Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp599115pxj; Tue, 18 May 2021 09:59:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJww6XdPJBaUBXFH1mZK6YVWrVazUxIdJmwZxS+Gu6WFe4Syu5P8zv1eojBobkUuHYPliZyG X-Received: by 2002:a17:906:1496:: with SMTP id x22mr7081233ejc.419.1621357193478; Tue, 18 May 2021 09:59:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1621357193; cv=none; d=google.com; s=arc-20160816; b=en6T2KrSkgjQcT3tmOYV84e4Su1q7CPsS3Zq0+YUePvm+2BdoZGp3JkC0g2WvXMZm3 MP/rzflu6uJhqjgxOQ78dO9c+bpinG9aOAtTgAWNhP6m3ZhFLCCz/Jn3lNjgN14a8hhE bJ49mJApQm0USg8rMa4oTfNL4TcJUmn0kYngfUPvwv5TRL7K8Sh8Qb1iHBsSDSHADdZH 4+wBnvuNgk1tfC/PCHAdCTWi7mvqiaDfIkmv3pNtLUVCxteZ2h93n1Fv2+q72hpIMdWJ 1hGoMlIZIA5ntsEL2ecPLpw3S2InB0U/D4C75xoKYUefpfquCYhhW8e9bubOWUZTXVIs EkwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=55VOoSUfmHEU4PKiKV021/DmkdS/J2dmC1BW7ZQ1o74=; b=dyNMrArTpkJXtZQ9e9ReXkQSCTvfY1IP0ODljixUfK5jXT2grMG7L+zvwg28RFGDeg 5TFYMChQlU0E2XOZlGb3aW/5IVuyGchSjwSor0DXlxZ1+AiQnnC8wt6Gt6q5XqL62MPU QOaImR7dsGwi4N9aej8BBBN66+W/SmLJY/ew5E3SelPGLz3YG8rZQD4WTJNIWVR+v0l4 ohKNeaVMBbkW7rGmXxGTGaoDqSpZSeHPgVAGK27AVusF7gu+IaOZEOb/CuNqSFtcQwSr dL8OUEcwSRzxZQDCEG+wmzdjNU3NAGZ1MU4QbpXJz21LU8u8PUC66J8NC+Sc9ZsYZW9w eBFg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=P7ikC3s2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id o7si94790ejj.449.2021.05.18.09.59.29; Tue, 18 May 2021 09:59:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=P7ikC3s2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346534AbhEQQGH (ORCPT + 99 others); Mon, 17 May 2021 12:06:07 -0400 Received: from mail.kernel.org ([198.145.29.99]:35662 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344621AbhEQPpG (ORCPT ); Mon, 17 May 2021 11:45:06 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id D49CA61D2D; Mon, 17 May 2021 14:43:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1621262616; bh=gPM2Sf+ZxIJ0EELORApxwtu0yTWvElr6wAHAMxFYO9s=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=P7ikC3s2d2V8lvOXxk7I1TzjVwXPgA7aPeMpbT2BWCEwhn8oT31sI5WiDlhW58JLX pEGZdfjemKcpKBsOHMJPNje36QNHkpWQ4lzrqSB/EsbjFe1ttT3rX8RxeZwXJyXEcS rC4pxR7Du79AuQAVi7fYfyeBH8cV13VuTCngbT1Q= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Vitaly Kuznetsov , Paolo Bonzini Subject: [PATCH 5.11 300/329] KVM: nVMX: Always make an attempt to map eVMCS after migration Date: Mon, 17 May 2021 16:03:31 +0200 Message-Id: <20210517140312.246819970@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210517140302.043055203@linuxfoundation.org> References: <20210517140302.043055203@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Vitaly Kuznetsov commit f5c7e8425f18fdb9bdb7d13340651d7876890329 upstream. When enlightened VMCS is in use and nested state is migrated with vmx_get_nested_state()/vmx_set_nested_state() KVM can't map evmcs page right away: evmcs gpa is not 'struct kvm_vmx_nested_state_hdr' and we can't read it from VP assist page because userspace may decide to restore HV_X64_MSR_VP_ASSIST_PAGE after restoring nested state (and QEMU, for example, does exactly