Skip to main content

Browse the archive

Revision 8764ed55c9705e426d889ff16c26f398bba70b9b authored by Sean Christopherson on 29 April 2019, 14:04:15 UTC, committed by Paolo Bonzini on 30 April 2019, 19:03:42 UTC 
KVM: x86: Whitelist port 0x7e for pre-incrementing %rip
 
KVM's recent bug fix to update %rip after emulating I/O broke userspace
that relied on the previous behavior of incrementing %rip prior to
exiting to userspace.  When running a Windows XP guest on AMD hardware,
Qemu may patch "OUT 0x7E" instructions in reaction to the OUT itself.
Because KVM's old behavior was to increment %rip before exiting to
userspace to handle the I/O, Qemu manually adjusted %rip to account for
the OUT instruction.

Arguably this is a userspace bug as KVM requires userspace to re-enter
the kernel to complete instruction emulation before taking any other
actions.  That being said, this is a bit of a grey area and breaking
userspace that has worked for many years is bad.

Pre-increment %rip on OUT to port 0x7e before exiting to userspace to
hack around the issue.

Fixes: 45def77ebf79e ("KVM: x86: update %rip after emulating IO")
Reported-by: Simon Becherer <simon@becherer.de>
Reported-and-tested-by: Iakov Karpov <srid@rkmail.ru>
Reported-by: Gabriele Balducci <balducci@units.it>
Reported-by: Antti Antinoja <reader@fennosys.fi>
Cc: stable@vger.kernel.org
Cc: Takashi Iwai <tiwai@suse.com>
Cc: Jiri Slaby <jslaby@suse.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
1 parent dbcdae1
History
File Mode Size
ABI
EDID
PCI
RCU
accelerators
accounting
acpi
admin-guide
aoe
arm
arm64
auxdisplay
backlight
block
blockdev
bpf
bus-devices
cdrom
cgroup-v1
cma
connector
console
core-api
cpu-freq
crypto
dev-tools
device-mapper
devicetree
doc-guide
driver-api
driver-model
early-userspace
extcon
fault-injection
fb
features
filesystems
firmware_class
fmc
fpga
gpio
gpu
hid
hwmon
i2c
ia64
ide
iio
infiniband
input
interconnect
ioctl
isdn
kbuild
kdump
kernel-hacking
laptops
leds
lightnvm
livepatch
locking
m68k
maintainer
md
media
memory-devices
mic
mips
misc-devices
mmc
mtd
namespaces
netlabel
networking
nfc
nios2
nvdimm
nvmem
openrisc
parisc
pcmcia
perf
phy
platform
power
powerpc
pps
process
pti
ptp
rapidio
riscv
s390
scheduler
scsi
security
serial
sh
sound
sparc
sphinx
sphinx-static
spi
sysctl
target
thermal
timers
trace
translations
usb
userspace-api
virtual
vm
w1
watchdog
wimax
x86
xilinx
xtensa
.gitignore -rw-r--r-- 13 bytes
Changes l--------- 19 bytes
CodingStyle -rw-r--r-- 48 bytes
DMA-API-HOWTO.txt -rw-r--r-- 32.8 KB
DMA-API.txt -rw-r--r-- 27.5 KB
DMA-ISA-LPC.txt -rw-r--r-- 5.1 KB
DMA-attributes.txt -rw-r--r-- 6.9 KB
IPMI.txt -rw-r--r-- 29.7 KB
IRQ-affinity.txt -rw-r--r-- 2.5 KB
IRQ-domain.txt -rw-r--r-- 10.9 KB
IRQ.txt -rw-r--r-- 994 bytes
