Received: by 2002:a05:6602:18e:0:0:0:0 with SMTP id m14csp11125ioo;
        Wed, 25 May 2022 18:57:14 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzpkKqPt4L/tt/sn7C+W0rr+knGXET+fVA+dP30j5tcjzuyPVT1bL9fLBDPdLG6gjwn7ocM
X-Received: by 2002:a05:6a00:1952:b0:518:9fbd:ff7a with SMTP id s18-20020a056a00195200b005189fbdff7amr17805862pfk.77.1653530233892;
        Wed, 25 May 2022 18:57:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1653530233; cv=none;
        d=google.com; s=arc-20160816;
        b=d7gzzPJhXAuY3Jw/MPsSa7vHFXSKaFfCO2TvZMtF/mC4tKMYYD1gqBRyDHU3+1x6+b
         Ub8nPw1DD2fiyjK6sjHSS0NXpk+6ASfweAgIO0BVPQKOE/+UioOc3dLjGZDVt4mnPwJk
         het4xZYgqEKid/dvsMwuELoUJcdGGiDowytSNbqcp78rRKkSq+fzPDytOYPGnggVEWwX
         UFWyUBp5LoVPAg5xsHd7nmU8GW1BnD/hgSHtdbomqqQ91PA4sMXhupSmyKZ3yvEpSt75
         2aY42MI9LIKF99XU460ZL44FI0qbCo90//7G4Nigz8bBu/82qIlMpgR5GOF2Xgk1cnYW
         6oSw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:from:subject:mime-version:message-id:date
         :reply-to:dkim-signature;
        bh=QomCG97xArSjBeEKWzBOAokkYzU04yNWeTK5y9/ZMlw=;
        b=QzzmNu+X/WFuS3B8pwQdR0bVpxOxLjB4b0oGXTyLr40UO/FUxZlCYtqmrTRP2R/wdK
         /D4aXLS0sG79T4EsUF2y2syU4JpnhvbFwB3PLOaOVsZgRrY8EZ1Ifmu1mcIEc3byyFre
         txxRjzr38W9TxglaAYovnOGxMWN4woaGy7FxTRWYT5RS4YODDcZsUmaMYockD8ai1MF+
         UUL+f/MgvGT2jtieKLBGdijJXStcQbWlLxMRCRrOq1HpoZkjYimIu+O4UfVzGCXVRd6e
         wuCEsHYupXqwwaGfeDMTtqSeBEqH4KJisotN+3YKcGNOCVjmCD73eDxb0DONq5j1koJI
         FlDQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b=XU3Id7VY;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id p8-20020a170902b08800b0015d1a662ad2si208943plr.241.2022.05.25.18.57.02;
        Wed, 25 May 2022 18:57:13 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b=XU3Id7VY;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1343561AbiEYVEx (ORCPT <rfc822;2014014876lha@gmail.com>
        + 99 others); Wed, 25 May 2022 17:04:53 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51460 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S238559AbiEYVEv (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 25 May 2022 17:04:51 -0400
Received: from mail-pf1-x449.google.com (mail-pf1-x449.google.com [IPv6:2607:f8b0:4864:20::449])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3EFA5BA573
        for <linux-kernel@vger.kernel.org>; Wed, 25 May 2022 14:04:51 -0700 (PDT)
Received: by mail-pf1-x449.google.com with SMTP id z21-20020aa79595000000b00518157fadaeso9774551pfj.14
        for <linux-kernel@vger.kernel.org>; Wed, 25 May 2022 14:04:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=reply-to:date:message-id:mime-version:subject:from:to:cc;
        bh=QomCG97xArSjBeEKWzBOAokkYzU04yNWeTK5y9/ZMlw=;
        b=XU3Id7VYyglpjdYcRKpTkcNiV28q88bUG4DHvqX3DKxcrzLx/JG3pnxd5yVWwuz76b
         yFmPjJnIWWpri5WIFFTtRQkP/kuswjmF9Nj4u5DkV5aXjFrzw7FqDuixi1Vigu9wXNoI
         vV6NAWrr0uYZhUybWxSJdEb7WK8EcL/zoznOmFAaxRv6DRzx4gthNIndeCuKIbgh++AX
