3D env->regs[R_EAX]; } else { addr =3D (uint32_t)env->regs[R_EAX]; } =20 + /* Exceptions are checked before the intercept. */ + if (addr & (0xfff | ((~0ULL) << env_archcpu(env)->phys_bits))) { + raise_exception_err_ra(env, EXCP0D_GPF, 0, GETPC()); + } + + cpu_svm_check_intercept_param(env, SVM_EXIT_VMRUN, 0, GETPC()); + qemu_log_mask(CPU_LOG_TB_IN_ASM, "vmrun! " TARGET_FMT_lx "\n", addr); =20 env->vm_vmcb =3D addr; @@ -463,14 +468,19 @@ void helper_vmload(CPUX86State *env, int aflag) int mmu_idx =3D MMU_PHYS_IDX; target_ulong addr; =20 - cpu_svm_check_intercept_param(env, SVM_EXIT_VMLOAD, 0, GETPC()); - if (aflag =3D=3D 2) { addr =3D env->regs[R_EAX]; } else { addr =3D (uint32_t)env->regs[R_EAX]; } =20 + /* Exceptions are checked before the intercept. */ + if (addr & (0xfff | ((~0ULL) << env_archcpu(env)->phys_bits))) { + raise_exception_err_ra(env, EXCP0D_GPF, 0, GETPC()); + } + + cpu_svm_check_intercept_param(env, SVM_EXIT_VMLOAD, 0, GETPC()); + if (virtual_vm_load_save_enabled(env, SVM_EXIT_VMLOAD, GETPC())) { mmu_idx =3D MMU_NESTED_IDX; } @@ -519,14 +529,19 @@ void helper_vmsave(CPUX86State *env, int aflag) int mmu_idx =3D MMU_PHYS_IDX; target_ulong addr; =20 - cpu_svm_check_intercept_param(env, SVM_EXIT_VMSAVE, 0, GETPC()); - if (aflag =3D=3D 2) { addr =3D env->regs[R_EAX]; } else { addr =3D (uint32_t)env->regs[R_EAX]; } =20 + /* Exceptions are checked before the intercept. */ + if (addr & (0xfff | ((~0ULL) << env_archcpu(env)->phys_bits))) { + raise_exception_err_ra(env, EXCP0D_GPF, 0, GETPC()); + } + + cpu_svm_check_intercept_param(env, SVM_EXIT_VMSAVE, 0, GETPC()); + if (virtual_vm_load_save_enabled(env, SVM_EXIT_VMSAVE, GETPC())) { mmu_idx =3D MMU_NESTED_IDX; } --=20 2.43.0 From nobody Tue Nov 26 22:42:01 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1703268081; cv=none; d=zohomail.com; s=zohoarc; b=ToMmz03hpgCvBy7DVftxLJ8Mry0RgaXUsKwSqtLGQE1hjsaXmErEmeyBIF+QsX0Kck85M741t4CuTytR317HQhiGChTC6g+BHhBjR2eCG8tVmoaTmET85879QL7GuylKfG0WQDizh+TGbuS0g1zdC+5uOHFK6rp7E0VCdDG3Tac= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1703268081; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=k9ocpx1qnCoCOuO6Sr/8Qok8Q7DSdqCpknLFXwtQwTc=; b=mJvYegS/9NSmytCmCpu9NMmRmFPWUiM7NFHXAQk2qpBjl7v5oJ5w0pJ8ctuGLQxlgEcgr54LrbmJjggNPbtKp86gdl56t/CO1MFFQ62iXRpD6T4airH6CuRAA976m6vtvTl4kg/0CJwhLdAq5/OdKlFMHvMF1ZqQdbsaeo8LYYI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 170326808108861.812012685037416; Fri, 22 Dec 2023 10:01:21 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rGjol-0001xJ-4P; Fri, 22 Dec 2023 13:00:15 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rGjok-0001we-3J for qemu-devel@nongnu.org; Fri, 22 Dec 2023 13:00:14 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rGjog-0004DV-Oq for qemu-devel@nongnu.org; Fri, 22 Dec 2023 13:00:13 -0500 Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-389-MjOuqD4qMWSDFWADK3aKpQ-1; Fri, 22 Dec 2023 13:00:04 -0500 Received: by mail-wr1-f71.google.com with SMTP id ffacd0b85a97d-336599bf7b8so1012545f8f.1 for ; Fri, 22 Dec 2023 10:00:04 -0800 (PST) Received: from [192.168.10.118] ([2001:b07:6468:f312:9af8:e5f5:7516:fa89]) by smtp.gmail.com with ESMTPSA id v18-20020a5d5912000000b003368789f25fsm4285084wrd.17.2023.12.22.10.00.