From e826ec9ae2baf9980402e85f0bbe1dac53ceb110 Mon Sep 17 00:00:00 2001 From: Izik Eidus Date: Sun, 11 Nov 2007 14:40:48 +0200 Subject: [PATCH 1/5] KVM: x86 emulator: fix JMP_REL Change JMP_REL to call to register_address_increment(): the operands size should not effect the calculation of the eip, instead the ad_bytes should affect it. Signed-off-by: Izik Eidus Signed-off-by: Avi Kivity --- drivers/kvm/x86_emulate.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/kvm/x86_emulate.c b/drivers/kvm/x86_emulate.c index 33b181451557..a1a9c9be39b3 100644 --- a/drivers/kvm/x86_emulate.c +++ b/drivers/kvm/x86_emulate.c @@ -448,8 +448,7 @@ struct operand { #define JMP_REL(rel) \ do { \ - _eip += (int)(rel); \ - _eip = ((op_bytes == 2) ? (uint16_t)_eip : (uint32_t)_eip); \ + register_address_increment(_eip, rel); \ } while (0) /* From 2a738e20a11b44219aa83073d625ff1a7004e463 Mon Sep 17 00:00:00 2001 From: Izik Eidus Date: Sun, 11 Nov 2007 14:46:34 +0200 Subject: [PATCH 2/5] KVM: x86 emulator: fix the saving of of the eip value this make sure that no matter what is the operand size, all the value of the eip will be saved Signed-off-by: Izik Eidus Signed-off-by: Avi Kivity --- drivers/kvm/x86_emulate.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/kvm/x86_emulate.c b/drivers/kvm/x86_emulate.c index a1a9c9be39b3..6c1413f9e9c3 100644 --- a/drivers/kvm/x86_emulate.c +++ b/drivers/kvm/x86_emulate.c @@ -1358,6 +1358,7 @@ special_insn: } src.val = (unsigned long) _eip; JMP_REL(rel); + op_bytes = ad_bytes; goto push; } case 0xe9: /* jmp rel */ From 00b2ef475d4728ca53a2bc788c7978042907e354 Mon Sep 17 00:00:00 2001 From: Amit Shah Date: Sun, 18 Nov 2007 22:25:40 +0530 Subject: [PATCH 3/5] KVM: x86 emulator: Use emulator_write_emulated and not emulator_write_std emulator_write_std() is not implemented, and calling write_emulated should work just as well in place of write_std. Fixes emulator failures with the push r/m instruction. Signed-off-by: Amit Shah Signed-off-by: Avi Kivity --- drivers/kvm/x86_emulate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/kvm/x86_emulate.c b/drivers/kvm/x86_emulate.c index 6c1413f9e9c3..bd46de6bf891 100644 --- a/drivers/kvm/x86_emulate.c +++ b/drivers/kvm/x86_emulate.c @@ -1146,7 +1146,7 @@ done_prefixes: } register_address_increment(_regs[VCPU_REGS_RSP], -dst.bytes); - if ((rc = ops->write_std( + if ((rc = ops->write_emulated( register_address(ctxt->ss_base, _regs[VCPU_REGS_RSP]), &dst.val, dst.bytes, ctxt->vcpu)) != 0) From 8d379a7c069179a98616c9cac6bb2a06a500de49 Mon Sep 17 00:00:00 2001 From: Avi Kivity Date: Tue, 27 Nov 2007 15:33:10 +0200 Subject: [PATCH 4/5] KVM: SVM: Unload guest fpu on vcpu_put() Not unloading the guest fpu can cause fpu leaks from guest to guest (or host to guest). Signed-off-by: Avi Kivity --- drivers/kvm/svm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/kvm/svm.c b/drivers/kvm/svm.c index 7a6eead63a6b..4e04e49a2f1c 100644 --- a/drivers/kvm/svm.c +++ b/drivers/kvm/svm.c @@ -663,6 +663,7 @@ static void svm_vcpu_put(struct kvm_vcpu *vcpu) wrmsrl(host_save_user_msrs[i], svm->host_user_msrs[i]); rdtscll(vcpu->host_tsc); + kvm_put_guest_fpu(vcpu); } static void svm_vcpu_decache(struct kvm_vcpu *vcpu) From 404fb881b82cf0cf6981832f8d31a7484e4dee81 Mon Sep 17 00:00:00 2001 From: Amit Shah Date: Mon, 19 Nov 2007 17:57:35 +0200 Subject: [PATCH 5/5] KVM: SVM: Fix FPU leak while emulating clts The clts code didn't use set_cr0 properly, so our lazy FPU processing wasn't being done by the clts instruction at all. (this isn't called on Intel as the hardware does the decode for us) Signed-off-by: Amit Shah Signed-off-by: Avi Kivity --- drivers/kvm/kvm_main.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/kvm/kvm_main.c b/drivers/kvm/kvm_main.c index 07ae280e8fe5..47c10b8f89b3 100644 --- a/drivers/kvm/kvm_main.c +++ b/drivers/kvm/kvm_main.c @@ -1188,8 +1188,7 @@ int emulate_invlpg(struct kvm_vcpu *vcpu, gva_t address) int emulate_clts(struct kvm_vcpu *vcpu) { - vcpu->cr0 &= ~X86_CR0_TS; - kvm_x86_ops->set_cr0(vcpu, vcpu->cr0); + kvm_x86_ops->set_cr0(vcpu, vcpu->cr0 & ~X86_CR0_TS); return X86EMUL_CONTINUE; }