Received: by 2002:a05:6a10:7420:0:0:0:0 with SMTP id hk32csp4129898pxb;
        Mon, 21 Feb 2022 12:51:46 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwn65w75cIwPEBzPyGyRZ2t4Ljhy+ITzBNDRzZEYSvXzRGtNg9uvDMHap8avNoEwtXOOSuf
X-Received: by 2002:a05:6402:40d0:b0:412:f86a:efd1 with SMTP id z16-20020a05640240d000b00412f86aefd1mr8442771edb.194.1645476706060;
        Mon, 21 Feb 2022 12:51:46 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1645476706; cv=none;
        d=google.com; s=arc-20160816;
        b=QiyIueFIemS0XjtezajPmKcLs/1/ukfZrs7+FbGwcNptCLlmqU+Pt1Ii0XYf3DWBcG
         CbzWDt7bxZqbRDIWaGFtyd9NZ4pZOYY37WLBZV0zC+gc/ocBZg6sKX+wHB+qzRJBU7yd
         IV/mAnvXgMfVVEQO12+XY/O3Cgd7fLH7sUXOSMNwlEhcWQHILSJyC40pjNFsvJH0NfcY
         z/RhF28t0jn/p5aVgAu9LfPHF7pHJAaga6LFRj2/0Rx2Xb7v1C7U3zB08lMoMNsJ+zTU
         H3915idO/r+y6UYaYUqkTwbjIK5ncXQPVDflWVfJvaqF2DS6q9iqMkUfuRYMPE6ihyt4
         nHEQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=OLITLV35IlnsVudj6/anQPlgpqK6QsJX/fk2qQJihOs=;
        b=mJqrIOs6n7N3prkutSQjZ/ovOw3/FNfLzKRhAQ2xyxTTNw188j7XGyEsfvVoLjwqZb
         LUE9auGfRRxp/lvhhKUpxcYjFfHgZtka2qMQYj7iZmhp7ylVFazWSCQElBfaorUSmJpw
         +ZczYX9r9CKlKKTiRqn0zvAfC9dST0QO43uExwDJaJGNNVLPONv1m3MotdQrBi91SoTz
         CZIxAG7K+IC2fJ5sZLzdmZN3k6fV8+k1nSZdgZphuPrUmsffT+oR8iT9L6FaeeDa03Ol
         cMmPhfKaVk2mFCtwY78YmM9d1VPR5K39Do9yPmwHfBPiooyk1WGC3hISEWIFgFpfoVqa
         kFQA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=YTOnPh2D;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id ha18si3344964ejb.99.2022.02.21.12.51.23;
        Mon, 21 Feb 2022 12:51:46 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=YTOnPh2D;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1353777AbiBUJ5x (ORCPT <rfc822;andreykovskii@gmail.com>
        + 99 others); Mon, 21 Feb 2022 04:57:53 -0500
Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:43756 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1352570AbiBUJrf (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 21 Feb 2022 04:47:35 -0500
Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 657C142ED4;
        Mon, 21 Feb 2022 01:20:10 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by sin.source.kernel.org (Postfix) with ESMTPS id C7720CE0E80;
        Mon, 21 Feb 2022 09:20:08 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id B7153C340E9;
        Mon, 21 Feb 2022 09:20:06 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1645435207;
        bh=fuV+g5ItwfrMizpj8gb/qGp+Ga0dQF92sjKhMTC425I=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=YTOnPh2DE5i3i4snh+A/NWgTbHbM/VKutKXYf/vPfMfNEbazTlNkl8hWGwnUKPjgO
         GlQnUgNh2dOhNVKfhuMReUB9Klwng1tBmhk1fMsgZg7tQRT1lU1W2YPkQInAmZSPVc
         z+ll20F4U9oq9UfA/MHdeDSKgQgMeSH7SrbTudYs=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Maxim Levitsky <mlevitsk@redhat.com>,
        Paolo Bonzini <pbonzini@redhat.com>
Subject: [PATCH 5.16 075/227] KVM: x86: nSVM: mark vmcb01 as dirty when restoring SMM saved state
Date:   Mon, 21 Feb 2022 09:48:14 +0100
Message-Id: <20220221084937.368558831@linuxfoundation.org>
X-Mailer: git-send-email 2.35.1
In-Reply-To: <20220221084934.836145070@linuxfoundation.org>
References: <20220221084934.836145070@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Maxim Levitsky <mlevitsk@redhat.com>

commit e8efa4ff00374d2e6f47f6e4628ca3b541c001af upstream.

While usually, restoring the smm state makes the KVM enter
the nested guest thus a different vmcb (vmcb02 vs vmcb01),
KVM should still mark it as dirty, since hardware
can in theory cache multiple vmcbs.

Failure to do so, combined with lack of setting the
nested_run_pending (which is fixed in the next patch),
might make KVM re-enter vmcb01, which was just exited from,
with completely different set of guest state registers
(SMM vs non SMM) and without proper dirty bits set,
which results in the CPU reusing stale IDTR pointer
which leads to a guest shutdown on any interrupt.

On the real hardware this usually doesn't happen,
but when running nested, L0's KVM does check and
honour few dirty bits, causing this issue to happen.

This patch fixes boot of hyperv and SMM enabled
windows VM running nested on KVM.

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Cc: stable@vger.kernel.org
Message-Id: <20220207155447.840194-4-mlevitsk@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/x86/kvm/svm/svm.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -4449,6 +4449,8 @@ static int svm_leave_smm(struct kvm_vcpu
 	 * Enter the nested guest now
 	 */
 
+	vmcb_mark_all_dirty(svm->vmcb01.ptr);
+
 	vmcb12 = map.hva;
 	nested_load_control_from_vmcb12(svm, &vmcb12->control);
 	ret = enter_svm_guest_mode(vcpu, vmcb12_gpa, vmcb12, false);