From: Sasha Levin <sashal@kernel.org>
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Liran Alon <liran.alon@oracle.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH AUTOSEL 4.18 057/100] KVM: nVMX: Do not expose MPX VMX controls when guest MPX disabled
Date: Tue, 16 Oct 2018 00:11:38 -0400 [thread overview]
Message-ID: <20181016041221.135528-57-sashal@kernel.org> (raw)
In-Reply-To: <20181016041221.135528-1-sashal@kernel.org>
From: Liran Alon <liran.alon@oracle.com>
[ Upstream commit 5f76f6f5ff96587af5acd5930f7d9fea81e0d1a8 ]
Before this commit, KVM exposes MPX VMX controls to L1 guest only based
on if KVM and host processor supports MPX virtualization.
However, these controls should be exposed to guest only in case guest
vCPU supports MPX.
Without this change, a L1 guest running with kernel which don't have
commit 691bd4340bef ("kvm: vmx: allow host to access guest
MSR_IA32_BNDCFGS") asserts in QEMU on the following:
qemu-kvm: error: failed to set MSR 0xd90 to 0x0
qemu-kvm: .../qemu-2.10.0/target/i386/kvm.c:1801 kvm_put_msrs:
Assertion 'ret == cpu->kvm_msr_buf->nmsrs failed'
This is because L1 KVM kvm_init_msr_list() will see that
vmx_mpx_supported() (As it only checks MPX VMX controls support) and
therefore KVM_GET_MSR_INDEX_LIST IOCTL will include MSR_IA32_BNDCFGS.
However, later when L1 will attempt to set this MSR via KVM_SET_MSRS
IOCTL, it will fail because !guest_cpuid_has_mpx(vcpu).
Therefore, fix the issue by exposing MPX VMX controls to L1 guest only
when vCPU supports MPX.
Fixes: 36be0b9deb23 ("KVM: x86: Add nested virtualization support for MPX")
Reported-by: Eyal Moscovici <eyal.moscovici@oracle.com>
Reviewed-by: Nikita Leshchenko <nikita.leshchenko@oracle.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kvm/vmx.c | 26 ++++++++++++++++++++------
1 file changed, 20 insertions(+), 6 deletions(-)
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 32721ef9652d..ea691ddfc3aa 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -3395,9 +3395,6 @@ static void nested_vmx_setup_ctls_msrs(struct nested_vmx_msrs *msrs, bool apicv)
VM_EXIT_LOAD_IA32_EFER | VM_EXIT_SAVE_IA32_EFER |
VM_EXIT_SAVE_VMX_PREEMPTION_TIMER | VM_EXIT_ACK_INTR_ON_EXIT;
- if (kvm_mpx_supported())
- msrs->exit_ctls_high |= VM_EXIT_CLEAR_BNDCFGS;
-
/* We support free control of debug control saving. */
msrs->exit_ctls_low &= ~VM_EXIT_SAVE_DEBUG_CONTROLS;
@@ -3414,8 +3411,6 @@ static void nested_vmx_setup_ctls_msrs(struct nested_vmx_msrs *msrs, bool apicv)
VM_ENTRY_LOAD_IA32_PAT;
msrs->entry_ctls_high |=
(VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR | VM_ENTRY_LOAD_IA32_EFER);
- if (kvm_mpx_supported())
- msrs->entry_ctls_high |= VM_ENTRY_LOAD_BNDCFGS;
/* We support free control of debug control loading. */
msrs->entry_ctls_low &= ~VM_ENTRY_LOAD_DEBUG_CONTROLS;
@@ -10825,6 +10820,23 @@ static void nested_vmx_cr_fixed1_bits_update(struct kvm_vcpu *vcpu)
#undef cr4_fixed1_update
}
+static void nested_vmx_entry_exit_ctls_update(struct kvm_vcpu *vcpu)
+{
+ struct vcpu_vmx *vmx = to_vmx(vcpu);
+
+ if (kvm_mpx_supported()) {
+ bool mpx_enabled = guest_cpuid_has(vcpu, X86_FEATURE_MPX);
+
+ if (mpx_enabled) {
+ vmx->nested.msrs.entry_ctls_high |= VM_ENTRY_LOAD_BNDCFGS;
+ vmx->nested.msrs.exit_ctls_high |= VM_EXIT_CLEAR_BNDCFGS;
+ } else {
+ vmx->nested.msrs.entry_ctls_high &= ~VM_ENTRY_LOAD_BNDCFGS;
+ vmx->nested.msrs.exit_ctls_high &= ~VM_EXIT_CLEAR_BNDCFGS;
+ }
+ }
+}
+
static void vmx_cpuid_update(struct kvm_vcpu *vcpu)
{
struct vcpu_vmx *vmx = to_vmx(vcpu);
@@ -10841,8 +10853,10 @@ static void vmx_cpuid_update(struct kvm_vcpu *vcpu)
to_vmx(vcpu)->msr_ia32_feature_control_valid_bits &=
~FEATURE_CONTROL_VMXON_ENABLED_OUTSIDE_SMX;
- if (nested_vmx_allowed(vcpu))
+ if (nested_vmx_allowed(vcpu)) {
