[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 11/23] target/i386: Throw a #SS when loading a non-canonical IST
|
From: |
Paolo Bonzini |
|
Subject: |
[PULL 11/23] target/i386: Throw a #SS when loading a non-canonical IST |
|
Date: |
Mon, 7 Mar 2022 19:16:21 +0100 |
From: Gareth Webb <gareth.webb@umbralsoftware.co.uk>
Loading a non-canonical address into rsp when handling an interrupt or
performing a far call should raise a #SS not a #GP.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/870
Signed-off-by: Gareth Webb <gareth.webb@umbralsoftware.co.uk>
Message-Id: <164529651121.25406.15337137068584246397-0@git.sr.ht>
[Move get_pg_mode to seg_helper.c for user-mode emulators. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/tcg/seg_helper.c | 49 +++++++++++++++++++++++++++-
target/i386/tcg/sysemu/excp_helper.c | 36 --------------------
2 files changed, 48 insertions(+), 37 deletions(-)
diff --git a/target/i386/tcg/seg_helper.c b/target/i386/tcg/seg_helper.c
index baa905a0cd..4cf1f973cf 100644
--- a/target/i386/tcg/seg_helper.c
+++ b/target/i386/tcg/seg_helper.c
@@ -28,6 +28,42 @@
#include "helper-tcg.h"
#include "seg_helper.h"
+int get_pg_mode(CPUX86State *env)
+{
+ int pg_mode = 0;
+ if (!(env->cr[0] & CR0_PG_MASK)) {
+ return 0;
+ }
+ if (env->cr[0] & CR0_WP_MASK) {
+ pg_mode |= PG_MODE_WP;
+ }
+ if (env->cr[4] & CR4_PAE_MASK) {
+ pg_mode |= PG_MODE_PAE;
+ if (env->efer & MSR_EFER_NXE) {
+ pg_mode |= PG_MODE_NXE;
+ }
+ }
+ if (env->cr[4] & CR4_PSE_MASK) {
+ pg_mode |= PG_MODE_PSE;
+ }
+ if (env->cr[4] & CR4_SMEP_MASK) {
+ pg_mode |= PG_MODE_SMEP;
+ }
+ if (env->hflags & HF_LMA_MASK) {
+ pg_mode |= PG_MODE_LMA;
+ if (env->cr[4] & CR4_PKE_MASK) {
+ pg_mode |= PG_MODE_PKE;
+ }
+ if (env->cr[4] & CR4_PKS_MASK) {
+ pg_mode |= PG_MODE_PKS;
+ }
+ if (env->cr[4] & CR4_LA57_MASK) {
+ pg_mode |= PG_MODE_LA57;
+ }
+ }
+ return pg_mode;
+}
+
/* return non zero if error */
static inline int load_segment_ra(CPUX86State *env, uint32_t *e1_ptr,
uint32_t *e2_ptr, int selector,
@@ -795,6 +831,8 @@ static inline target_ulong get_rsp_from_tss(CPUX86State
*env, int level)
{
X86CPU *cpu = env_archcpu(env);
int index;
+ target_ulong rsp;
+ int32_t sext;
#if 0
printf("TR: base=" TARGET_FMT_lx " limit=%x\n",
@@ -808,7 +846,16 @@ static inline target_ulong get_rsp_from_tss(CPUX86State
*env, int level)
if ((index + 7) > env->tr.limit) {
raise_exception_err(env, EXCP0A_TSS, env->tr.selector & 0xfffc);
}
- return cpu_ldq_kernel(env, env->tr.base + index);
+
+ rsp = cpu_ldq_kernel(env, env->tr.base + index);
+
+ /* test virtual address sign extension */
+ sext = rsp >> (get_pg_mode(env) & PG_MODE_LA57 ? 56 : 47);
+ if (sext != 0 && sext != -1) {
+ raise_exception_err(env, EXCP0C_STACK, 0);
+ }
+
+ return rsp;
}
/* 64 bit interrupt */
diff --git a/target/i386/tcg/sysemu/excp_helper.c
b/target/i386/tcg/sysemu/excp_helper.c
