svn commit: r253553 - projects/bhyve_npt_pmap/sys/amd64/vmm/intel

Neel Natu neel at FreeBSD.org
Mon Jul 22 19:38:22 UTC 2013 

Author: neel
Date: Mon Jul 22 19:38:21 2013
New Revision: 253553
URL: http://svnweb.freebsd.org/changeset/base/253553

Log:
  The macro 'VM_INSTRUCTION_ERROR' was implicitly assuming that %rsp pointed
  to 'struct vmxctx' associated with the vcpu.  This assumption was correct
  until now since this macro was called only after 'vmresume' and 'vmlaunch'.
  
  However when called from 'VMX_CHECK_EPTGEN' the %rsp is still pointing to
  the host stack and therefore results in a stack corruption when we update
  'vmxctx->launch_error'.
  
  Fix this by passing in the register that points to 'struct vmxctx' as a
  parameter to the macro.

Modified:
  projects/bhyve_npt_pmap/sys/amd64/vmm/intel/vmx_support.S

Modified: projects/bhyve_npt_pmap/sys/amd64/vmm/intel/vmx_support.S
==============================================================================
--- projects/bhyve_npt_pmap/sys/amd64/vmm/intel/vmx_support.S	Mon Jul 22 19:32:42 2013	(r253552)
+++ projects/bhyve_npt_pmap/sys/amd64/vmm/intel/vmx_support.S	Mon Jul 22 19:38:21 2013	(r253553)
@@ -92,15 +92,20 @@
 	movq	VMXCTX_GUEST_R15(%rdi),%r15;				\
 	movq	VMXCTX_GUEST_RDI(%rdi),%rdi; /* restore rdi the last */
 
-#define	VM_INSTRUCTION_ERROR(reg)					\
+/*
+ * Check for an error after executing a VMX instruction.
+ * 'errreg' will be zero on success and non-zero otherwise.
+ * 'ctxreg' points to the 'struct vmxctx' associated with the vcpu.
+ */
+#define	VM_INSTRUCTION_ERROR(errreg, ctxreg)				\
 	jnc 	1f;							\
-	movl 	$VM_FAIL_INVALID,reg;		/* CF is set */		\
+	movl 	$VM_FAIL_INVALID,errreg;		/* CF is set */	\
 	jmp 	3f;							\
 1:	jnz 	2f;							\
-	movl 	$VM_FAIL_VALID,reg;		/* ZF is set */		\
+	movl 	$VM_FAIL_VALID,errreg;		/* ZF is set */		\
 	jmp 	3f;							\
-2:	movl 	$VM_SUCCESS,reg;					\
-3:	movl	reg,VMXCTX_LAUNCH_ERROR(%rsp)
+2:	movl 	$VM_SUCCESS,errreg;					\
+3:	movl	errreg,VMXCTX_LAUNCH_ERROR(ctxreg)
 
 /*
  * set or clear the appropriate bit in 'pm_active'
@@ -143,7 +148,7 @@
 	invept	-16(%r11), %rax;					\
 									\
 	/* Check for invept error */					\
-	VM_INSTRUCTION_ERROR(%eax);					\
+	VM_INSTRUCTION_ERROR(%eax, %rdi);				\
 	testl	%eax, %eax;						\
 	jz	9f;							\
 									\
@@ -268,7 +273,7 @@ ENTRY(vmx_resume)
 	/*
 	 * Capture the reason why vmresume failed.
 	 */
-	VM_INSTRUCTION_ERROR(%eax)
+	VM_INSTRUCTION_ERROR(%eax, %rsp)
 
 	/* Return via vmx_setjmp with return value of VMX_RETURN_VMRESUME */
 	movq	%rsp,%rdi
@@ -304,7 +309,7 @@ ENTRY(vmx_launch)
 	/*
 	 * Capture the reason why vmlaunch failed.
 	 */
-	VM_INSTRUCTION_ERROR(%eax)
+	VM_INSTRUCTION_ERROR(%eax, %rsp)
 
 	/* Return via vmx_setjmp with return value of VMX_RETURN_VMLAUNCH */
 	movq	%rsp,%rdi

More information about the svn-src-projects mailing list