Received: by 2002:a05:6a10:7420:0:0:0:0 with SMTP id hk32csp4129898pxb; Mon, 21 Feb 2022 12:51:46 -0800 (PST) X-Google-Smtp-Source: ABdhPJwn65w75cIwPEBzPyGyRZ2t4Ljhy+ITzBNDRzZEYSvXzRGtNg9uvDMHap8avNoEwtXOOSuf X-Received: by 2002:a05:6402:40d0:b0:412:f86a:efd1 with SMTP id z16-20020a05640240d000b00412f86aefd1mr8442771edb.194.1645476706060; Mon, 21 Feb 2022 12:51:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645476706; cv=none; d=google.com; s=arc-20160816; b=QiyIueFIemS0XjtezajPmKcLs/1/ukfZrs7+FbGwcNptCLlmqU+Pt1Ii0XYf3DWBcG CbzWDt7bxZqbRDIWaGFtyd9NZ4pZOYY37WLBZV0zC+gc/ocBZg6sKX+wHB+qzRJBU7yd IV/mAnvXgMfVVEQO12+XY/O3Cgd7fLH7sUXOSMNwlEhcWQHILSJyC40pjNFsvJH0NfcY z/RhF28t0jn/p5aVgAu9LfPHF7pHJAaga6LFRj2/0Rx2Xb7v1C7U3zB08lMoMNsJ+zTU H3915idO/r+y6UYaYUqkTwbjIK5ncXQPVDflWVfJvaqF2DS6q9iqMkUfuRYMPE6ihyt4 nHEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=OLITLV35IlnsVudj6/anQPlgpqK6QsJX/fk2qQJihOs=; b=mJqrIOs6n7N3prkutSQjZ/ovOw3/FNfLzKRhAQ2xyxTTNw188j7XGyEsfvVoLjwqZb LUE9auGfRRxp/lvhhKUpxcYjFfHgZtka2qMQYj7iZmhp7ylVFazWSCQElBfaorUSmJpw +ZczYX9r9CKlKKTiRqn0zvAfC9dST0QO43uExwDJaJGNNVLPONv1m3MotdQrBi91SoTz CZIxAG7K+IC2fJ5sZLzdmZN3k6fV8+k1nSZdgZphuPrUmsffT+oR8iT9L6FaeeDa03Ol cMmPhfKaVk2mFCtwY78YmM9d1VPR5K39Do9yPmwHfBPiooyk1WGC3hISEWIFgFpfoVqa kFQA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=YTOnPh2D; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ha18si3344964ejb.99.2022.02.21.12.51.23; Mon, 21 Feb 2022 12:51:46 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=YTOnPh2D; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1353777AbiBUJ5x (ORCPT + 99 others); Mon, 21 Feb 2022 04:57:53 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:43756 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1352570AbiBUJrf (ORCPT ); Mon, 21 Feb 2022 04:47:35 -0500 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 657C142ED4; Mon, 21 Feb 2022 01:20:10 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sin.source.kernel.org (Postfix) with ESMTPS id C7720CE0E80; Mon, 21 Feb 2022 09:20:08 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B7153C340E9; Mon, 21 Feb 2022 09:20:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1645435207; bh=fuV+g5ItwfrMizpj8gb/qGp+Ga0dQF92sjKhMTC425I=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=YTOnPh2DE5i3i4snh+A/NWgTbHbM/VKutKXYf/vPfMfNEbazTlNkl8hWGwnUKPjgO GlQnUgNh2dOhNVKfhuMReUB9Klwng1tBmhk1fMsgZg7tQRT1lU1W2YPkQInAmZSPVc z+ll20F4U9oq9UfA/MHdeDSKgQgMeSH7SrbTudYs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Maxim Levitsky , Paolo Bonzini Subject: [PATCH 5.16 075/227] KVM: x86: nSVM: mark vmcb01 as dirty when restoring SMM saved state Date: Mon, 21 Feb 2022 09:48:14 +0100 Message-Id: <20220221084937.368558831@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220221084934.836145070@linuxfoundation.org> References: <20220221084934.836145070@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Maxim Levitsky commit e8efa4ff00374d2e6f47f6e4628ca3b541c001af upstream. While usually, restoring the smm state makes the KVM enter the nested guest thus a different vmcb (vmcb02 vs vmcb01), KVM should still mark it as dirty, since hardware can in theory cache multiple vmcbs. Failure to do so, combined with lack of setting the nested_run_pending (which is fixed in the next patch), might make KVM re-enter vmcb01, which was just exited from, with completely different set of guest state registers (SMM vs non SMM) and without proper dirty bits set, which results in the CPU reusing stale IDTR pointer which leads to a guest shutdown on any interrupt. On the real hardware this usually doesn't happen, but when running nested, L0's KVM does check and honour few dirty bits, causing this issue to happen. This patch fixes boot of hyperv and SMM enabled windows VM running nested on KVM. Signed-off-by: Maxim Levitsky Cc: stable@vger.kernel.org Message-Id: <20220207155447.840194-4-mlevitsk@redhat.com> Signed-off-by: Paolo Bonzini Signed-off-by: Greg Kroah-Hartman --- arch/x86/kvm/svm/svm.c | 2 ++ 1 file changed, 2 insertions(+) --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4449,6 +4449,8 @@ static int svm_leave_smm(struct kvm_vcpu * Enter the nested guest now */ + vmcb_mark_all_dirty(svm->vmcb01.ptr); + vmcb12 = map.hva; nested_load_control_from_vmcb12(svm, &vmcb12->control); ret = enter_svm_guest_mode(vcpu, vmcb12_gpa, vmcb12, false);