nested_vmx_cr_fixed1_bits_update(vcpu);
+ nested_vmx_entry_exit_ctls_update(vcpu);
+ }
}
static void vmx_set_supported_cpuid(u32 func, struct kvm_cpuid_entry2 *entry)
--
2.17.1
next prev parent reply other threads:[~2018-10-16 4:31 UTC|newest]
Thread overview: 100+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-16 4:10 [PATCH AUTOSEL 4.18 001/100] xfrm: Validate address prefix lengths in the xfrm selector Sasha Levin
2018-10-16 4:10 ` [PATCH AUTOSEL 4.18 002/100] xfrm6: call kfree_skb when skb is toobig Sasha Levin
2018-10-16 4:10 ` [PATCH AUTOSEL 4.18 003/100] xfrm: reset transport header back to network header after all input transforms ahave been applied Sasha Levin
2018-10-16 4:10 ` [PATCH AUTOSEL 4.18 004/100] xfrm: reset crypto_done when iterating over multiple input xfrms Sasha Levin
2018-10-16 4:10 ` [PATCH AUTOSEL 4.18 005/100] mac80211: Always report TX status Sasha Levin
2018-10-16 4:10 ` [PATCH AUTOSEL 4.18 006/100] cfg80211: reg: Init wiphy_idx in regulatory_hint_core() Sasha Levin
2018-10-16 4:10 ` [PATCH AUTOSEL 4.18 007/100] mac80211: fix pending queue hang due to TX_DROP Sasha Levin
2018-10-16 4:10 ` [PATCH AUTOSEL 4.18 008/100] cfg80211: Address some corner cases in scan result channel updating Sasha Levin
2018-10-16 4:10 ` [PATCH AUTOSEL 4.18 009/100] mac80211: TDLS: fix skb queue/priority assignment Sasha Levin
2018-10-16 4:10 ` [PATCH AUTOSEL 4.18 010/100] mac80211: fix TX status reporting for ieee80211s Sasha Levin
2018-10-16 4:10 ` [PATCH AUTOSEL 4.18 011/100] xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry Sasha Levin
2018-10-16 4:10 ` [PATCH AUTOSEL 4.18 012/100] ARM: 8799/1: mm: fix pci_ioremap_io() offset check Sasha Levin
2018-10-16 4:10 ` [PATCH AUTOSEL 4.18 013/100] xfrm: validate template mode Sasha Levin
2018-10-16 4:10 ` [PATCH AUTOSEL 4.18 014/100] drm/i2c: tda9950: fix timeout counter check Sasha Levin
2018-10-16 4:10 ` [PATCH AUTOSEL 4.18 015/100] drm/i2c: tda9950: set MAX_RETRIES for errors only Sasha Levin
2018-10-16 4:10 ` [PATCH AUTOSEL 4.18 016/100] netfilter: bridge: Don't sabotage nf_hook calls from an l3mdev Sasha Levin
2018-10-16 4:10 ` [PATCH AUTOSEL 4.18 017/100] netfilter: conntrack: get rid of double sizeof Sasha Levin
2018-10-16 4:10 ` [PATCH AUTOSEL 4.18 018/100] arm64: hugetlb: Fix handling of young ptes Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 019/100] ARM: dts: BCM63xx: Fix incorrect interrupt specifiers Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 020/100] net: macb: Clean 64b dma addresses if they are not detected Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 021/100] net: hns: fix for unmapping problem when SMMU is on Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 022/100] soc: fsl: qbman: qman: avoid allocating from non existing gen_pool Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 023/100] soc: fsl: qe: Fix copy/paste bug in ucc_get_tdm_sync_shift() Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 024/100] nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 025/100] mac80211_hwsim: fix locking when iterating radios during ns exit Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 026/100] mac80211_hwsim: fix race in radio destruction from netlink notifier Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 027/100] mac80211_hwsim: do not omit multicast announce of first added radio Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 028/100] Bluetooth: SMP: fix crash in unpairing Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 029/100] pxa168fb: prepare the clock Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 030/100] qed: Avoid implicit enum conversion in qed_set_tunn_cls_info Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 031/100] qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 