[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[qemu-xen stable-4.16] target-i386: mmu: fix handling of noncanonical virtual addresses

To: xen-changelog@xxxxxxxxxxxxxxxxxxxx
From: patchbot@xxxxxxx
Date: Fri, 14 Jan 2022 00:59:56 +0000
Delivery-date: Fri, 14 Jan 2022 00:59:57 +0000
List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xenproject.org>

commit 3488bb205de0537ba5364ee1ee09cb07a26a4bb0
Author:     Paolo Bonzini <pbonzini@xxxxxxxxxx>
AuthorDate: Thu Nov 4 14:47:46 2021 +0100
Commit:     Michael Roth <michael.roth@xxxxxxx>
CommitDate: Tue Dec 14 14:19:00 2021 -0600

    target-i386: mmu: fix handling of noncanonical virtual addresses
    
    mmu_translate is supposed to return an error code for page faults; it is
    not able to handle other exceptions.  The #GP case for noncanonical
    virtual addresses is not handled correctly, and incorrectly raised as
    a page fault with error code 1.  Since it cannot happen for nested
    page tables, move it directly to handle_mmu_fault, even before the
    invocation of mmu_translate.
    
    Fixes: #676
    Fixes: 661ff4879e ("target/i386: extract mmu_translate", 2021-05-11)
    Cc: qemu-stable@xxxxxxxxxx
    Tested-by: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
    Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
    (cherry picked from commit b04dc92e013d55c9ac8082caefff45dcfb1310e7)
    Signed-off-by: Michael Roth <michael.roth@xxxxxxx>
---
 target/i386/tcg/sysemu/excp_helper.c | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/target/i386/tcg/sysemu/excp_helper.c 
b/target/i386/tcg/sysemu/excp_helper.c
index 2dea4a248e..9fb59058ef 100644
--- a/target/i386/tcg/sysemu/excp_helper.c
+++ b/target/i386/tcg/sysemu/excp_helper.c
@@ -94,15 +94,6 @@ static int mmu_translate(CPUState *cs, hwaddr addr, 
MMUTranslateFunc get_hphys_f
             bool la57 = pg_mode & PG_MODE_LA57;
             uint64_t pml5e_addr, pml5e;
             uint64_t pml4e_addr, pml4e;
-            int32_t sext;
-
-            /* test virtual address sign extension */
-            sext = la57 ? (int64_t)addr >> 56 : (int64_t)addr >> 47;
-            if (get_hphys_func && sext != 0 && sext != -1) {
-                env->error_code = 0;
-                cs->exception_index = EXCP0D_GPF;
-                return 1;
-            }
 
             if (la57) {
                 pml5e_addr = ((cr3 & ~0xfff) +
@@ -423,6 +414,18 @@ static int handle_mmu_fault(CPUState *cs, vaddr addr, int 
size,
         page_size = 4096;
     } else {
         pg_mode = get_pg_mode(env);
+        if (pg_mode & PG_MODE_LMA) {
+            int32_t sext;
+
+            /* test virtual address sign extension */
+            sext = (int64_t)addr >> (pg_mode & PG_MODE_LA57 ? 56 : 47);
+            if (sext != 0 && sext != -1) {
+                env->error_code = 0;
+                cs->exception_index = EXCP0D_GPF;
+                return 1;
+            }
+        }
+
         error_code = mmu_translate(cs, addr, get_hphys, env->cr[3], is_write1,
                                    mmu_idx, pg_mode,
                                    &paddr, &page_size, &prot);
--
generated by git-patchbot for /home/xen/git/qemu-xen.git#stable-4.16

Prev by Date: [qemu-xen stable-4.16] target-i386: mmu: use pg_mode instead of HF_LMA_MASK
Next by Date: [qemu-xen stable-4.16] hw/scsi/scsi-disk: MODE_PAGE_ALLS not allowed in MODE SELECT commands
Previous by thread: [qemu-xen stable-4.16] target-i386: mmu: use pg_mode instead of HF_LMA_MASK
Next by thread: [qemu-xen stable-4.16] hw/scsi/scsi-disk: MODE_PAGE_ALLS not allowed in MODE SELECT commands
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.