|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen master] x86/svm: Always sync guest CR2 on VMExit
commit 3e6bca616b344aaa62602fcef0021255d467c2fd
Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Fri May 1 20:17:29 2026 +0100
Commit: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Tue May 5 11:45:00 2026 +0100
x86/svm: Always sync guest CR2 on VMExit
Under SVM, there are two copies of guest CR2. One is
v->arch.hvm.guest_cr[2]
and one is in the VMCB.
Xen doesn't intercept CR2 accesses, so this mostly goes unnoticed; hardware
loads and saves the guest CR2 in the VMCB across VMRUN/VMExit.
For HAP guests (where #PF is not intercepted, and therefore we don't
typically
inject #PF either), this causes the guest CR2 value to be lost on migrate.
As
migration is cooperative and not done from the #PF handler, this also goes
unnoticed by guests.
It also means that an emulated MOV-from-CR2 reads a stale value.
Reported-by: Stefano Stabellini <sstabellini@xxxxxxxxxx>
Fixes: d1bd157fbc9b ("Big merge the HVM full-virtualisation abstractions.")
Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Tested-by: Stefano Stabellini <sstabellini@xxxxxxxxxx>
Reviewed-by: Teddy Astie <teddy.astie@xxxxxxxxxx>
Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
---
xen/arch/x86/hvm/svm/svm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c
index ced6166847..f49d2ebbfd 100644
--- a/xen/arch/x86/hvm/svm/svm.c
+++ b/xen/arch/x86/hvm/svm/svm.c
@@ -2505,6 +2505,7 @@ void asmlinkage svm_vmexit_handler(void)
hvm_sanitize_regs_fields(
regs, !(vmcb_get_efer(vmcb) & EFER_LMA) || !(vmcb->cs.l));
+ v->arch.hvm.guest_cr[2] = vmcb_get_cr2(vmcb);
if ( paging_mode_hap(v->domain) )
v->arch.hvm.guest_cr[3] = v->arch.hvm.hw_cr[3] = vmcb_get_cr3(vmcb);
--
generated by git-patchbot for /home/xen/git/xen.git#master
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |