Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp4752015rwl;
        Mon, 10 Apr 2023 16:35:43 -0700 (PDT)
X-Google-Smtp-Source: AKy350bTdoc3LzjJ2Hllc6jvbDisBH4CKWXsjOlSu88LBNG+9s/SNlLvKJ2Ae3c9sSBva4OwBgod
X-Received: by 2002:a17:906:b893:b0:94e:be0:97 with SMTP id hb19-20020a170906b89300b0094e0be00097mr1151670ejb.26.1681169743143;
        Mon, 10 Apr 2023 16:35:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1681169743; cv=none;
        d=google.com; s=arc-20160816;
        b=eFVce7vhFK33GE3+3DqImqkc2mvAYD9mZidH043nKWRLcN3BNY6IART0aZc/uD86/V
         CDcltKL+2+sOM2pI72qq94lq8aKkaVubM+WKbwitz62dRs/d/uFIlQuTpVHpNxoVpIvW
         Qk4PlV61nIQKeiqtIVIvTcaKsY8EvOlOQzCbXTQ8nsV3wJ6WBzZ7fppT81LHNZo3f/JF
         QJT1d/ssD1LxqjdGQ+93bcgULX97DIBc9bOOuy7kzz8toObULL0sUTOqjixmUpR7Af+A
         hsotblIhvwGUO5rB8NHsipfXwViKp1sG18HW81R2gXFkqNBc2bfHoL7zyyfJjlAu1eMF
         6qlw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:from:subject:message-id:references
         :mime-version:in-reply-to:date:dkim-signature;
        bh=SGBGzrRdSuqlJo6fw6TeMWWpr6+5GjYFLHA4nEngttc=;
        b=EdwmG3cYTQyiNZYLlURTpahCvZsApsGtwl8L7650eN4MAzPWwEjqCj3dIcjbaRVbS7
         tEuq+h+kbfIDNZUSaia4PnBkbGSBPVP45ll03sdpIGtPmPiU0/NPWpAxfqf8CpHgymd3
         zIwkjJAWyNZGW9UpSRRMDRbJevbLbmhnZrzgAacSPoKu6Y1KEd8/ZWPagEXU5lcSXJ+y
         m+gKozpRUwKCW7su0/sc+yB6o174xaExA6o7QTqO4e9dx58yEdKT7LlyO8tXx0DOA6+Z
         RpWDf7gVE3qogQIFJq36oFIyn8n4mbXX4WdFWW9XYR1yfo515Hj7bZUs5Cn2cqPqKe3v
         mUCg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b=Ru65Pzc8;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id lr25-20020a170906fb9900b0094a59243059si4484571ejb.759.2023.04.10.16.35.18;
        Mon, 10 Apr 2023 16:35:43 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b=Ru65Pzc8;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230007AbjDJXaa (ORCPT <rfc822;arara.ryo.0901@gmail.com>
        + 99 others); Mon, 10 Apr 2023 19:30:30 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41224 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230024AbjDJXa3 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 10 Apr 2023 19:30:29 -0400
Received: from mail-pg1-x54a.google.com (mail-pg1-x54a.google.com [IPv6:2607:f8b0:4864:20::54a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6D5B91BC7
        for <linux-kernel@vger.kernel.org>; Mon, 10 Apr 2023 16:30:25 -0700 (PDT)
Received: by mail-pg1-x54a.google.com with SMTP id h64-20020a638343000000b0050760997f4dso2527905pge.6
        for <linux-kernel@vger.kernel.org>; Mon, 10 Apr 2023 16:30:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112; t=1681169425;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=SGBGzrRdSuqlJo6fw6TeMWWpr6+5GjYFLHA4nEngttc=;