032/100] qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 033/100] bonding: pass link-local packets to bonding master also Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 034/100] bonding: avoid possible dead-lock Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 035/100] qed: Avoid constant logical operation warning in qed_vf_pf_acquire Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 036/100] qed: Avoid implicit enum conversion in qed_iwarp_parse_rx_pkt Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 037/100] bnxt_en: Fix TX timeout during netpoll Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 038/100] nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 039/100] scsi: qedi: Initialize the stats mutex lock Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 040/100] rxrpc: Fix checks as to whether we should set up a new call Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 041/100] rxrpc: Fix RTT gathering Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 042/100] rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 043/100] rxrpc: Fix error distribution Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 044/100] netfilter: nft_set_rbtree: add missing rb_erase() in GC routine Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 045/100] netfilter: avoid erronous array bounds warning Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 046/100] qed: Fix shmem structure inconsistency between driver and the mfw Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 047/100] asix: Check for supported Wake-on-LAN modes Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 048/100] ax88179_178a: " Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 049/100] lan78xx: " Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 050/100] sr9800: " Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 051/100] r8152: Check for supported Wake-on-LAN Modes Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 052/100] smsc75xx: Check for Wake-on-LAN modes Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 053/100] smsc95xx: " Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 054/100] qlcnic: fix Tx descriptor corruption on 82xx devices Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 055/100] i2c: i2c-scmi: fix for i2c_smbus_write_block_data Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 056/100] cfg80211: fix use-after-free in reg_process_hint() Sasha Levin
2018-10-16 4:11 ` Sasha Levin [this message]
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 058/100] KVM: x86: Do not use kvm_x86_ops->mpx_supported() directly Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 059/100] KVM: nVMX: Fix emulation of VM_ENTRY_LOAD_BNDCFGS Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 060/100] net/mlx5: E-Switch, Fix out of bound access when setting vport rate Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 061/100] net/mlx5e: Set vlan masks for all offloaded TC rules Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 062/100] tun: remove unused parameters Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 063/100] tun: initialize napi_mutex unconditionally Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 064/100] r8169: fix network stalls due to missing bit TXCFG_AUTO_FIFO Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 065/100] perf/core: Fix perf_pmu_unregister() locking Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 066/100] perf/x86/intel/uncore: Use boot_cpu_data.phys_proc_id instead of hardcorded physical package ID 0 Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 067/100] perf/ring_buffer: Prevent concurent ring buffer access Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 