Received: by 2002:a05:6a10:7420:0:0:0:0 with SMTP id hk32csp4420841pxb;
        Mon, 21 Feb 2022 21:04:05 -0800 (PST)
X-Google-Smtp-Source: ABdhPJybNW7BJOaiIUiOXlFOCZeq3MFtcQcsdbqxlCLBkHwsrzGb62FsOrU8afoqrO1hi5hyKt2r
X-Received: by 2002:a17:903:2442:b0:14f:b66e:790b with SMTP id l2-20020a170903244200b0014fb66e790bmr8174161pls.121.1645506245184;
        Mon, 21 Feb 2022 21:04:05 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1645506245; cv=none;
        d=google.com; s=arc-20160816;
        b=pfae66/o/6mGvbYbfsjeNHtLSHx57epBk+dKzq6wsyMoQJRkH6bwnLrKUJbOF+1B0S
         g2GwsqpRDvKw+GrlRpPdg183I9fJlFmBtdBFgIxX61PZk3VdBx8kSwfrvjHZahaNdNuY
         wUDepYmWRrA6BhEvSQUlxw5awPRW44itbQRRYvQspRY9n0s63tUSOkMPjLkKBGnw623k
         0Dh3IyBmLPbEfGq/lt9d2zraolbWpHIDIuMWfyoK8dqlGYV+cfe1bJCobWvT8xU4dTFu
         T4jschcLFvF1RrOwESIVC4Qc45Vwpw7nawByI6lCauW+XOaE9i4xiKVT3ELwXcIK90TE
         c+/g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=2WcnEjV8v9QZZvwSRVVx0t+EeMNrgQUWGhFyKmjxe4E=;
        b=fcq1Fgkkdzwwzs3XtgOLgbpKCu3IReQjT/uXl12S9Yj1D83MnQ0mK9C8Zv+GeeC2uq
         mVUu+/8m1ro55HRi4q2g66u8xh5sm38ad3U0xFw+Y2gSMf27vO7pokB71xiUThOuvjRw
         J5Eol3YYp/vR+L/N8S2PI+gXSCBVNMZ/iQ5GibonGMUNAQe+gpepcKGdDrzDO1+OvKOj
         FqNJRCqi6ddQDNo9MAaObqTWnigZIOWGtt+pl8qwjUoW/JYL+Ovfyaybb5zDNIg/ornX
         B6vu2FBRkcHPqKSojT6tZ42A1TM1j1khvNG8Bgx5vi7adfOJgltsLixUjMOl3UkhQYAT
         lPDw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=QdB6X29T;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18])
        by mx.google.com with ESMTPS id g4si14401843plp.344.2022.02.21.21.04.04
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 21 Feb 2022 21:04:05 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=QdB6X29T;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id 84EAD205ED;
	Mon, 21 Feb 2022 20:37:19 -0800 (PST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1351561AbiBUJv6 (ORCPT <rfc822;andreykovskii@gmail.com>
        + 99 others); Mon, 21 Feb 2022 04:51:58 -0500
Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:40158 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1352422AbiBUJr1 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 21 Feb 2022 04:47:27 -0500
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BB804427E2;
        Mon, 21 Feb 2022 01:19:45 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id 5726560F71;
        Mon, 21 Feb 2022 09:19:45 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3CA6AC340E9;
        Mon, 21 Feb 2022 09:19:44 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1645435184;
        bh=UZzJEtPpZHkwZAVOc12NZhYi/u6DMPaLPsuvQQWcqNE=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=QdB6X29TRFCObU+xLvEV1YVVcPBvaSjIe2EMjYuL3LJeAoxM+/NubgogVC+VHucdT
         fGVNacBYzBqTUphGf4f3nb1bSQqMTuWS91z/X2ngmtojGYMG4YbqaFJz0GUJElz6uU
         +iQMjCChmRMQrek7dNSoR5HTLD66fRsE3I4otukU=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Maxim Levitsky <mlevitsk@redhat.com>,
        Paolo Bonzini <pbonzini@redhat.com>
Subject: [PATCH 5.16 073/227] KVM: x86: SVM: dont passthrough SMAP/SMEP/PKE bits in !NPT && !gCR0.PG case
Date:   Mon, 21 Feb 2022 09:48:12 +0100
Message-Id: <20220221084937.298472604@linuxfoundation.org>
X-Mailer: git-send-email 2.35.1
In-Reply-To: <20220221084934.836145070@linuxfoundation.org>
References: <20220221084934.836145070@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE
	autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Maxim Levitsky <mlevitsk@redhat.com>

commit c53bbe2145f51d3bc0438c2db02e737b9b598bf3 upstream.

When the guest doesn't enable paging, and NPT/EPT is disabled, we
use guest't paging CR3's as KVM's shadow paging pointer and
we are technically in direct mode as if we were to use NPT/EPT.

In direct mode we create SPTEs with user mode permissions
because usually in the direct mode the NPT/EPT doesn't
need to restrict access based on guest CPL
(there are MBE/GMET extenstions for that but KVM doesn't use them).

In this special "use guest paging as direct" mode however,
and if CR4.SMAP/CR4.SMEP are enabled, that will make the CPU
fault on each access and KVM will enter endless loop of page faults.

Since page protection doesn't have any meaning in !PG case,
just don't passthrough these bits.

The fix is the same as was done for VMX in commit:
commit 656ec4a4928a ("KVM: VMX: fix SMEP and SMAP without EPT")

This fixes the boot of windows 10 without NPT for good.
(Without this patch, BSP boots, but APs were stuck in endless
loop of page faults, causing the VM boot with 1 CPU)

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Cc: stable@vger.kernel.org
Message-Id: <20220207155447.840194-2-mlevitsk@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/x86/kvm/svm/svm.c |   12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -1795,6 +1795,7 @@ void svm_set_cr0(struct kvm_vcpu *vcpu,
 {
 	struct vcpu_svm *svm = to_svm(vcpu);
 	u64 hcr0 = cr0;
+	bool old_paging = is_paging(vcpu);
 
 #ifdef CONFIG_X86_64
 	if (vcpu->arch.efer & EFER_LME && !vcpu->arch.guest_state_protected) {
@@ -1811,8 +1812,11 @@ void svm_set_cr0(struct kvm_vcpu *vcpu,
 #endif
 	vcpu->arch.cr0 = cr0;
 
-	if (!npt_enabled)
+	if (!npt_enabled) {
 		hcr0 |= X86_CR0_PG | X86_CR0_WP;
+		if (old_paging != is_paging(vcpu))
+			svm_set_cr4(vcpu, kvm_read_cr4(vcpu));
+	}
 
 	/*
 	 * re-enable caching here because the QEMU bios
@@ -1856,8 +1860,12 @@ void svm_set_cr4(struct kvm_vcpu *vcpu,
 		svm_flush_tlb(vcpu);
 
 	vcpu->arch.cr4 = cr4;
-	if (!npt_enabled)
+	if (!npt_enabled) {
 		cr4 |= X86_CR4_PAE;
+
+		if (!is_paging(vcpu))
+			cr4 &= ~(X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_PKE);
+	}
 	cr4 |= host_cr4_mce;
 	to_svm(vcpu)->vmcb->save.cr4 = cr4;
 	vmcb_mark_dirty(to_svm(vcpu)->vmcb, VMCB_CR);