        b=Ru65Pzc879+xETx5Zledk/P9a+1eK7uKI2wtoXqJHpHY3WyYXQNNE5shzRZyhki3Mf
         8YUyCYUGaA7gurpOfttr52Z24wD5ptZKcq9DAGihA3NyOpTqAaSQDQ9puozJOsK0yWaM
         RRUBIX3iLRuswYsvJ6xlNinwDh6au95ivzm5lTlQ91BVE6Bq9WMEZMS7ls+KSPdI8GzU
         rSpXSrPkgjPrRgViS0cF+vNCVZBcNOgbq4qDKfSZWfZPO98DOpXUSnysnbYPzOKJ4GjE
         8H0ZdEBvw/5vPiNXCaOJRiXsXf4jBHa5GJc2VtaJbFGd9VP+9C3ae71m/kAPGjzD6UEI
         2s+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112; t=1681169425;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=SGBGzrRdSuqlJo6fw6TeMWWpr6+5GjYFLHA4nEngttc=;
        b=bYBmI2fufaPONNeccM7+MjGpZ2qDhJrVuvoGlHJ4wOP2LqVMbFk99d4gO83lI0QJgB
         k9gm3DkQEzmBYCGOfgbeBRZCC6eNMaKAaqdwNrDAu2cIlZClv04D/bsJAMykkk5q1Dg/
         5d2o9OGVm76Y5fnKlQ6M1BVRSkCC3yeMK7MD/mNFbdW7l+yx62lZFg8g24ig13olOWzQ
         SgTtM/BsPooF1kaKG6thStUuC7+UcW3/svSD8uOvXUSu3ldZ8hkvjL9tXqCfgT1nmijN
         DKf49G1F90b5WWygA2aU86MufjijlgYJ13lOe/44XJ4iohanQ/x9zAmBVC7aNUylzS2P
         6HsA==
X-Gm-Message-State: AAQBX9d+MlVJqTYWZ30V2XS2kCQnhiKwAjT/k6SH1c/dbcYZpHEKQO0n
        AnCy1eIlp2UJc3Z7bCkPd/eY4DSvSf0=
X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a17:90a:cc01:b0:244:9909:6e60 with SMTP id
 b1-20020a17090acc0100b0024499096e60mr3334922pju.3.1681169424866; Mon, 10 Apr
 2023 16:30:24 -0700 (PDT)
Date:   Mon, 10 Apr 2023 16:30:17 -0700
In-Reply-To: <20230405002608.418442-1-seanjc@google.com>
Mime-Version: 1.0
References: <20230405002608.418442-1-seanjc@google.com>
X-Mailer: git-send-email 2.40.0.577.gac1e443424-goog
Message-ID: <168116555741.1037547.7553662106650689195.b4-ty@google.com>
Subject: Re: [PATCH] KVM: x86/mmu: Refresh CR0.WP prior to checking for
 emulated permission faults
From:   Sean Christopherson <seanjc@google.com>
To:     Sean Christopherson <seanjc@google.com>,
        Paolo Bonzini <pbonzini@redhat.com>
Cc:     kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
        Mathias Krause <minipli@grsecurity.net>
Content-Type: text/plain; charset="utf-8"
X-Spam-Status: No, score=-7.7 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, 04 Apr 2023 17:26:08 -0700, Sean Christopherson wrote:
> If CR0.WP may be guest-owned, i.e. TDP is enabled, refresh the MMU's
> snapshot of the guest's CR0.WP prior to checking for permission faults
> when emulating a guest memory access.  If the guest toggles only CR0.WP
> and triggers emulation of a supervisor write, e.g. when KVM is emulating
> UMIP, KVM may consume a stale CR0.WP, i.e. use stale protection bits
> metadata.
> 
> [...]

Applied to kvm-x86 misc, with a reworked changelog.

[1/1] KVM: x86/mmu: Refresh CR0.WP prior to checking for emulated permission faults
      https://github.com/kvm-x86/linux/commit/cf9f4c0eb169

--
https://github.com/kvm-x86/linux/tree/next
https://github.com/kvm-x86/linux/tree/fixes