Intel-IOMMU.txt -rw-r--r-- 3.9 KB
Makefile -rw-r--r-- 4.5 KB
SAK.txt -rw-r--r-- 3.0 KB
SM501.txt -rw-r--r-- 2.8 KB
SubmittingPatches -rw-r--r-- 54 bytes
atomic_bitops.txt -rw-r--r-- 1.5 KB
atomic_t.txt -rw-r--r-- 5.5 KB
bt8xxgpio.txt -rw-r--r-- 4.0 KB
btmrvl.txt -rw-r--r-- 2.7 KB
bus-virt-phys-mapping.txt -rw-r--r-- 8.0 KB
clearing-warn-once.txt -rw-r--r-- 224 bytes
conf.py -rw-r--r-- 19.3 KB
cpu-load.txt -rw-r--r-- 3.0 KB
cputopology.txt -rw-r--r-- 5.6 KB
crc32.txt -rw-r--r-- 8.6 KB
dcdbas.txt -rw-r--r-- 3.9 KB
debugging-modules.txt -rw-r--r-- 954 bytes
debugging-via-ohci1394.txt -rw-r--r-- 7.5 KB
dell_rbu.txt -rw-r--r-- 5.0 KB
digsig.txt -rw-r--r-- 3.0 KB
docutils.conf -rw-r--r-- 158 bytes
dontdiff -rw-r--r-- 2.5 KB
efi-stub.txt -rw-r--r-- 3.8 KB
eisa.txt -rw-r--r-- 7.6 KB
futex-requeue-pi.txt -rw-r--r-- 5.1 KB
gcc-plugins.txt -rw-r--r-- 2.9 KB
highuid.txt -rw-r--r-- 2.6 KB
hw_random.txt -rw-r--r-- 3.8 KB
hwspinlock.txt -rw-r--r-- 12.5 KB
index.rst -rw-r--r-- 3.0 KB
intel_txt.txt -rw-r--r-- 10.3 KB
io-mapping.txt -rw-r--r-- 3.3 KB
io_ordering.txt -rw-r--r-- 2.0 KB
iostats.txt -rw-r--r-- 8.7 KB
irqflags-tracing.txt -rw-r--r-- 2.3 KB
isa.txt -rw-r--r-- 5.1 KB
isapnp.txt -rw-r--r-- 492 bytes
kernel-per-CPU-kthreads.txt -rw-r--r-- 13.3 KB
kobject.txt -rw-r--r-- 18.5 KB
kprobes.txt -rw-r--r-- 30.3 KB
kref.txt -rw-r--r-- 8.9 KB
ldm.txt -rw-r--r-- 4.6 KB
lockup-watchdogs.txt -rw-r--r-- 4.1 KB
logo.gif -rw-r--r-- 16.0 KB
logo.txt -rw-r--r-- 563 bytes
lsm.txt -rw-r--r-- 10.5 KB
lzo.txt -rw-r--r-- 9.1 KB
mailbox.txt -rw-r--r-- 4.4 KB
memory-barriers.txt -rw-r--r-- 114.6 KB
men-chameleon-bus.txt -rw-r--r-- 5.7 KB
nommu-mmap.txt -rw-r--r-- 12.4 KB
ntb.txt -rw-r--r-- 10.8 KB
numastat.txt -rw-r--r-- 1.0 KB
padata.txt -rw-r--r-- 7.4 KB
parport-lowlevel.txt -rw-r--r-- 37.1 KB
percpu-rw-semaphore.txt -rw-r--r-- 1.1 KB
phy.txt -rw-r--r-- 7.8 KB
pi-futex.txt -rw-r--r-- 5.7 KB
pnp.txt -rw-r--r-- 7.0 KB
preempt-locking.txt -rw-r--r-- 5.6 KB
pwm.txt -rw-r--r-- 6.2 KB
rbtree.txt -rw-r--r-- 14.8 KB
remoteproc.txt -rw-r--r-- 12.6 KB
rfkill.txt -rw-r--r-- 5.0 KB
robust-futex-ABI.txt -rw-r--r-- 8.7 KB
robust-futexes.txt -rw-r--r-- 9.5 KB
rpmsg.txt -rw-r--r-- 13.1 KB
rtc.txt -rw-r--r-- 7.0 KB
sgi-ioc4.txt -rw-r--r-- 2.1 KB
siphash.txt -rw-r--r-- 6.3 KB
smsc_ece1099.txt -rw-r--r-- 2.5 KB
speculation.txt -rw-r--r-- 2.8 KB
static-keys.txt -rw-r--r-- 13.0 KB
svga.txt -rw-r--r-- 11.8 KB
switchtec.txt -rw-r--r-- 4.0 KB
sync_file.txt -rw-r--r-- 3.1 KB
tee.txt -rw-r--r-- 5.2 KB
this_cpu_ops.txt -rw-r--r-- 11.2 KB
unaligned-memory-access.txt -rw-r--r-- 10.4 KB
vfio-mediated-device.txt -rw-r--r-- 14.6 KB
vfio.txt -rw-r--r-- 21.2 KB
video-output.txt -rw-r--r-- 1.1 KB
xillybus.txt -rw-r--r-- 17.6 KB
xz.txt -rw-r--r-- 5.5 KB
zorro.txt -rw-r--r-- 2.9 KB
back to top