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Dec 2023 10:00:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1703268006; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=k9ocpx1qnCoCOuO6Sr/8Qok8Q7DSdqCpknLFXwtQwTc=; b=CF28zxJ4QxHA088ndKxIwr0fCvuRhQHBUNH8B4+VUnf30bZY5zkxHsxvGxSPX0D49JwNUE WCbD3Na+yZFDZyCpbdYuHac/nb4F67erz6/37ReN0gNdA+zvO2I53VOZow6UxRcMqZNNmr nAn353H3pQykzaNZgFPzZifQ173HabE= X-MC-Unique: MjOuqD4qMWSDFWADK3aKpQ-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703268003; x=1703872803; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=k9ocpx1qnCoCOuO6Sr/8Qok8Q7DSdqCpknLFXwtQwTc=; b=ZJ9hRmlEpGPa4bbBNE9EqmA66VOwJlOjv+ZjDC59JiJLN/fZ0YvF8I1b4s7GSaEZpN XgIgm2Hpy1sCRiXlZPl03oyZ8n70f96ZeqqpC1Bb+vfBTjn28lm9+wWE2Oh0dwdJw06R Ihh3EniSZkwXK4z0aMx7+dgl6AeWXNWAisSddd/ZxXkP4lWZqm6sdQOwEMKyLBzERdt8 iY6POpZgrJil8p01F1DfLE8qdqENKKqGSWyFedG9brrkkQnU667TB0RJbhIrcX3/g8i0 TCreIL5DxkeBPwqitDzeXJU2dvo7FMFcaBOPowF/Ke+f5j2ArwymhCLVc5hxyzD5kS0V RCag== X-Gm-Message-State: AOJu0Yy4ej2stjkFf//ZzXiAz4V4MumbrVYWllgYowcK2LMx8ClrW2zj 5AlDUFsCj15Ha0fDXJWamxMqRKQtQsEqzY1MdYF2Crd3zjVv7nREfcVzIqWPa5NRXIhNMHSkMUV uNuoGO4SYPcmfuMCw8fFQmV9iENCEhMojMK54pT4srAoQevPSH/thTdNLcQxhHRdsH2bPQrcofp +cvgnFs88= X-Received: by 2002:a5d:4a48:0:b0:336:602e:dfc4 with SMTP id v8-20020a5d4a48000000b00336602edfc4mr951312wrs.38.1703268003459; Fri, 22 Dec 2023 10:00:03 -0800 (PST) X-Google-Smtp-Source: AGHT+IHf2RTCa76w/WY46fZwcWJzzgxlcPGiwKR57sG7YIqySgboaMgPOpAO+YN/1g+HyJeg6JFDUA== X-Received: by 2002:a5d:4a48:0:b0:336:602e:dfc4 with SMTP id v8-20020a5d4a48000000b00336602edfc4mr951303wrs.38.1703268003073; Fri, 22 Dec 2023 10:00:03 -0800 (PST) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: richard.henderson@linaro.org, mcb30@ipxe.org, qemu-stable@nongnu.org Subject: [PATCH 3/5] target/i386: Fix physical address truncation Date: Fri, 22 Dec 2023 18:59:49 +0100 Message-ID: <20231222175951.172669-4-pbonzini@redhat.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20231222175951.172669-1-pbonzini@redhat.com> References: <20231222175951.172669-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -21 X-Spam_score: -2.2 X-Spam_bar: -- X-Spam_report: (-2.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1703268082848100003 Content-Type: text/plain; charset="utf-8" The address translation logic in get_physical_address() will currently truncate physical addresses to 32 bits unless long mode is enabled. This is incorrect when using physical address extensions (PAE) outside of long mode, with the result that a 32-bit operating system using PAE to access memory above 4G will experience undefined behaviour. The truncation code was originally introduced in commit 33dfdb5 ("x86: only allow real mode to access 32bit without LMA"), where it applied only to translations performed while paging is disabled (and so cannot affect guests