Received: by 2002:a05:6a10:d5a5:0:0:0:0 with SMTP id gn37csp357203pxb; Wed, 6 Oct 2021 06:32:08 -0700 (PDT) X-Google-Smtp-Source: ABdhPJziT5nutI5hiMgGNxt3yanLGZX89SsfmJYuJ9xaHbxE9dJKtcnmssna8j0IJUAQBaPAKV5L X-Received: by 2002:aa7:8298:0:b029:338:340:a085 with SMTP id s24-20020aa782980000b02903380340a085mr36885210pfm.46.1633527128636; Wed, 06 Oct 2021 06:32:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1633527128; cv=none; d=google.com; s=arc-20160816; b=gLtxXVHT25IZawqquS8M6WHo3g5peFRyBqXPQw3agnMX5ANUw9HdpJ0HzD310a/Zf+ 3xFhg1aTghVOWoCou621FlOHzUHCp5dLS3yytdyDMZbOy2jotqAzlc3x9NGczexiSsbw l2iEZqryKYYBtO2HAG6lP9+KR5cHAvt0URfD1sKjviL2WUo9tWAAd4F0Pq07yibrmGsY MKPBXQl58vHLCHFfge+HgkZv2hjV0BHcaI0c4Rt3dh6J8G8t+qjP+1/iJrP0AfsiK9SL WwBsXs4G2ePfXv6xFcOsaC1qv2YdPu+qd4HuaGqLCJ33ZPc82brlZqDn3yuN0O9AI0Pa SW9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=0vOjVuds4bkcMRtKwq/e2NinUlqbBOs9Ko5oDYavZU0=; b=D6zIROkaInLwcCMldD0VV9mCRi0Uw9mB9AozWGXt6Czli1hGdmtkSP1p6+5hT+Ppsb x52y0ea3BEL0508T/1KlN7QTBA6KSsUjTNeWx5H8jVaTdGl4QwVB8+GcBBJhyWDgGAaH kYaxCIZiNd277vwr8mqx18BwzgbbkvEgYdvYbEaSYFqvqaqB2+vCMEUAe9gZfWkjIXxh IrK1rNW1VL6BGBfkHP+JwW1HAMqx2Cd0LT9sol3bT0BOyXCd3RgQZMZQlVeYcRK17Wsx Ki3bQIfvx8H5gzqJ5DkmjG2qPtit/mvev/Qy8gTTTvMKdZLvVkricMKnfjxlVF8yl9U6 EvOw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=WVo8I5eP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e3si25311601pgg.34.2021.10.06.06.31.51; Wed, 06 Oct 2021 06:32:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=WVo8I5eP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238944AbhJFNc1 (ORCPT + 99 others); Wed, 6 Oct 2021 09:32:27 -0400 Received: from mail.kernel.org ([198.145.29.99]:48942 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238868AbhJFNcX (ORCPT ); Wed, 6 Oct 2021 09:32:23 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id EA38E61075; Wed, 6 Oct 2021 13:30:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1633527030; bh=3X4bHHU6qsEzNqkqSdvTI2O/IYbV9+9XJ5AhO6SVdXM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WVo8I5ePPvfu6D+bIV5wGjwhLxLfl0YgjwKl5gdobUXPpHbVjtm0LxGHaeo5qyqxv tgjNuoI7EWpbG8IZOuDn2XMZXS+k3ph8KW6pDfGTSTCAGhPOYRnPhimR1EO2VnN4IE PAjMie+aP6n2NwAyi0TZr79kqmBOhp8mqxPJhX2/xyTMPLDjjGGQLrRJg0hM5rPRA/ AJOqYS0VMNjPIoX/aAO5dAwDag/Pr1m/6IKlRAYnVi5/cR6s+bU9YcXXkApcOuSEY7 VyfjelGRb4GX8BCvyF6PrrPLoS1X1k0bIDxZyGfF5EqaJKFn0R75YTLHkSo5s/KRZx 7BfH+Y42tiSYA== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Maxim Levitsky , Paolo Bonzini , Sasha Levin , tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, x86@kernel.org, kvm@vger.kernel.org Subject: [PATCH MANUALSEL 5.14 6/9] KVM: x86: nVMX: don't fail nested VM entry on invalid guest state if !from_vmentry Date: Wed, 6 Oct 2021 09:30:18 -0400 Message-Id: <20211006133021.271905-6-sashal@kernel.org> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211006133021.271905-1-sashal@kernel.org> References: <20211006133021.271905-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Maxim Levitsky [ Upstream commit c8607e4a086fae05efe5bffb47c5199c65e7216e ] It is possible that when non root mode is entered via special entry (!from_vmentry), that is from SMM or from loading the nested state, the L2 state could be invalid in regard to non unrestricted guest mode, but later it can become valid. (for example when RSM emulation restores segment registers from SMRAM) Thus delay the check to VM entry, where we will check this and fail. Signed-off-by: Maxim Levitsky Message-Id: <20210913140954.165665-7-mlevitsk@redhat.com> Signed-off-by: Paolo Bonzini Signed-off-by: Sasha Levin --- arch/x86/kvm/vmx/nested.c | 7 ++++++- arch/x86/kvm/vmx/vmx.c | 5 ++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index ac1803dac435..2e8a46f9f552 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -2576,8 +2576,13 @@ static int prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12, * Guest state is invalid and unrestricted guest is disabled, * which means L1 attempted VMEntry to L2 with invalid state. * Fail the VMEntry. + * + * However when force loading the guest state (SMM exit or + * loading nested state after migration, it is possible to + * have invalid guest state now, which will be later fixed by + * restoring L2 register state */ - if (CC(!vmx_guest_state_valid(vcpu))) { + if (CC(from_vmentry && !vmx_guest_state_valid(vcpu))) { *entry_failure_code = ENTRY_FAIL_DEFAULT; return -EINVAL; } diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 339116ff236f..974029917713 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -6613,7 +6613,10 @@ static fastpath_t vmx_vcpu_run(struct kvm_vcpu *vcpu) * consistency check VM-Exit due to invalid guest state and bail. */ if (unlikely(vmx->emulation_required)) { - vmx->fail = 0; + + /* We don't emulate invalid state of a nested guest */ + vmx->fail = is_guest_mode(vcpu); + vmx->exit_reason.full = EXIT_REASON_INVALID_STATE; vmx->exit_reason.failed_vmentry = 1; kvm_register_mark_available(vcpu, VCPU_EXREG_EXIT_INFO_1); -- 2.33.0