068/100] perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 069/100] perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 070/100] thunderbolt: Do not handle ICM events after domain is stopped Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 071/100] thunderbolt: Initialize after IOMMUs Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 072/100] net: fec: fix rare tx timeout Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 073/100] declance: Fix continuation with the adapter identification message Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 074/100] nfp: avoid soft lockups under control message storm Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 075/100] RISCV: Fix end PFN for low memory Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 076/100] Revert "serial: 8250_dw: Fix runtime PM handling" Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 077/100] bonding: fix warning message Sasha Levin
2018-10-16 4:11 ` [PATCH AUTOSEL 4.18 078/100] net: qualcomm: rmnet: Skip processing loopback packets Sasha Levin
2018-10-16 4:12 ` [PATCH AUTOSEL 4.18 079/100] net: qualcomm: rmnet: Fix incorrect allocation flag in transmit Sasha Levin
2018-10-16 4:12 ` [PATCH AUTOSEL 4.18 080/100] net: qualcomm: rmnet: Fix incorrect allocation flag in receive path Sasha Levin
2018-10-16 4:12 ` [PATCH AUTOSEL 4.18 081/100] locking/ww_mutex: Fix runtime warning in the WW mutex selftest Sasha Levin
2018-10-16 4:12 ` [PATCH AUTOSEL 4.18 082/100] drm/amd/display: Signal hw_done() after waiting for flip_done() Sasha Levin
2018-10-16 4:12 ` [PATCH AUTOSEL 4.18 083/100] net/usb: cancel pending work when unbinding smsc75xx Sasha Levin
2018-10-16 4:12 ` [PATCH AUTOSEL 4.18 084/100] team: Forbid enslaving team device to itself Sasha Levin
2018-10-16 4:12 ` [PATCH AUTOSEL 4.18 085/100] bnxt_en: Fix VNIC reservations on the PF Sasha Levin
2018-10-16 4:12 ` [PATCH AUTOSEL 4.18 086/100] bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request Sasha Levin
2018-10-16 4:12 ` [PATCH AUTOSEL 4.18 087/100] bnxt_en: get the reduced max_irqs by the ones used by RDMA Sasha Levin
2018-10-16 4:12 ` [PATCH AUTOSEL 4.18 088/100] net: dsa: b53: Keep CPU port as tagged in all VLANs Sasha Levin
2018-10-16 4:12 ` [PATCH AUTOSEL 4.18 089/100] be2net: don't flip hw_features when VXLANs are added/deleted Sasha Levin
2018-10-16 4:12 ` [PATCH AUTOSEL 4.18 090/100] net: phy: phylink: fix SFP interface autodetection Sasha Levin
2018-10-16 4:12 ` [PATCH AUTOSEL 4.18 091/100] powerpc/numa: Skip onlining a offline node in kdump path Sasha Levin
2018-10-16 4:12 ` [PATCH AUTOSEL 4.18 092/100] net: cxgb3_main: fix a missing-check bug Sasha Levin
2018-10-16 4:12 ` [PATCH AUTOSEL 4.18 093/100] yam: " Sasha Levin
2018-10-16 4:12 ` [PATCH AUTOSEL 4.18 094/100] net: mvpp2: Extract the correct ethtype from the skb for tx csum offload Sasha Levin
2018-10-16 4:12 ` [PATCH AUTOSEL 4.18 095/100] ocfs2: fix crash in ocfs2_duplicate_clusters_by_page() Sasha Levin
2018-10-16 4:12 ` [PATCH AUTOSEL 4.18 096/100] mm/gup_benchmark: fix unsigned comparison to zero in __gup_benchmark_ioctl Sasha Levin
2018-10-16 4:12 ` [PATCH AUTOSEL 4.18 097/100] mm/migrate.c: split only transparent huge pages when allocation fails Sasha Levin
2018-10-16 4:12 ` [PATCH AUTOSEL 4.18 098/100] mm/vmstat.c: fix outdated vmstat_text Sasha Levin
2018-10-16 4:12 ` [PATCH AUTOSEL 4.18 099/100] x86/paravirt: Fix some warning messages Sasha Levin
2018-10-16 4:12 ` [PATCH AUTOSEL 4.18 100/100] clk: mvebu: armada-37xx-periph: Remove unused var num_parents Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181016041221.135528-57-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=liran.alon@oracle.com \
--cc=pbonzini@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).