Date: Mon, 22 Jul 2013 19:38:22 +0000 (UTC) From: Neel Natu <neel@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r253553 - projects/bhyve_npt_pmap/sys/amd64/vmm/intel Message-ID: <201307221938.r6MJcMGR092059@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: neel Date: Mon Jul 22 19:38:21 2013 New Revision: 253553 URL: http://svnweb.freebsd.org/changeset/base/253553 Log: The macro 'VM_INSTRUCTION_ERROR' was implicitly assuming that %rsp pointed to 'struct vmxctx' associated with the vcpu. This assumption was correct until now since this macro was called only after 'vmresume' and 'vmlaunch'. However when called from 'VMX_CHECK_EPTGEN' the %rsp is still pointing to the host stack and therefore results in a stack corruption when we update 'vmxctx->launch_error'. Fix this by passing in the register that points to 'struct vmxctx' as a parameter to the macro. Modified: projects/bhyve_npt_pmap/sys/amd64/vmm/intel/vmx_support.S Modified: projects/bhyve_npt_pmap/sys/amd64/vmm/intel/vmx_support.S ============================================================================== --- projects/bhyve_npt_pmap/sys/amd64/vmm/intel/vmx_support.S Mon Jul 22 19:32:42 2013 (r253552) +++ projects/bhyve_npt_pmap/sys/amd64/vmm/intel/vmx_support.S Mon Jul 22 19:38:21 2013 (r253553) @@ -92,15 +92,20 @@ movq VMXCTX_GUEST_R15(%rdi),%r15; \ movq VMXCTX_GUEST_RDI(%rdi),%rdi; /* restore rdi the last */ -#define VM_INSTRUCTION_ERROR(reg) \ +/* + * Check for an error after executing a VMX instruction. + * 'errreg' will be zero on success and non-zero otherwise. + * 'ctxreg' points to the 'struct vmxctx' associated with the vcpu. + */ +#define VM_INSTRUCTION_ERROR(errreg, ctxreg) \ jnc 1f; \ - movl $VM_FAIL_INVALID,reg; /* CF is set */ \ + movl $VM_FAIL_INVALID,errreg; /* CF is set */ \ jmp 3f; \ 1: jnz 2f; \ - movl $VM_FAIL_VALID,reg; /* ZF is set */ \ + movl $VM_FAIL_VALID,errreg; /* ZF is set */ \ jmp 3f; \ -2: movl $VM_SUCCESS,reg; \ -3: movl reg,VMXCTX_LAUNCH_ERROR(%rsp) +2: movl $VM_SUCCESS,errreg; \ +3: movl errreg,VMXCTX_LAUNCH_ERROR(ctxreg) /* * set or clear the appropriate bit in 'pm_active' @@ -143,7 +148,7 @@ invept -16(%r11), %rax; \ \ /* Check for invept error */ \ - VM_INSTRUCTION_ERROR(%eax); \ + VM_INSTRUCTION_ERROR(%eax, %rdi); \ testl %eax, %eax; \ jz 9f; \ \ @@ -268,7 +273,7 @@ ENTRY(vmx_resume) /* * Capture the reason why vmresume failed. */ - VM_INSTRUCTION_ERROR(%eax) + VM_INSTRUCTION_ERROR(%eax, %rsp) /* Return via vmx_setjmp with return value of VMX_RETURN_VMRESUME */ movq %rsp,%rdi @@ -304,7 +309,7 @@ ENTRY(vmx_launch) /* * Capture the reason why vmlaunch failed. */ - VM_INSTRUCTION_ERROR(%eax) + VM_INSTRUCTION_ERROR(%eax, %rsp) /* Return via vmx_setjmp with return value of VMX_RETURN_VMLAUNCH */ movq %rsp,%rdi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201307221938.r6MJcMGR092059>