Clear the host registers after setbe

The original patch cleared the host registers before setbe doing XOR,
and it set a false flag as VM enry failure.

Orabug: 27344012
CVE: CVE-2017-5715

Signed-off-by: Jun Nakajima <jun.nakajima@intel.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: John Haxby <john.haxby@oracle.com>
Signed-off-by: Kirtikar Kashyap <kirtikar.kashyap@oracle.com>

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index cd15ec76602f4d9df7c8a067479c6f495a7b1797..74f3e9eb3b8a1a89c17800ef112417cdad95dd87 100644 (file)
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -8253,10 +8253,15 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
                "mov %%r14, %c[r14](%0) \n\t"
                "mov %%r15, %c[r15](%0) \n\t"
 #endif
+               "mov %%cr2, %%" _ASM_AX "   \n\t"
+               "mov %%" _ASM_AX ", %c[cr2](%0) \n\t"
+
+               "pop  %%" _ASM_BP "; pop  %%" _ASM_DX " \n\t"
+               "setbe %c[fail](%0) \n\t"
                /*
-               * Clear host registers marked as clobbered to prevent
-               * speculative use.
-               */
+                * Clear host registers marked as clobbered to prevent
+                * speculative use.
+                */
                "xor %%" _ASM_BX ", %%" _ASM_BX " \n\t"
                "xor %%" _ASM_SI ", %%" _ASM_SI " \n\t"
                "xor %%" _ASM_DI ", %%" _ASM_DI " \n\t"
@@ -8270,11 +8275,6 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
                "xor %%r14, %%r14 \n\t"
                "xor %%r15, %%r15 \n\t"
 #endif
-               "mov %%cr2, %%" _ASM_AX "   \n\t"
-               "mov %%" _ASM_AX ", %c[cr2](%0) \n\t"
-
-               "pop  %%" _ASM_BP "; pop  %%" _ASM_DX " \n\t"
-               "setbe %c[fail](%0) \n\t"
                ".pushsection .rodata \n\t"
                ".global vmx_return \n\t"
                "vmx_return: " _ASM_PTR " 2b \n\t"