From 5dc832628229d2736fab10523566855c3cda622d Mon Sep 17 00:00:00 2001 From: Avi Kivity Date: Sun, 16 Mar 2008 18:48:26 +0200 Subject: KVM: VMX: Restore tss even on x86_64 The vmx hardware state restore restores the tss selector and base address, but not its length. Usually, this does not matter since most of the tss contents is within the default length of 0x67. However, if a process is using ioperm() to grant itself I/O port permissions, an additional bitmap within the tss, but outside the default length is consulted. The effect is that the process will receive a SIGSEGV instead of transparently accessing the port. Fix by restoring the tss length. Note that i386 had this working already. Closes bugzilla 10246. Signed-off-by: Avi Kivity --- arch/x86/kvm/vmx.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'arch/x86/kvm/vmx.c') diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 94ea724638fd..f2df03c12f16 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -349,8 +349,6 @@ static void update_exception_bitmap(struct kvm_vcpu *vcpu) static void reload_tss(void) { -#ifndef CONFIG_X86_64 - /* * VT restores TR but not its size. Useless. */ @@ -361,7 +359,6 @@ static void reload_tss(void) descs = (void *)gdt.base; descs[GDT_ENTRY_TSS].type = 9; /* available TSS */ load_TR_desc(); -#endif } static void load_transition_efer(struct vcpu_vmx *vmx) -- cgit v1.2.3 From 707a18a51d83d9180a63b3cbaad8eda7764a8689 Mon Sep 17 00:00:00 2001 From: Marcelo Tosatti Date: Tue, 18 Mar 2008 17:42:34 -0300 Subject: KVM: VMX: convert init_rmode_tss() to slots_lock init_rmode_tss was forgotten during the conversion from mmap_sem to slots_lock. INFO: task qemu-system-x86:3748 blocked for more than 120 seconds. Call Trace: [] __down_read+0x86/0x9e [] do_page_fault+0x346/0x78e [] trace_hardirqs_on_thunk+0x35/0x3a [] error_exit+0x0/0xa9 [] copy_user_generic_string+0x17/0x40 [] :kvm:kvm_write_guest_page+0x3e/0x5f [] :kvm_intel:init_rmode_tss+0xa7/0xf9 [] :kvm_intel:vmx_vcpu_reset+0x10/0x38a [] :kvm:kvm_arch_vcpu_setup+0x20/0x53 [] :kvm:kvm_vm_ioctl+0xad/0x1cf [] __lock_acquire+0x4f7/0xc28 [] vfs_ioctl+0x21/0x6b [] do_vfs_ioctl+0x252/0x26b [] sys_ioctl+0x3c/0x5e [] system_call_after_swapgs+0x7b/0x80 Signed-off-by: Marcelo Tosatti Signed-off-by: Avi Kivity --- arch/x86/kvm/vmx.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'arch/x86/kvm/vmx.c') diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index f2df03c12f16..8e1462880d1f 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -1433,7 +1433,7 @@ static int init_rmode_tss(struct kvm *kvm) int ret = 0; int r; - down_read(¤t->mm->mmap_sem); + down_read(&kvm->slots_lock); r = kvm_clear_guest_page(kvm, fn, 0, PAGE_SIZE); if (r < 0) goto out; @@ -1456,7 +1456,7 @@ static int init_rmode_tss(struct kvm *kvm) ret = 1; out: - up_read(¤t->mm->mmap_sem); + up_read(&kvm->slots_lock); return ret; } -- cgit v1.2.3