using PAE). Commit 9828198 ("target/i386: Add MMU_PHYS_IDX and MMU_NESTED_IDX") rearranged the code such that the truncation also applied to the use of MMU_PHYS_IDX and MMU_NESTED_IDX. Commit 4a1e9d4 ("target/i386: Use atomic operations for pte updates") brought this truncation into scope for page table entry accesses, and is the first commit for which a Windows 10 32-bit guest will reliably fail to boot if memory above 4G is present. The truncation code however is not completely redundant. Even though the maximum address size for any executed instruction is 32 bits, helpers for operations such as BOUND, FSAVE or XSAVE may ask get_physical_address() to translate an address outside of the 32-bit range, if invoked with an argument that is close to the 4G boundary. So, move the address truncation in get_physical_address() in the CR0.PG=3D0 case. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2040 Fixes: 4a1e9d4d11c ("target/i386: Use atomic operations for pte updates", 2= 022-10-18) Cc: qemu-stable@nongnu.org Co-developed-by: Michael Brown Signed-off-by: Michael Brown Signed-off-by: Paolo Bonzini Tested-by: Michael Brown --- target/i386/tcg/sysemu/excp_helper.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/target/i386/tcg/sysemu/excp_helper.c b/target/i386/tcg/sysemu/= excp_helper.c index 11126c860d4..eee1af52710 100644 --- a/target/i386/tcg/sysemu/excp_helper.c +++ b/target/i386/tcg/sysemu/excp_helper.c @@ -577,17 +577,14 @@ static bool get_physical_address(CPUX86State *env, va= ddr addr, } return mmu_translate(env, &in, out, err); } + + /* No paging implies long mode is disabled. */ + addr =3D (uint32_t)addr; break; } =20 - /* Translation disabled. */ + /* No translation needed. */ out->paddr =3D addr & x86_get_a20_mask(env); -#ifdef TARGET_X86_64 - if (!(env->hflags & HF_LMA_MASK)) { - /* Without long mode we can only address 32bits in real mode */ - out->paddr =3D (uint32_t)out->paddr; - } -#endif out->prot =3D PAGE_READ | PAGE_WRITE | PAGE_EXEC; out->page_size =3D TARGET_PAGE_SIZE; return true; --=20 2.43.0 From nobody Tue Nov 26 22:42:01 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1703268032; cv=none; d=zohomail.com; s=zohoarc; b=i3apIV1ks1cjYy0uW6eWy5YZIu6H945JDXs3xzKm0noIbzgAiUwnMJqnxEpHmkglxtU0uy98yzGCTMBm3dyS0+B5fBxBh77kbgNgO+2vtRrdKJN3xYeX/KqJL1RBvobs0p5/GDMAWVjSvgTWt8KAtwJVcqC4RdnMi6wgF0lXOhc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1703268032; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=7s0jK6bJNAtHzGSokaJe99gGv+xpwRRzeLCVxiueTc4=; b=FintJKPfUe8OFNGmoecp4nPbLfKEEGgCrnbyUXxoWjnwfPDCESRNmcBYMm5PcbywfTcTNm4iUU5o+dBsED/w628iZTX7M5O+0jQwrfN+clkplcoV8qdd/mYtQlAyyzTY16cU75zkIL7GpCa8XVMk5bFa9Sz8hrrGJU/dIIHGE9o= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1703268032314579.0898185600682; Fri, 22 Dec 2023 10:00:32 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rGjom-0001xm-SF; Fri, 22 Dec 2023 13:00:17 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rGjoj-0001wG-PT for qemu-devel@nongnu.org; Fri, 22 Dec 2023 13:00:13 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rGjog-0004Dn-Os for qemu-devel@nongnu.org; Fri, 22 Dec 2023 13:00:13 -0500 Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-27-TEIn5oLzNGmlQ0e_ZPN7pg-1; Fri, 22 Dec 2023 13:00:07 -0500 Received: by mail-wm1-f71.google.com with SMTP id 5b1f17b1804b1-40d37517936so16548645e9.2 for ; Fri, 22 Dec 2023 10:00:07 -0800 (PST) Received: from [192.168.10.118] ([2001:b07:6468:f312:9af8:e5f5:7516:fa89]) by smtp.gmail.com with ESMTPSA id g17-20020a05600c001100b0040d44dcf233sm3087189wmc.12.2023.12.22.10.00.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Dec 2023 10:00:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1703268009; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7s0jK6bJNAtHzGSokaJe99gGv+xpwRRzeLCVxiueTc4=; b=Hlsax4nzpOLC1OJvIZ29QddgPAYspN5gUVjzoNzerDpKI1sPenSua20JpaZl/K3mt1WIqG L9ihHDNZwKXP+sYsgNYKOerhKRPf/TNhxUF9RXJk6+3czJIJ8GX79pegaescS4FbkT8H6b RKw9H9s4tJA/DVA3bcDmtRy7+Xb+dYg= X-MC-Unique: TEIn5oLzNGmlQ0e_ZPN7pg-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703268006; x=1703872806; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7s0jK6bJNAtHzGSokaJe99gGv+xpwRRzeLCVxiueTc4=; b=bUYAWctjEf72om2JyCSMR36hikc1Grej9N1kHAUhiWjm8oSyPnTI9/05yJy3uhkY6Q FIlgMukvv0epDdd+h0Dm33a5brTC+Rq8WYOtCTEidxBDBi/V+x0vjw6qxYNdjAXuximc 7VE36leiA9/aR6CyfEQg2Qr52Tqm8A1kJNZQwIwU/iW5J5qW/0d5CaywldYKE5Gjr+0N ED0PacgWRf09kxK2x6zXQ2jn7nPTeSDqI/JaYhfXncJ+VyTjAfX7k3+2p9AcfFD0pktO ZYyc2i4nImCdhLbeEdWQ+cGuNbCverK6BRlOw9hXKxqFKBiDCsG4+lR35NXKJTAhOz48 8JDQ== X-Gm-Message-State: AOJu0Yy6DedYb+wwfgenLWZBkthZFgb7Bx24SgyeqTmU6p8z2TZdnQtz 1e1563aYWDdL8/Fy6b+n8/b6RQz6ebPLFHSUT6e+2xi085Sm/lRpXwmutu+Q0QAyvvsdpjulYC/ 0IPYj6pU+g6srSrtLzp205Ca+oCktzSwSV5vaetLjsihQGVjxG7gzLs4fUeplkPBkDdmQtJRMcb kRiNpnRBw= X-Received: by 2002:a05:600c:3513:b0:40c:36ff:7507 with SMTP id h19-20020a05600c351300b0040c36ff7507mr956759wmq.70.1703268005773; Fri, 22 Dec 2023 10:00:05 -0800 (PST) X-Google-Smtp-Source: AGHT+IFnPlrzjC4T9n9wHkzQPrqjb6Ma1wDQvcDH9VNQ+2R7Te3W+yTxgANKJtn3FFKTk00M7Bc6RQ== X-Received: by 2002:a05:600c:3513:b0:40c:36ff:7507 with SMTP id h19-20020a05600c351300b0040c36ff7507mr956748wmq.70.1703268005417; Fri, 22 Dec 2023 10:00:05 -0800 (PST) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: richard.henderson@linaro.org, mcb30@ipxe.org, qemu-stable@nongnu.org Subject: [PATCH 4/5] target/i386: remove unnecessary/wrong application of the A20 mask Date: Fri, 22 Dec 2023 18:59:50 +0100 Message-ID: <20231222175951.172669-5-pbonzini@redhat.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20231222175951.172669-1-pbonzini@redhat.com> References: <20231222175951.172669-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -21 X-Spam_score: -2.2 X-Spam_bar: -- X-Spam_report: (-2.