index 0410170d64..db4c266c86 100644
--- a/target/i386/tcg/sysemu/excp_helper.c
+++ b/target/i386/tcg/sysemu/excp_helper.c
@@ -21,42 +21,6 @@
#include "cpu.h"
#include "tcg/helper-tcg.h"
-int get_pg_mode(CPUX86State *env)
-{
- int pg_mode = 0;
- if (!(env->cr[0] & CR0_PG_MASK)) {
- return 0;
- }
- if (env->cr[0] & CR0_WP_MASK) {
- pg_mode |= PG_MODE_WP;
- }
- if (env->cr[4] & CR4_PAE_MASK) {
- pg_mode |= PG_MODE_PAE;
- if (env->efer & MSR_EFER_NXE) {
- pg_mode |= PG_MODE_NXE;
- }
- }
- if (env->cr[4] & CR4_PSE_MASK) {
- pg_mode |= PG_MODE_PSE;
- }
- if (env->cr[4] & CR4_SMEP_MASK) {
- pg_mode |= PG_MODE_SMEP;
- }
- if (env->hflags & HF_LMA_MASK) {
- pg_mode |= PG_MODE_LMA;
- if (env->cr[4] & CR4_PKE_MASK) {
- pg_mode |= PG_MODE_PKE;
- }
- if (env->cr[4] & CR4_PKS_MASK) {
- pg_mode |= PG_MODE_PKS;
- }
- if (env->cr[4] & CR4_LA57_MASK) {
- pg_mode |= PG_MODE_LA57;
- }
- }
- return pg_mode;
-}
-
#define PG_ERROR_OK (-1)
typedef hwaddr (*MMUTranslateFunc)(CPUState *cs, hwaddr gphys, MMUAccessType
access_type,
--
2.34.1
- [PULL 08/23] kvm-irqchip: introduce new API to support route change, (continued)
- [PULL 08/23] kvm-irqchip: introduce new API to support route change, Paolo Bonzini, 2022/03/07
- [PULL 09/23] kvm/msi: do explicit commit when adding msi routes, Paolo Bonzini, 2022/03/07
- [PULL 10/23] target/i386: only include bits in pg_mode if they are not ignored, Paolo Bonzini, 2022/03/07
- [PULL 04/23] meson: fix generic location of vss headers, Paolo Bonzini, 2022/03/07
- [PULL 07/23] update meson-buildoptions.sh, Paolo Bonzini, 2022/03/07
- [PULL 18/23] x86: add support for KVM_CAP_XSAVE2 and AMX state migration, Paolo Bonzini, 2022/03/07
- [PULL 13/23] x86: Fix the 64-byte boundary enumeration for extended state, Paolo Bonzini, 2022/03/07
- [PULL 03/23] vmxcap: Add 5-level EPT bit, Paolo Bonzini, 2022/03/07
- [PULL 02/23] whpx: Fixed incorrect CR8/TPR synchronization, Paolo Bonzini, 2022/03/07
- [PULL 12/23] linux-headers: include missing changes from 5.17, Paolo Bonzini, 2022/03/07
- [PULL 11/23] target/i386: Throw a #SS when loading a non-canonical IST,
Paolo Bonzini <=
- [PULL 19/23] x86: Support XFD and AMX xsave data migration, Paolo Bonzini, 2022/03/07
- [PULL 14/23] x86: Add AMX XTILECFG and XTILEDATA components, Paolo Bonzini, 2022/03/07
- [PULL 22/23] check-block: revert TAP output and reintroduce -makecheck, Paolo Bonzini, 2022/03/07
- [PULL 01/23] whpx: Fixed reporting of the CPU context to GDB for 64-bit, Paolo Bonzini, 2022/03/07
- [PULL 23/23] gitlab-ci: do not run tests with address sanitizer, Paolo Bonzini, 2022/03/07
- [PULL 21/23] KVM: SVM: always set MSR_AMD64_TSC_RATIO to default value, Paolo Bonzini, 2022/03/07
- [PULL 20/23] i386: Add Icelake-Server-v6 CPU model with 5-level EPT support, Paolo Bonzini, 2022/03/07
- Re: [PULL 00/23] QEMU changes for 7.0 soft freeze, Thomas Huth, 2022/03/08