Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp2833044pxv; Mon, 12 Jul 2021 03:04:38 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxdJob1kQIhyv2xtPUrfD3+9fMaw1BD82IXeFh6wbO8CrFTAqSHPUWQz8EQdsoMJLj3KsSL X-Received: by 2002:a92:dcce:: with SMTP id b14mr13133494ilr.39.1626084278479; Mon, 12 Jul 2021 03:04:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626084278; cv=none; d=google.com; s=arc-20160816; b=yQCBEgCc0q3w/cXftMqEEwPGzD6s4a7PnvRb4AUYZ55wvv4c8OPMWOLm7ZZ0Ek18pK iSbwolVGAY/+H42iH//LyN1WNfya+wQdVJIzdP/9Ew+AMAe/EI9gk4KCL0q12xwX20Yo YZiqT36vGnUc0GukTiRTJqnZtTGWDCLD6xObGYP3/osGCu9YTIv5b8iookIdiXYwJFhl dZLWDG2FCvrweuvNoa99QbKvo+8srzemjrFOuPywLBOcsdKi3iq9Z6HF/cNa/Z9SB/DG eiqf4GF0c84mgFc7l8wuUJX+6G3BQ1BEtgOXqIc3MroTi62qUvRW3frM4srBJJJ7Yn+2 orqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=kl7EddO9Kq7kHhdNxcdhpVsRzhorf1CbO/iR9675GAo=; b=rBesvtnlssTPs14ilrkBMWqi8s1rYUlMfzxodAaKPNlqCDAE1Q5InUAvdxf2hs5s2u d5DX59qjd54JRPapq24ri1d455f5Cx58RI+LmlHxlYGREGxv/H3v+dPI9iMFG/zX5ds6 mDxVobwSYLFlJxz4OesWWfv8p/c9r2p+Bn7HfailS/YCrYtuol6oSoJEWc5Sl6vgIqa3 mrmcQtvhvcoeBTlTm33rf7il83a3e1d+XkhMK97SgU0hEhGHDYerGtHCUxh3+TLyU2ud uEYXX+47F30dr+U0tbfIE30QAG5bNPHmiNO9m3UzSPBUMqRBDefH3PEwqnPCm3orK6XY /TTQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=aVBJnNje; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b4si4141348jat.6.2021.07.12.03.04.25; Mon, 12 Jul 2021 03:04:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=aVBJnNje; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345390AbhGLHZ0 (ORCPT + 99 others); Mon, 12 Jul 2021 03:25:26 -0400 Received: from mail.kernel.org ([198.145.29.99]:33242 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240083AbhGLG6f (ORCPT ); Mon, 12 Jul 2021 02:58:35 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 308FC6124B; Mon, 12 Jul 2021 06:55:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1626072947; bh=DSZyYzhJotfCKGAIacXj6L5zB78kS4zPwJGJEBxsjF4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=aVBJnNjee4KGKbX+pYmRqTeE2eWw7lPzbfu86p4Ityre9jYrb/mWN/AGzgfAq82vf TSSKEJYZKtDv1DinYjSGPZZ0Xu0Iy2VeJCG+q+C3VR0a3OufuaFeC/lyOee9Lw6vml P4BXtq7fHmqtLPRWcC2x4i+jSn/lAZ1XnRdYTl8Y= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sean Christopherson , Paolo Bonzini Subject: [PATCH 5.12 073/700] KVM: x86/mmu: Use MMUs role to detect CR4.SMEP value in nested NPT walk Date: Mon, 12 Jul 2021 08:02:36 +0200 Message-Id: <20210712060935.020357020@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210712060924.797321836@linuxfoundation.org> References: <20210712060924.797321836@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sean Christopherson commit ef318b9edf66a082f23d00d79b70c17b4c055a26 upstream. Use the MMU's role to get its effective SMEP value when injecting a fault into the guest. When walking L1's (nested) NPT while L2 is active, vCPU state will reflect L2, whereas NPT uses the host's (L1 in this case) CR0, CR4, EFER, etc... If L1 and L2 have different settings for SMEP and L1 does not have EFER.NX=1, this can result in an incorrect PFEC.FETCH when injecting #NPF. Fixes: e57d4a356ad3 ("KVM: Add instruction fetch checking when walking guest page table") Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson Message-Id: <20210622175739.3610207-5-seanjc@google.com> Signed-off-by: Paolo Bonzini Signed-off-by: Greg Kroah-Hartman --- arch/x86/kvm/mmu/paging_tmpl.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/arch/x86/kvm/mmu/paging_tmpl.h +++ b/arch/x86/kvm/mmu/paging_tmpl.h @@ -471,8 +471,7 @@ retry_walk: error: errcode |= write_fault | user_fault; - if (fetch_fault && (mmu->nx || - kvm_read_cr4_bits(vcpu, X86_CR4_SMEP))) + if (fetch_fault && (mmu->nx || mmu->mmu_role.ext.cr4_smep)) errcode |= PFERR_FETCH_MASK; walker->fault.vector = PF_VECTOR;