KVM: SVM: hide TF/RF flags used by NMI singlestep
These flags are used internally by SVM so it's cleaner to not leak them to callers of svm_get_rflags. This is similar to how the TF flag is handled on KVM_GUESTDBG_SINGLESTEP by kvm_get_rflags and kvm_set_rflags. Without this change, the flags may propagate from host VMCB to nested VMCB or vice versa while singlestepping over a nested VM enter/exit, and then get stuck in inappropriate places. Example: NMI singlestepping is enabled while running L1 guest. The instruction to step over is VMRUN and nested vmrun emulation stashes rflags to hsave->save.rflags. Then if singlestepping is disabled while still in L2, TF/RF will be cleared from the nested VMCB but the next nested VM exit will restore them from hsave->save.rflags and cause an unexpected DB exception. Signed-off-by: Ladi Prosek <lprosek@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
parent
ab2f4d73eb
commit
9b61174793
|
@ -1725,11 +1725,24 @@ static void svm_vcpu_unblocking(struct kvm_vcpu *vcpu)
|
|||
|
||||
static unsigned long svm_get_rflags(struct kvm_vcpu *vcpu)
|
||||
{
|
||||
return to_svm(vcpu)->vmcb->save.rflags;
|
||||
struct vcpu_svm *svm = to_svm(vcpu);
|
||||
unsigned long rflags = svm->vmcb->save.rflags;
|
||||
|
||||
if (svm->nmi_singlestep) {
|
||||
/* Hide our flags if they were not set by the guest */
|
||||
if (!(svm->nmi_singlestep_guest_rflags & X86_EFLAGS_TF))
|
||||
rflags &= ~X86_EFLAGS_TF;
|
||||
if (!(svm->nmi_singlestep_guest_rflags & X86_EFLAGS_RF))
|
||||
rflags &= ~X86_EFLAGS_RF;
|
||||
}
|
||||
return rflags;
|
||||
}
|
||||
|
||||
static void svm_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags)
|
||||
{
|
||||
if (to_svm(vcpu)->nmi_singlestep)
|
||||
rflags |= (X86_EFLAGS_TF | X86_EFLAGS_RF);
|
||||
|
||||
/*
|
||||
* Any change of EFLAGS.VM is accompanied by a reload of SS
|
||||
* (caused by either a task switch or an inter-privilege IRET),
|
||||
|
|
Loading…
Reference in New Issue