Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp2812375rwb;
        Mon, 15 Aug 2022 11:50:49 -0700 (PDT)
X-Google-Smtp-Source: AA6agR5pPpiwmBCiieA3uWYen99OjuJpKXukw7/pfg43T0HJj4xSj5PQq4JUO6KodiskDldI7Dto
X-Received: by 2002:a17:907:6092:b0:731:59f0:49ac with SMTP id ht18-20020a170907609200b0073159f049acmr11292248ejc.383.1660589448890;
        Mon, 15 Aug 2022 11:50:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1660589448; cv=none;
        d=google.com; s=arc-20160816;
        b=QIQHCVkf0dUm2KnWGXxFTylo+33k5nxqtzmUSvAqWTs5PdJNa7y2DcmLCmEYhF9UVk
         FYkGhsJ2UYF9grvK7Ak/BZI3jYvgSicXdePDZnpolk0PcOKE2v9YKnlAxRXjyAkKMuNn
         M7RUEKW91mLN0fntbVdTu6j0RLEZEZcitPdRIrc4nr2vfv3FBuXN+o8319w+o2MPFxMA
         QVdwj5iE092eqO8QnHFIZ57lmZPAT/eIwu5yauRgT3Ckx8GF19e3ckMEdZzh9EAiFB9K
         fVuavoPMVLieYyTx9Le+d56XFUnyIQK7lnuBzT0mtJjt98mj9turOf6V1a4pDzaMZPZz
         cYqQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=8wvEg2vX0r5PUhYIVVMMIwdqYqpI6MmW+LH8xsrfDXQ=;
        b=S8KU7TaigpwQnVKFgb06+cVkS+dItg9VRIKOAZcLZkkJC1Fm61BFH+bFq2mdrEhxRZ
         M1fdY0OAnKy45RQRzogvHVeecpYNV5bnSKtwaAR7pACfjAVAmqMKEzu/5Uikya6dzmcI
         A/JPQYJBENx4K95HzkSRTNL8/G3DAZuWYlGwH+O/BY9fOFIx9PIXLUCdN1m9Qno/m/fZ
         GJH5RS/sFd5f2b6P5/cSy/ITJMbJKfL9/q5cDq9R1r2vh5MwwXJMYNkZAp63/nOj1BYc
         SQUZcyFCxbTKuqkJnbgwogwkKvLsvN7xrSj6vLLEZ/iAdUmmTmuzMRdODZHm/RxUTdL/
         /Hsw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=F4fFIRaa;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id m12-20020a1709062b8c00b0072a84586c63si7225774ejg.564.2022.08.15.11.50.23;
        Mon, 15 Aug 2022 11:50:48 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=F4fFIRaa;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233431AbiHOSTG (ORCPT <rfc822;andrey.bzh.r@gmail.com>
        + 99 others); Mon, 15 Aug 2022 14:19:06 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59198 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S239939AbiHOSSP (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 15 Aug 2022 14:18:15 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4CE932AE00;
        Mon, 15 Aug 2022 11:15:40 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id D5A7061255;
        Mon, 15 Aug 2022 18:15:39 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id D98FCC433B5;
        Mon, 15 Aug 2022 18:15:38 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1660587339;
        bh=64GOvRkBrhUR5wvwysffJ90hpRPPEctL1mlsIzaZvE0=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=F4fFIRaaQoK4k2lGfc1jeHO8jAjAEaVbatKgNE6VYRMmuHBYlqVDkTqrp4FagkXuy
         Ch3gadgF96h5uxdtF45yuSOP8G7Id5PmiGwfPcEBoAhGuxL79PYRpbjQj3BA8j/Dkc
         NFJCXdXQe39mA1Uyx+UxXWalvobLPVLVOjRl6seg=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Sean Christopherson <seanjc@google.com>,
        Paolo Bonzini <pbonzini@redhat.com>
Subject: [PATCH 5.15 021/779] KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case
Date:   Mon, 15 Aug 2022 19:54:25 +0200
Message-Id: <20220815180338.114870928@linuxfoundation.org>
X-Mailer: git-send-email 2.37.2
In-Reply-To: <20220815180337.130757997@linuxfoundation.org>
References: <20220815180337.130757997@linuxfoundation.org>
User-Agent: quilt/0.67
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Sean Christopherson <seanjc@google.com>

commit 764643a6be07445308e492a528197044c801b3ba upstream.

If a nested run isn't pending, snapshot vmcs01.GUEST_IA32_DEBUGCTL
irrespective of whether or not VM_ENTRY_LOAD_DEBUG_CONTROLS is set in
vmcs12.  When restoring nested state, e.g. after migration, without a
nested run pending, prepare_vmcs02() will propagate
nested.vmcs01_debugctl to vmcs02, i.e. will load garbage/zeros into
vmcs02.GUEST_IA32_DEBUGCTL.

If userspace restores nested state before MSRs, then loading garbage is a
non-issue as loading DEBUGCTL will also update vmcs02.  But if usersepace
restores MSRs first, then KVM is responsible for propagating L2's value,
which is actually thrown into vmcs01, into vmcs02.

Restoring L2 MSRs into vmcs01, i.e. loading all MSRs before nested state
is all kinds of bizarre and ideally would not be supported.  Sadly, some
VMMs do exactly that and rely on KVM to make things work.

Note, there's still a lurking SMM bug, as propagating vmcs01's DEBUGCTL
to vmcs02 across RSM may corrupt L2's DEBUGCTL.  But KVM's entire VMX+SMM
emulation is flawed as SMI+RSM should not toouch _any_ VMCS when use the
"default treatment of SMIs", i.e. when not using an SMI Transfer Monitor.

Link: https://lore.kernel.org/all/Yobt1XwOfb5M6Dfa@google.com
Fixes: 8fcc4b5923af ("kvm: nVMX: Introduce KVM_CAP_NESTED_STATE")
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20220614215831.3762138-3-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/x86/kvm/vmx/nested.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -3364,7 +3364,8 @@ enum nvmx_vmentry_status nested_vmx_ente
 	if (likely(!evaluate_pending_interrupts) && kvm_vcpu_apicv_active(vcpu))
 		evaluate_pending_interrupts |= vmx_has_apicv_interrupt(vcpu);
 
-	if (!(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_DEBUG_CONTROLS))
+	if (!vmx->nested.nested_run_pending ||
+	    !(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_DEBUG_CONTROLS))
 		vmx->nested.vmcs01_debugctl = vmcs_read64(GUEST_IA32_DEBUGCTL);
 	if (kvm_mpx_supported() &&
 	    (!vmx->nested.nested_run_pending ||