         GPh3LN58r93aLQCOu1q27RiDoFcgygEdeCJo8HI0UXqhW2cCP+DceBMg4k/SGTipQFwI
         yvI1wtppMnR3da/Y7/O7EFAUhrcbDiJShnrgL3TvY9vUbMhyLvpPn0mPUzAhTcHK5qQH
         3MlQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:reply-to:date:message-id:mime-version:subject
         :from:to:cc;
        bh=QomCG97xArSjBeEKWzBOAokkYzU04yNWeTK5y9/ZMlw=;
        b=3a56SUKiR+gZrJ7AANlo5+sOUnLh4PGA7XCnRcDBrm8ESKtCa/lg5G2cHVcPlKB4wP
         95q+xX+jBIUUSdQSAjIXxtKBsp9VKGCSZaxBR9FLYMMxjF64ZFz3oEtxd33GguRhhnSx
         majmNKtJkxKHHIcNo7ixBxevmy8b6g7ZlEdyswhaR6uUh2rk8S6gZ6KxjrJH8ORA2b6g
         2O/4uBYyCBZnQvdlbyAxQKyJGujlyEe6fcw9pxg11jO2RiQnJHeqBZfDNWxMQdFSYL4a
         bWBEvSuQpnWOfm+tjf2JQTFshX1h4WX5KjYlwASQU+izHRvN7miO02Ow332nEWL1R5YX
         cP0g==
X-Gm-Message-State: AOAM531+Cb8YSZzcwx2CXlBEUwdwmI+R+KywD7k7BaM2ky58Fj8N+wIc
        0pEw4mkmuxdEUqHxVFQ9fWtmm70Th98=
X-Received: from seanjc.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:3e5])
 (user=seanjc job=sendgmr) by 2002:a17:902:d4d2:b0:163:5376:b4d7 with SMTP id
 o18-20020a170902d4d200b001635376b4d7mr5805189plg.66.1653512690712; Wed, 25
 May 2022 14:04:50 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date:   Wed, 25 May 2022 21:04:45 +0000
Message-Id: <20220525210447.2758436-1-seanjc@google.com>
Mime-Version: 1.0
X-Mailer: git-send-email 2.36.1.124.g0e6072fb45-goog
Subject: [PATCH 0/2] KVM: VMX: Sanitize VM-Entry/VM-Exit pairs during setup
From:   Sean Christopherson <seanjc@google.com>
To:     Paolo Bonzini <pbonzini@redhat.com>
Cc:     Sean Christopherson <seanjc@google.com>,
        Vitaly Kuznetsov <vkuznets@redhat.com>,
        Wanpeng Li <wanpengli@tencent.com>,
        Jim Mattson <jmattson@google.com>,
        Joerg Roedel <joro@8bytes.org>, kvm@vger.kernel.org,
        linux-kernel@vger.kernel.org,
        Chenyi Qiang <chenyi.qiang@intel.com>,
        Lei Wang <lei4.wang@intel.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Sanitize the VM-Entry/VM-Exit load+load and load+clear pairs when kvm_intel
is loaded instead of checking both controls at runtime.  Not sanitizing
means KVM ends up setting non-dynamic bits in the VMCS.

Add an opt-in knob to force kvm_intel to bail if an inconsistent pair is
detected instead of using a degraded and/or potentially broken setup.

Arguably patch 01 is stable material, but my mental coin flip came up
negative and I didn't Cc: stable.

And for patch 02, I'd definitely be favor of making it opt-out instead of
opt-in, but there's a non-zero chance that someone out there is running
KVM in a misconfigured VM...

Sean Christopherson (2):
  KVM: VMX: Sanitize VM-Entry/VM-Exit control pairs at kvm_intel load
    time
  KVM: VMX: Add knob to allow rejecting kvm_intel on inconsistent VMCS
    config

 arch/x86/kvm/vmx/capabilities.h | 13 +++-----
 arch/x86/kvm/vmx/vmx.c          | 55 +++++++++++++++++++++++++++++++--
 2 files changed, 56 insertions(+), 12 deletions(-)


base-commit: 90bde5bea810d766e7046bf5884f2ccf76dd78e9
-- 
2.36.1.124.g0e6072fb45-goog