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1703268033625100011 Content-Type: text/plain; charset="utf-8" If ptw_translate() does a MMU_PHYS_IDX access, the A20 mask is already applied in get_physical_address(), which is called via probe_access_full() and x86_cpu_tlb_fill(). If ptw_translate() on the other hand does a MMU_NESTED_IDX access, the A20 mask must not be applied to the address that is looked up in the nested page tables; it must be applied only *while* looking up NPT entries. Therefore, we can remove A20 masking from the computation of the page table entry's address, and let get_physical_address() or mmu_translate() apply it when they know they are returning a host-physical address. Cc: qemu-stable@nongnu.org Fixes: 4a1e9d4d11c ("target/i386: Use atomic operations for pte updates", 2= 022-10-18) Signed-off-by: Paolo Bonzini --- target/i386/tcg/sysemu/excp_helper.c | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/target/i386/tcg/sysemu/excp_helper.c b/target/i386/tcg/sysemu/= excp_helper.c index eee1af52710..ede8ba6b80e 100644 --- a/target/i386/tcg/sysemu/excp_helper.c +++ b/target/i386/tcg/sysemu/excp_helper.c @@ -164,8 +164,7 @@ static bool mmu_translate(CPUX86State *env, const Trans= lateParams *in, /* * Page table level 5 */ - pte_addr =3D ((in->cr3 & ~0xfff) + - (((addr >> 48) & 0x1ff) << 3)) & a20_mask; + pte_addr =3D (in->cr3 & ~0xfff) + (((addr >> 48) & 0x1ff) = << 3); if (!ptw_translate(&pte_trans, pte_addr)) { return false; } @@ -189,8 +188,7 @@ static bool mmu_translate(CPUX86State *env, const Trans= lateParams *in, /* * Page table level 4 */ - pte_addr =3D ((pte & PG_ADDRESS_MASK) + - (((addr >> 39) & 0x1ff) << 3)) & a20_mask; + pte_addr =3D (pte & PG_ADDRESS_MASK) + (((addr >> 39) & 0x1ff)= << 3); if (!ptw_translate(&pte_trans, pte_addr)) { return false; } @@ -210,8 +208,7 @@ static bool mmu_translate(CPUX86State *env, const Trans= lateParams *in, /* * Page table level 3 */ - pte_addr =3D ((pte & PG_ADDRESS_MASK) + - (((addr >> 30) & 0x1ff) << 3)) & a20_mask; + pte_addr =3D (pte & PG_ADDRESS_MASK) + (((addr >> 30) & 0x1ff)= << 3); if (!ptw_translate(&pte_trans, pte_addr)) { return false; } @@ -238,7 +235,7 @@ static bool mmu_translate(CPUX86State *env, const Trans= lateParams *in, /* * Page table level 3 */ - pte_addr =3D ((in->cr3 & 0xffffffe0ULL) + ((addr >> 27) & 0x18= )) & a20_mask; + pte_addr =3D (in->cr3 & 0xffffffe0ULL) + ((addr >> 27) & 0x18); if (!ptw_translate(&pte_trans, pte_addr)) { return false; } @@ -260,8 +257,7 @@ static bool mmu_translate(CPUX86State *env, const Trans= lateParams *in, /* * Page table level 2 */ - pte_addr =3D ((pte & PG_ADDRESS_MASK) + - (((addr >> 21) & 0x1ff) << 3)) & a20_mask; + pte_addr =3D (pte & PG_ADDRESS_MASK) + (((addr >> 21) & 0x1ff) << = 3); if (!ptw_translate(&pte_trans, pte_addr)) { return false; } @@ -287,8 +283,7 @@ static bool mmu_translate(CPUX86State *env, const Trans= lateParams *in, /* * Page table level 1 */ - pte_addr =3D ((pte & PG_ADDRESS_MASK) + - (((addr >> 12) & 0x1ff) << 3)) & a20_mask; + pte_addr =3D (pte & PG_ADDRESS_MASK) + (((addr >> 12) & 0x1ff) << = 3); if (!ptw_translate(&pte_trans, pte_addr)) { return false; } @@ -306,7 +301,7 @@ static bool mmu_translate(CPUX86State *env, const Trans= lateParams *in, /* * Page table level 2 */ - pte_addr =3D ((in->cr3 & 0xfffff000ULL) + ((addr >> 20) & 