KVM: vmx: Unavailable DR4/5 is checked before CPL

If DR4/5 is accessed when it is unavailable (since CR4.DE is set), then #UD should be generated even if CPL>0. This is according to Intel SDM Table 6-2: "Priority Among Simultaneous Exceptions and Interrupts". Note, that this may happen on the first DR access, even if the host does not sets debug breakpoints. Obviously, it occurs when the host debugs the guest. This patch moves the DR4/5 checks from __kvm_set_dr/_kvm_get_dr to handle_dr. The emulator already checks DR4/5 availability in check_dr_read. Nested virutalization related calls to kvm_set_dr/kvm_get_dr would not like to inject exceptions to the guest. As for SVM, the patch follows the previous logic as much as possible. Anyhow, it appears the DR interception code might be buggy - even if the DR access may cause an exception, the instruction is skipped. Signed-off-by: Nadav Amit <namit@cs.technion.ac.il> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
author: Nadav Amit <namit@cs.technion.ac.il> 2014-10-02 18:10:05 -0400
committer: Paolo Bonzini <pbonzini@redhat.com> 2014-11-03 06:07:26 -0500
commit: 16f8a6f9798ab9a1fd593b06b78925d02525ab81 (patch)
tree: bacce115367ea875e4549d535fba9fbf429a2760 /arch/x86/kvm/vmx.c
parent: c49c759f7a68b70d2fed019760a66843b3df39b8 (diff)
1 files changed, 11 insertions, 6 deletions
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 30e6e184ff09..0cd99d8405f8 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -5163,13 +5163,20 @@ static int handle_cr(struct kvm_vcpu *vcpu)
 static int handle_dr(struct kvm_vcpu *vcpu)
 {
        unsigned long exit_qualification;
-        int dr, reg;
+        int dr, dr7, reg;
+        exit_qualification = vmcs_readl(EXIT_QUALIFICATION);
+        dr = exit_qualification & DEBUG_REG_ACCESS_NUM;
+        /* First, if DR does not exist, trigger UD */
+        if (!kvm_require_dr(vcpu, dr))
+                return 1;
        /* Do not handle if the CPL > 0, will trigger GP on re-entry */
        if (!kvm_require_cpl(vcpu, 0))
                return 1;
-        dr = vmcs_readl(GUEST_DR7);
+        dr7 = vmcs_readl(GUEST_DR7);
-        if (dr & DR7_GD) {
+        if (dr7 & DR7_GD) {
                /*
                 * As the vm-exit takes precedence over the debug trap, we
                 * need to emulate the latter, either for the host or the
@@ -5177,7 +5184,7 @@ static int handle_dr(struct kvm_vcpu *vcpu)
                 */
                if (vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP) {
                        vcpu->run->debug.arch.dr6 = vcpu->arch.dr6;
-                        vcpu->run->debug.arch.dr7 = dr;
+                        vcpu->run->debug.arch.dr7 = dr7;
                        vcpu->run->debug.arch.pc =
                                vmcs_readl(GUEST_CS_BASE) +
                                vmcs_readl(GUEST_RIP);
@@ -5207,8 +5214,6 @@ static int handle_dr(struct kvm_vcpu *vcpu)
                return 1;
        }
-        exit_qualification = vmcs_readl(EXIT_QUALIFICATION);
-        dr = exit_qualification & DEBUG_REG_ACCESS_NUM;
        reg = DEBUG_REG_ACCESS_REG(exit_qualification);
        if (exit_qualification & TYPE_MOV_FROM_DR) {
                unsigned long val;
author	Nadav Amit <namit@cs.technion.ac.il>	2014-10-02 18:10:05 -0400
committer	Paolo Bonzini <pbonzini@redhat.com>	2014-11-03 06:07:26 -0500
commit	16f8a6f9798ab9a1fd593b06b78925d02525ab81 (patch)
tree	bacce115367ea875e4549d535fba9fbf429a2760 /arch/x86/kvm/vmx.c
parent	c49c759f7a68b70d2fed019760a66843b3df39b8 (diff)