that). To make sure eVMCS is mapped /vmx_set_nested_state() raises KVM_REQ_GET_NESTED_STATE_PAGES request. Commit f2c7ef3ba955 ("KVM: nSVM: cancel KVM_REQ_GET_NESTED_STATE_PAGES on nested vmexit") added KVM_REQ_GET_NESTED_STATE_PAGES clearing to nested_vmx_vmexit() to make sure MSR permission bitmap is not switched when an immediate exit from L2 to L1 happens right after migration (caused by a pending event, for example). Unfortunately, in the exact same situation we still need to have eVMCS mapped so nested_sync_vmcs12_to_shadow() reflects changes in VMCS12 to eVMCS. As a band-aid, restore nested_get_evmcs_page() when clearing KVM_REQ_GET_NESTED_STATE_PAGES in nested_vmx_vmexit(). The 'fix' is far from being ideal as we can't easily propagate possible failures and even if we could, this is most likely already too late to do so. The whole 'KVM_REQ_GET_NESTED_STATE_PAGES' idea for mapping eVMCS after migration seems to be fragile as we diverge too much from the 'native' path when vmptr loading happens on vmx_set_nested_state(). Fixes: f2c7ef3ba955 ("KVM: nSVM: cancel KVM_REQ_GET_NESTED_STATE_PAGES on nested vmexit") Signed-off-by: Vitaly Kuznetsov Message-Id: <20210503150854.1144255-2-vkuznets@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: Paolo Bonzini Signed-off-by: Greg Kroah-Hartman --- arch/x86/kvm/vmx/nested.c | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -3140,15 +3140,8 @@ static bool nested_get_evmcs_page(struct nested_vmx_handle_enlightened_vmptrld(vcpu, false); if (evmptrld_status == EVMPTRLD_VMFAIL || - evmptrld_status == EVMPTRLD_ERROR) { - pr_debug_ratelimited("%s: enlightened vmptrld failed\n", - __func__); - vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR; - vcpu->run->internal.suberror = - KVM_INTERNAL_ERROR_EMULATION; - vcpu->run->internal.ndata = 0; + evmptrld_status == EVMPTRLD_ERROR) return false; - } } return true; @@ -3236,8 +3229,16 @@ static bool nested_get_vmcs12_pages(stru static bool vmx_get_nested_state_pages(struct kvm_vcpu *vcpu) { - if (!nested_get_evmcs_page(vcpu)) + if (!nested_get_evmcs_page(vcpu)) { + pr_debug_ratelimited("%s: enlightened vmptrld failed\n", + __func__); + vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR; + vcpu->run->internal.suberror = + KVM_INTERNAL_ERROR_EMULATION; + vcpu->run->internal.ndata = 0; + return false; + } if (is_guest_mode(vcpu) && !nested_get_vmcs12_pages(vcpu)) return false; @@ -4467,7 +4468,15 @@ void nested_vmx_vmexit(struct kvm_vcpu * /* trying to cancel vmlaunch/vmresume is a bug */ WARN_ON_ONCE(vmx->nested.nested_run_pending); - kvm_clear_request(KVM_REQ_GET_NESTED_STATE_PAGES, vcpu); + if (kvm_check_request(KVM_REQ_GET_NESTED_STATE_PAGES, vcpu)) { + /* + * KVM_REQ_GET_NESTED_STATE_PAGES is also used to map + * Enlightened VMCS after migration and we still need to + * do that when something is forcing L2->L1 exit prior to + * the first L2 run. + */ + (void)nested_get_evmcs_page(vcpu); + } /* Service the TLB flush request for L2 before switching to L1. */ if (kvm_check_request(KVM_REQ_TLB_FLUSH_CURRENT, vcpu))