KVM: vmx: vmx instructions handling does not consider cs.l

VMX instructions use 32-bit operands in 32-bit mode, and 64-bit operands in
64-bit mode.  The current implementation is broken since it does not use the
register operands correctly, and always uses 64-bit for reads and writes.
Moreover, write to memory in vmwrite only considers long-mode, so it ignores
cs.l. This patch fixes this behavior.

Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 45024bf0e2293163530886040e480f731197e701..8748c2e19ed67213e509e5792c1c47dece8bd498 100644 (file)
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -6403,7 +6403,7 @@ static int handle_vmread(struct kvm_vcpu *vcpu)
                return 1;
 
        /* Decode instruction info and find the field to read */
-       field = kvm_register_read(vcpu, (((vmx_instruction_info) >> 28) & 0xf));
+       field = kvm_register_readl(vcpu, (((vmx_instruction_info) >> 28) & 0xf));
        /* Read the field, zero-extended to a u64 field_value */
        if (!vmcs12_read_any(vcpu, field, &field_value)) {
                nested_vmx_failValid(vcpu, VMXERR_UNSUPPORTED_VMCS_COMPONENT);
@@ -6416,7 +6416,7 @@ static int handle_vmread(struct kvm_vcpu *vcpu)
         * on the guest's mode (32 or 64 bit), not on the given field's length.
         */
        if (vmx_instruction_info & (1u << 10)) {
-               kvm_register_write(vcpu, (((vmx_instruction_info) >> 3) & 0xf),
+               kvm_register_writel(vcpu, (((vmx_instruction_info) >> 3) & 0xf),
                        field_value);
        } else {
                if (get_vmx_mem_address(vcpu, exit_qualification,
@@ -6453,21 +6453,21 @@ static int handle_vmwrite(struct kvm_vcpu *vcpu)
                return 1;
 
        if (vmx_instruction_info & (1u << 10))
-               field_value = kvm_register_read(vcpu,
+               field_value = kvm_register_readl(vcpu,
                        (((vmx_instruction_info) >> 3) & 0xf));
        else {
                if (get_vmx_mem_address(vcpu, exit_qualification,
                                vmx_instruction_info, &gva))
                        return 1;
                if (kvm_read_guest_virt(&vcpu->arch.emulate_ctxt, gva,
-                          &field_value, (is_long_mode(vcpu) ? 8 : 4), &e)) {
+                          &field_value, (is_64_bit_mode(vcpu) ? 8 : 4), &e)) {
                        kvm_inject_page_fault(vcpu, &e);
                        return 1;
                }
        }
 
 
-       field = kvm_register_read(vcpu, (((vmx_instruction_info) >> 28) & 0xf));
+       field = kvm_register_readl(vcpu, (((vmx_instruction_info) >> 28) & 0xf));
        if (vmcs_field_readonly(field)) {
                nested_vmx_failValid(vcpu,
                        VMXERR_VMWRITE_READ_ONLY_VMCS_COMPONENT);
@@ -6590,7 +6590,7 @@ static int handle_invept(struct kvm_vcpu *vcpu)
        }
 
        vmx_instruction_info = vmcs_read32(VMX_INSTRUCTION_INFO);
-       type = kvm_register_read(vcpu, (vmx_instruction_info >> 28) & 0xf);
+       type = kvm_register_readl(vcpu, (vmx_instruction_info >> 28) & 0xf);
 
        types = (nested_vmx_ept_caps >> VMX_EPT_EXTENT_SHIFT) & 6;
 

diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
index c5b61a7eb1441cbda53467747d1ce5d918ff2a25..306a1b77581fd201be104c1e3bb202fb13cd6bcc 100644 (file)
--- a/arch/x86/kvm/x86.h
+++ b/arch/x86/kvm/x86.h
@@ -126,6 +126,15 @@ static inline unsigned long kvm_register_readl(struct kvm_vcpu *vcpu,
        return is_64_bit_mode(vcpu) ? val : (u32)val;
 }
 
+static inline void kvm_register_writel(struct kvm_vcpu *vcpu,
+                                      enum kvm_reg reg,
+                                      unsigned long val)
+{
+       if (!is_64_bit_mode(vcpu))
+               val = (u32)val;
+       return kvm_register_write(vcpu, reg, val);
+}
+
 void kvm_before_handle_nmi(struct kvm_vcpu *vcpu);
 void kvm_after_handle_nmi(struct kvm_vcpu *vcpu);
 int kvm_inject_realmode_interrupt(struct kvm_vcpu *vcpu, int irq, int inc_eip);