0xffc)) = & a20_mask; + pte_addr =3D (in->cr3 & 0xfffff000ULL) + ((addr >> 20) & 0xffc); if (!ptw_translate(&pte_trans, pte_addr)) { return false; } @@ -335,7 +330,7 @@ static bool mmu_translate(CPUX86State *env, const Trans= lateParams *in, /* * Page table level 1 */ - pte_addr =3D ((pte & ~0xfffu) + ((addr >> 10) & 0xffc)) & a20_mask; + pte_addr =3D (pte & ~0xfffu) + ((addr >> 10) & 0xffc); if (!ptw_translate(&pte_trans, pte_addr)) { return false; } --=20 2.43.0 From nobody Tue Nov 26 22:42:01 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1703268072; cv=none; d=zohomail.com; s=zohoarc; b=czOSGTCSkYZytIXQJX6LsXRIH+EypN/DUB4SriGRdrfUEemVAsaAnh2GWDGrkhmx7cNUlagznJ57oACv/z44S2ImdSBuDSQoUzOPpWrttclLzpIeMlM11Cyg8WjYmGM5EcoHNxtl2y2aYS7b9KZti0mxHeW7lyjy/Hxj/Q5KMSM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1703268072; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=DuZCQfhQuiDH4tVHc550AR9fUBjRBXylOFkP9CHeGps=; b=CAN4UaQgZvA8P0ZDk2Fywt3pts8b33qUMCE573dqbPB5rDHGWWDwZ+KtLyjmQkYN8CDL1FxUq/28zmI8wn6x7MVub/pZbVPV2ABeY6qO7EVXTlnXF9u3cKHge9P2KS1wBJ97lWYWjLEmUPjq3Q9i1ZFo0wE0yENMy7+/0HBo3bM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 17032680721901013.0006919141346; Fri, 22 Dec 2023 10:01:12 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rGjop-0001zj-9W; Fri, 22 Dec 2023 13:00:19 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rGjol-0001xO-9A for qemu-devel@nongnu.org; Fri, 22 Dec 2023 13:00:15 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rGjoj-0004EU-KP for qemu-devel@nongnu.org; Fri, 22 Dec 2023 13:00:14 -0500 Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-307-3WLBevcqNcWXp7OIdhg43g-1; Fri, 22 Dec 2023 13:00:10 -0500 Received: by mail-wr1-f72.google.com with SMTP id ffacd0b85a97d-332ee20a3f0so1326947f8f.0 for ; Fri, 22 Dec 2023 10:00:10 -0800 (PST) Received: from [192.168.10.118] ([2001:b07:6468:f312:9af8:e5f5:7516:fa89]) by smtp.gmail.com with ESMTPSA id fl6-20020a05600c0b8600b0040b30be6244sm7873337wmb.24.2023.12.22.10.00.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Dec 2023 10:00:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1703268011; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=DuZCQfhQuiDH4tVHc550AR9fUBjRBXylOFkP9CHeGps=; b=DaRp43fdm9xOEZhlcAKF/DkIWu+r/mKtQ9yJ2fILNr2kuwmsKH8s2UVUwnm/p+Yo7SAnMe anUvv3pvLa4SyE8XuTqYOXwcU8vXonKuTrGD445Hsy5kXzebi2J6T1Y3pzB+srs6WujMO5 AH6vHXTvh5g3rcw0KdnW6T6tbmuTky0= X-MC-Unique: 3WLBevcqNcWXp7OIdhg43g-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703268008; x=1703872808; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DuZCQfhQuiDH4tVHc550AR9fUBjRBXylOFkP9CHeGps=; b=PdkL2BelMRKka+c9TIGxKez5ayxe5qDi8tnMQG6pU4D0f0Q1Fp35L/sFoMBGkbXPkI /fk0hNqhOSWWAPh3EP/GjQ/iwuXuRls9L6WiYazHJ4uxIm61cjZKh0kR+ILdLPAPhhFw DDiWNhalrdYvf3zWg4Lc+giBUuLS8iYBnOhn4LTNpk1MwSOdXeWCLQi6ckVcqG9MpwD6 5OI+NyG5gn0fk7oF8N/p9uhN/yJm2P23dm3YG8t2TJmiMcSZ1h4Sbx6quJ0r3uSWTHpV 48vch2ZCYKZRFJRqMcqgkKDV1/vkr+5v/YB/fLRKbR3KEU8pn7UvNYiv5/w+Vjtp4+kA ELSw== X-Gm-Message-State: AOJu0YzWukOez3Ido+Hqp+wnAnotuTVg7LyswZyfrxolVYKj6lHT3B+s