Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp2712157pxv; Sun, 11 Jul 2021 23:31:09 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxF/FEEUq7yJMxLR6RP/2RJsFK8iY8sCluyJgrCueRZ+AhwW8qVjfocxGsppjGubdM/2cqk X-Received: by 2002:a17:907:9622:: with SMTP id gb34mr5337634ejc.35.1626071468755; Sun, 11 Jul 2021 23:31:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626071468; cv=none; d=google.com; s=arc-20160816; b=zlWqNZRlZAt7Gz20wm6oVIFza/Mz1V6eaCHopFUhZDIP9zMRdcXlvcsoRCev0S/DE4 8sAlgmuY9Vu040IV5srLsNP/Vv6d4b2XvUfzC4m0aXnzxpRsWdNg9WPTZz3qWWt/rkRu qaWLSbcnHydsIqshp5nExhE76gCCB804TFdJQFXql9xLIYK2L63z263G5/komu5evYLc 7nu0COLwE/ArLOzfUWHMSD8XF3mvZWzSGTRQQbfYmwYzGdbaz1M+K7iy8+SMLcg6TX2r tGI4TB6RPzJiZZ4iTcIYv6aJzp5eMWPttSZKhhNuowKr/JtGMKOb7AZpNoR/MkBn3rO9 lbvw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=js8O9xXCapt6F/8vwp6KqBrh1dl6T3R/FkjDlyHwrLg=; b=NY4SkRZCYtrOUiGgN2mW4EuIn9EYVOiTRsFoge41A1nRQTJuiFCDJpKPJ9i2DwfHIY H7e8jl6EZZTNIjEmtzNpWntUcuSya1FywdCESg36+IxkK9hki6P90aSIweVUGlgOb23i 10OaP99/Bej0VCv/MYOWxHqX0zWkmM8r0avoGdRJL6I/mqNMV2W9JTiJ93WzK8tk2ptd 9XJyUXNvd9bCACqsB25EHMFb5o+Ngtk+YoXrZHDrM3q5i9Bgcn7XH5OOoeC8+7hO+p/6 r1Us3B4chkw0WYB60HF3gO+z/LpSYO7wx9Ra0e8z03qDfoDfh06MUqLgmA+59aLRMoic biUw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=RjkuSnLY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dz7si16296888edb.564.2021.07.11.23.30.46; Sun, 11 Jul 2021 23:31:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=RjkuSnLY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235806AbhGLG3d (ORCPT + 99 others); Mon, 12 Jul 2021 02:29:33 -0400 Received: from mail.kernel.org ([198.145.29.99]:46660 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234647AbhGLGZS (ORCPT ); Mon, 12 Jul 2021 02:25:18 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id C82FA610E5; Mon, 12 Jul 2021 06:22:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1626070950; bh=id9z8FpgwbAPyQ6YvL4U2wN00hzcj0Zs81YLXgiL3rA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=RjkuSnLY4kUrtaYulRfU/1pGhphWVGgjmANuHHQJ2giIwe46rIC+Gjt4VoREJJTRD RkzqquC1IxKPyIbLirBSMAJFLt/RlP6a29FPq1G0xuSNjPK2shTKMguEhFKmgXhk8H lBhHv7LbVWk0oPsQaTXNJFgNhT0uN0Jxow5uK8Hc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sean Christopherson , Paolo Bonzini , Sasha Levin Subject: [PATCH 5.4 167/348] KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap Date: Mon, 12 Jul 2021 08:09:11 +0200 Message-Id: <20210712060723.055400739@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210712060659.886176320@linuxfoundation.org> References: <20210712060659.886176320@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sean Christopherson [ Upstream commit 0e75225dfa4c5d5d51291f54a3d2d5895bad38da ] Use BIT_ULL() instead of an open-coded shift to check whether or not a function is enabled in L1's VMFUNC bitmap. This is a benign bug as KVM supports only bit 0, and will fail VM-Enter if any other bits are set, i.e. bits 63:32 are guaranteed to be zero. Note, "function" is bounded by hardware as VMFUNC will #UD before taking a VM-Exit if the function is greater than 63. Before: if ((vmcs12->vm_function_control & (1 << function)) == 0) 0x000000000001a916 <+118>: mov $0x1,%eax 0x000000000001a91b <+123>: shl %cl,%eax 0x000000000001a91d <+125>: cltq 0x000000000001a91f <+127>: and 0x128(%rbx),%rax After: if (!(vmcs12->vm_function_control & BIT_ULL(function & 63))) 0x000000000001a955 <+117>: mov 0x128(%rbx),%rdx 0x000000000001a95c <+124>: bt %rax,%rdx Fixes: 27c42a1bb867 ("KVM: nVMX: Enable VMFUNC for the L1 hypervisor") Signed-off-by: Sean Christopherson Message-Id: <20210609234235.1244004-3-seanjc@google.com> Signed-off-by: Paolo Bonzini Signed-off-by: Sasha Levin --- arch/x86/kvm/vmx/nested.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 3f63bd7421ac..023bd3e1aa0d 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -5099,7 +5099,7 @@ static int handle_vmfunc(struct kvm_vcpu *vcpu) } vmcs12 = get_vmcs12(vcpu); - if ((vmcs12->vm_function_control & (1 << function)) == 0) + if (!(vmcs12->vm_function_control & BIT_ULL(function))) goto fail; switch (function) { -- 2.30.2