* [stable-5.10] KVM: SVM: Never reject emulation due to SMAP errata for !SEV guests
@ 2022-02-18 14:07 Jack Wang
2022-02-18 14:09 ` Paolo Bonzini
0 siblings, 1 reply; 2+ messages in thread
From: Jack Wang @ 2022-02-18 14:07 UTC (permalink / raw)
To: gregkh, sashal, stable
Cc: Sean Christopherson, Tom Lendacky, Brijesh Singh, Liam Merwick,
Paolo Bonzini
From: Sean Christopherson <seanjc@google.com>
commit 55467fcd55b89c622e62b4afe60ac0eb2fae91f2 upstream.
Always signal that emulation is possible for !SEV guests regardless of
whether or not the CPU provided a valid instruction byte stream. KVM can
read all guest state (memory and registers) for !SEV guests, i.e. can
fetch the code stream from memory even if the CPU failed to do so because
of the SMAP errata.
Fixes: 05d5a4863525 ("KVM: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation)")
Cc: stable@vger.kernel.org
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Liam Merwick <liam.merwick@oracle.com>
Message-Id: <20220120010719.711476-2-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[jwang: adjust context for kernel 5.10.101]
Signed-off-by: Jack Wang <jinpu.wang@ionos.com>
---
arch/x86/kvm/svm/svm.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index d515c8e68314..7773a765f548 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -4103,6 +4103,10 @@ static bool svm_can_emulate_instruction(struct kvm_vcpu *vcpu, void *insn, int i
bool smep, smap, is_user;
unsigned long cr4;
+ /* Emulation is always possible when KVM has access to all guest state. */
+ if (!sev_guest(vcpu->kvm))
+ return true;
+
/*
* Detect and workaround Errata 1096 Fam_17h_00_0Fh.
*
@@ -4151,9 +4155,6 @@ static bool svm_can_emulate_instruction(struct kvm_vcpu *vcpu, void *insn, int i
smap = cr4 & X86_CR4_SMAP;
is_user = svm_get_cpl(vcpu) == 3;
if (smap && (!smep || is_user)) {
- if (!sev_guest(vcpu->kvm))
- return true;
-
pr_err_ratelimited("KVM: SEV Guest triggered AMD Erratum 1096\n");
/*
--
2.25.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [stable-5.10] KVM: SVM: Never reject emulation due to SMAP errata for !SEV guests
2022-02-18 14:07 [stable-5.10] KVM: SVM: Never reject emulation due to SMAP errata for !SEV guests Jack Wang
@ 2022-02-18 14:09 ` Paolo Bonzini
0 siblings, 0 replies; 2+ messages in thread
From: Paolo Bonzini @ 2022-02-18 14:09 UTC (permalink / raw)
To: Jack Wang, gregkh, sashal, stable
Cc: Sean Christopherson, Tom Lendacky, Brijesh Singh, Liam Merwick
On 2/18/22 15:07, Jack Wang wrote:
> From: Sean Christopherson <seanjc@google.com>
>
> commit 55467fcd55b89c622e62b4afe60ac0eb2fae91f2 upstream.
>
> Always signal that emulation is possible for !SEV guests regardless of
> whether or not the CPU provided a valid instruction byte stream. KVM can
> read all guest state (memory and registers) for !SEV guests, i.e. can
> fetch the code stream from memory even if the CPU failed to do so because
> of the SMAP errata.
>
> Fixes: 05d5a4863525 ("KVM: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation)")
> Cc: stable@vger.kernel.org
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Brijesh Singh <brijesh.singh@amd.com>
> Signed-off-by: Sean Christopherson <seanjc@google.com>
> Reviewed-by: Liam Merwick <liam.merwick@oracle.com>
> Message-Id: <20220120010719.711476-2-seanjc@google.com>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> [jwang: adjust context for kernel 5.10.101]
> Signed-off-by: Jack Wang <jinpu.wang@ionos.com>
> ---
> arch/x86/kvm/svm/svm.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
> index d515c8e68314..7773a765f548 100644
> --- a/arch/x86/kvm/svm/svm.c
> +++ b/arch/x86/kvm/svm/svm.c
> @@ -4103,6 +4103,10 @@ static bool svm_can_emulate_instruction(struct kvm_vcpu *vcpu, void *insn, int i
> bool smep, smap, is_user;
> unsigned long cr4;
>
> + /* Emulation is always possible when KVM has access to all guest state. */
> + if (!sev_guest(vcpu->kvm))
> + return true;
> +
> /*
> * Detect and workaround Errata 1096 Fam_17h_00_0Fh.
> *
> @@ -4151,9 +4155,6 @@ static bool svm_can_emulate_instruction(struct kvm_vcpu *vcpu, void *insn, int i
> smap = cr4 & X86_CR4_SMAP;
> is_user = svm_get_cpl(vcpu) == 3;
> if (smap && (!smep || is_user)) {
> - if (!sev_guest(vcpu->kvm))
> - return true;
> -
> pr_err_ratelimited("KVM: SEV Guest triggered AMD Erratum 1096\n");
>
> /*
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-02-18 14:09 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-18 14:07 [stable-5.10] KVM: SVM: Never reject emulation due to SMAP errata for !SEV guests Jack Wang
2022-02-18 14:09 ` Paolo Bonzini
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.