ZE6QricPVHJMbMfaie8KxGJlX7U/b5uk9uU9dEvsE1UqR+0hHELT2sp1hxXkCrciMCp+frelYvc 8w90ZERoYSp26IWXcWaPC/ElFryEeri+qYENIM1QDWN9pfJzm4FpPzKLwO60scnBmzm/2S1rk9X bXaCDiCko= X-Received: by 2002:a05:600c:1f08:b0:40b:5f03:b448 with SMTP id bd8-20020a05600c1f0800b0040b5f03b448mr527518wmb.362.1703268008454; Fri, 22 Dec 2023 10:00:08 -0800 (PST) X-Google-Smtp-Source: AGHT+IFT1c/bLnQ038TgWxa6WhDnmml865YxPl+IkG/Ay+bhBi6JUHeGuwSJ10cIhcnWBEOhI3MT3Q== X-Received: by 2002:a05:600c:1f08:b0:40b:5f03:b448 with SMTP id bd8-20020a05600c1f0800b0040b5f03b448mr527510wmb.362.1703268008055; Fri, 22 Dec 2023 10:00:08 -0800 (PST) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: richard.henderson@linaro.org, mcb30@ipxe.org, qemu-stable@nongnu.org Subject: [PATCH 5/5] target/i386: leave the A20 bit set in the final NPT walk Date: Fri, 22 Dec 2023 18:59:51 +0100 Message-ID: <20231222175951.172669-6-pbonzini@redhat.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20231222175951.172669-1-pbonzini@redhat.com> References: <20231222175951.172669-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -21 X-Spam_score: -2.2 X-Spam_bar: -- X-Spam_report: (-2.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1703268072596100001 Content-Type: text/plain; charset="utf-8" The A20 mask is only applied to the final memory access. Nested page tables are always walked with the raw guest-physical address. Unlike the previous patch, in this one the masking must be kept, but it was done too early. Cc: qemu-stable@nongnu.org Fixes: 4a1e9d4d11c ("target/i386: Use atomic operations for pte updates", 2= 022-10-18) Signed-off-by: Paolo Bonzini --- target/i386/tcg/sysemu/excp_helper.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/target/i386/tcg/sysemu/excp_helper.c b/target/i386/tcg/sysemu/= excp_helper.c index ede8ba6b80e..37e650c1fcd 100644 --- a/target/i386/tcg/sysemu/excp_helper.c +++ b/target/i386/tcg/sysemu/excp_helper.c @@ -134,7 +134,6 @@ static inline bool ptw_setl(const PTETranslate *in, uin= t32_t old, uint32_t set) static bool mmu_translate(CPUX86State *env, const TranslateParams *in, TranslateResult *out, TranslateFault *err) { - const int32_t a20_mask =3D x86_get_a20_mask(env); const target_ulong addr =3D in->addr; const int pg_mode =3D in->pg_mode; const bool is_user =3D (in->mmu_idx =3D=3D MMU_USER_IDX); @@ -417,10 +416,13 @@ do_check_protect_pse36: } } =20 - /* align to page_size */ - paddr =3D (pte & a20_mask & PG_ADDRESS_MASK & ~(page_size - 1)) - | (addr & (page_size - 1)); + /* merge offset within page */ + paddr =3D (pte & PG_ADDRESS_MASK & ~(page_size - 1)) | (addr & (page_s= ize - 1)); =20 + /* + * Note that NPT is walked (for both paging structures and final guest + * addresses) using the address with the A20 bit set. + */ if (in->ptw_idx =3D=3D MMU_NESTED_IDX) { CPUTLBEntryFull *full; int flags, nested_page_size; @@ -459,7 +461,7 @@ do_check_protect_pse36: } } =20 - out->paddr =3D paddr; + out->paddr =3D paddr & x86_get_a20_mask(env); out->prot =3D prot; out->page_size =3D page_size; return true; --=20 2.43.0