From owner-svn-src-projects@FreeBSD.ORG Mon Jul 22 19:38:22 2013 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 7521ACB3; Mon, 22 Jul 2013 19:38:22 +0000 (UTC) (envelope-from neel@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 4CD0B2071; Mon, 22 Jul 2013 19:38:22 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r6MJcMnv092060; Mon, 22 Jul 2013 19:38:22 GMT (envelope-from neel@svn.freebsd.org) Received: (from neel@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r6MJcMGR092059; Mon, 22 Jul 2013 19:38:22 GMT (envelope-from neel@svn.freebsd.org) Message-Id: <201307221938.r6MJcMGR092059@svn.freebsd.org> From: Neel Natu Date: Mon, 22 Jul 2013 19:38:22 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r253553 - projects/bhyve_npt_pmap/sys/amd64/vmm/intel X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jul 2013 19:38:22 -0000 Author: neel Date: Mon Jul 22 19:38:21 2013 New Revision: 253553 URL: http://svnweb.freebsd.org/changeset/base/253553 Log: The macro 'VM_INSTRUCTION_ERROR' was implicitly assuming that %rsp pointed to 'struct vmxctx' associated with the vcpu. This assumption was correct until now since this macro was called only after 'vmresume' and 'vmlaunch'. However when called from 'VMX_CHECK_EPTGEN' the %rsp is still pointing to the host stack and therefore results in a stack corruption when we update 'vmxctx->launch_error'. Fix this by passing in the register that points to 'struct vmxctx' as a parameter to the macro. Modified: projects/bhyve_npt_pmap/sys/amd64/vmm/intel/vmx_support.S Modified: projects/bhyve_npt_pmap/sys/amd64/vmm/intel/vmx_support.S ============================================================================== --- projects/bhyve_npt_pmap/sys/amd64/vmm/intel/vmx_support.S Mon Jul 22 19:32:42 2013 (r253552) +++ projects/bhyve_npt_pmap/sys/amd64/vmm/intel/vmx_support.S Mon Jul 22 19:38:21 2013 (r253553) @@ -92,15 +92,20 @@ movq VMXCTX_GUEST_R15(%rdi),%r15; \ movq VMXCTX_GUEST_RDI(%rdi),%rdi; /* restore rdi the last */ -#define VM_INSTRUCTION_ERROR(reg) \ +/* + * Check for an error after executing a VMX instruction. + * 'errreg' will be zero on success and non-zero otherwise. + * 'ctxreg' points to the 'struct vmxctx' associated with the vcpu. + */ +#define VM_INSTRUCTION_ERROR(errreg, ctxreg) \ jnc 1f; \ - movl $VM_FAIL_INVALID,reg; /* CF is set */ \ + movl $VM_FAIL_INVALID,errreg; /* CF is set */ \ jmp 3f; \ 1: jnz 2f; \ - movl $VM_FAIL_VALID,reg; /* ZF is set */ \ + movl $VM_FAIL_VALID,errreg; /* ZF is set */ \ jmp 3f; \ -2: movl $VM_SUCCESS,reg; \ -3: movl reg,VMXCTX_LAUNCH_ERROR(%rsp) +2: movl $VM_SUCCESS,errreg; \ +3: movl errreg,VMXCTX_LAUNCH_ERROR(ctxreg) /* * set or clear the appropriate bit in 'pm_active' @@ -143,7 +148,7 @@ invept -16(%r11), %rax; \ \ /* Check for invept error */ \ - VM_INSTRUCTION_ERROR(%eax); \ + VM_INSTRUCTION_ERROR(%eax, %rdi); \ testl %eax, %eax; \ jz 9f; \ \ @@ -268,7 +273,7 @@ ENTRY(vmx_resume) /* * Capture the reason why vmresume failed. */ - VM_INSTRUCTION_ERROR(%eax) + VM_INSTRUCTION_ERROR(%eax, %rsp) /* Return via vmx_setjmp with return value of VMX_RETURN_VMRESUME */ movq %rsp,%rdi @@ -304,7 +309,7 @@ ENTRY(vmx_launch) /* * Capture the reason why vmlaunch failed. */ - VM_INSTRUCTION_ERROR(%eax) + VM_INSTRUCTION_ERROR(%eax, %rsp) /* Return via vmx_setjmp with return value of VMX_RETURN_VMLAUNCH */ movq %rsp,%rdi