Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp2718329pxv; Sun, 11 Jul 2021 23:42:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy05/DSdklr5fqreEIgloh0nhnJTRMiabnOhbnVR8leKSnjs7Hyav3va5rNLN/xc2EfAcMH X-Received: by 2002:a17:907:72d3:: with SMTP id du19mr36010953ejc.15.1626072148955; Sun, 11 Jul 2021 23:42:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626072148; cv=none; d=google.com; s=arc-20160816; b=KX0FOJaPK73BibpJB1WXOUyb+eW0uMYBjvqnTZ15gPjjiSCeB5u3yKM9c9FZYbECqD ucvzzYMUMNeOY2m0tQ5sxDlKUZsg8YrgnJ+ovRDqeGXaa5NVBG+ca7ojlW0Dy5plmxUC j2MXiC6A/1IlpJLN+gouxinE8HWpCbq78RJ8Jx/lxg3rQ8MJEY1zqMhH+3ul6sDLR7JY 5K8QTZ2e238BIbD6xx3Uo1FaUtzbSxwlWvoRnXZ2qRdE/h9MLt8eg6lY8ZJ/K1uREH+e xcRwGn+Yz7eBkX14kixL+7NU+wIUOS9yIGrKY/dPSXhWvSu/Q6dCroX13yPdD9T408wH lgTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=kl7EddO9Kq7kHhdNxcdhpVsRzhorf1CbO/iR9675GAo=; b=ml4kRXDOj05Zoat3Igo1j3DZLoyRJrnLV9of52Azhj82pT8obz8IRxPl6X07sXXNfJ M5S9p9zBjWQEt5T7xc85sWugZcSigwPbaYJbbDsJMNS985o3LhvL79Zo9xO76zy2TI+e oFttPcnnA7GD36YsYq+kmZSQSwABp1ojZ0tEWOf3DaNG0Nqz42skgqc802XdABVp6i6n FFm77BVmJPtIPTIINzwfjJuUhFwx/Q9JkPHs0IRR3O4pP74d31mqwhOaCCYsxhAuB10d iXLncvNeH7EU1fiGquG4dutcg+SE9mqnBjlrwxNE68mG+108OvmIam9Y+muSqiDyc1LJ VwaA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=TKui6uEB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id cd8si17600638ejb.430.2021.07.11.23.42.06; Sun, 11 Jul 2021 23:42:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=TKui6uEB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238342AbhGLGnw (ORCPT + 99 others); Mon, 12 Jul 2021 02:43:52 -0400 Received: from mail.kernel.org ([198.145.29.99]:54932 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237729AbhGLGet (ORCPT ); Mon, 12 Jul 2021 02:34:49 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id F1BEE61006; Mon, 12 Jul 2021 06:31:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1626071487; bh=DSZyYzhJotfCKGAIacXj6L5zB78kS4zPwJGJEBxsjF4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=TKui6uEBvH5pD0ifU+UUvRUd/PZPfJkH7MdDt0FdWpvd0ibG/9z+Bz+W3fJ4wKIBK I3zQpMzL/mwtoCoX4q6SBsOq8rjkSKlQ0ZOldfii91HCuLEbBv3k930g3LzhgpTH7n MSsB1Ix3/vsond9+mVfnfxQl4fJE+V3qey1mv5cE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sean Christopherson , Paolo Bonzini Subject: [PATCH 5.10 064/593] KVM: x86/mmu: Use MMUs role to detect CR4.SMEP value in nested NPT walk Date: Mon, 12 Jul 2021 08:03:44 +0200 Message-Id: <20210712060850.235380453@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210712060843.180606720@linuxfoundation.org> References: <20210712060843.180606720@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sean Christopherson commit ef318b9edf66a082f23d00d79b70c17b4c055a26 upstream. Use the MMU's role to get its effective SMEP value when injecting a fault into the guest. When walking L1's (nested) NPT while L2 is active, vCPU state will reflect L2, whereas NPT uses the host's (L1 in this case) CR0, CR4, EFER, etc... If L1 and L2 have different settings for SMEP and L1 does not have EFER.NX=1, this can result in an incorrect PFEC.FETCH when injecting #NPF. Fixes: e57d4a356ad3 ("KVM: Add instruction fetch checking when walking guest page table") Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson Message-Id: <20210622175739.3610207-5-seanjc@google.com> Signed-off-by: Paolo Bonzini Signed-off-by: Greg Kroah-Hartman --- arch/x86/kvm/mmu/paging_tmpl.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/arch/x86/kvm/mmu/paging_tmpl.h +++ b/arch/x86/kvm/mmu/paging_tmpl.h @@ -471,8 +471,7 @@ retry_walk: error: errcode |= write_fault | user_fault; - if (fetch_fault && (mmu->nx || - kvm_read_cr4_bits(vcpu, X86_CR4_SMEP))) + if (fetch_fault && (mmu->nx || mmu->mmu_role.ext.cr4_smep)) errcode |= PFERR_FETCH_MASK; walker->fault.vector = PF_VECTOR;