From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2AECDC35250 for ; Sun, 9 Feb 2020 13:08:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id F2FAB20714 for ; Sun, 9 Feb 2020 13:08:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1581253730; bh=QIVNUbKirmaSUCIwNH7xkZisdwg3Vz71h9cRmRbhGGU=; h=Subject:To:Cc:From:Date:List-ID:From; b=m9NzNi4zOU9EqC90rwuunhlqanz5EofTv54+iiTiMyZ2nKtdDR5mDnBV6HEwqDinf SGHACTaY+vSa73YLtboMg2Y8LZcmXAPM5wdqZVZV6d6hpacya1NXd9i5e4laoDc/pz 5EEtXL2sCr8DUk/fjwGUZhpA9jbqgZY1VQXroRKk= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727722AbgBINIt (ORCPT ); Sun, 9 Feb 2020 08:08:49 -0500 Received: from out5-smtp.messagingengine.com ([66.111.4.29]:36333 "EHLO out5-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727682AbgBINIt (ORCPT ); Sun, 9 Feb 2020 08:08:49 -0500 Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 73B1B21EAF; Sun, 9 Feb 2020 08:08:48 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute6.internal (MEProxy); Sun, 09 Feb 2020 08:08:48 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=OHz+2b ubBArussOz2rYXrcZ6i8rnSdc4dZATuAm6YmQ=; b=bsfkwc7YyVRolQUMAuMv2F zAGb1eytGFO7Iu502w8LmZx9prv3jWcKCjGX0z+hhCB45+9Xw+q270rLjPdm5WfG 21gqcdZytOjvr1dEBozskGcMSjXywtAYPfytB7Ap2K44D4ArcOct/jBgtN+M6RhM CQyBuYhHgd+rG+q8IzODRivNzd4oBYnSnP/acD0IJYhy9vPMwOVkGSBB43Jpd1lt +vYz9ocvg8umQar9Epa3cwAHe3I6QDmPhYdOZJlDG3n8793Yl91xlBXEwzDKgT2o ciG1BybcpMy7aUa0q1fOHXHVx6qXPfdmQs7UxYaArs4GyLqesO8TdJAdlmqrdUOA == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrheelgddvhecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepuffvhfffkfggtgfgsehtkeertddttd flnecuhfhrohhmpeeoghhrvghgkhhhsehlihhnuhigfhhouhhnuggrthhiohhnrdhorhhg qeenucfkphepfeekrdelkedrfeejrddufeehnecuvehluhhsthgvrhfuihiivgepudekne curfgrrhgrmhepmhgrihhlfhhrohhmpehgrhgvgheskhhrohgrhhdrtghomh X-ME-Proxy: Received: from localhost (unknown [38.98.37.135]) by mail.messagingengine.com (Postfix) with ESMTPA id A70C53280064; Sun, 9 Feb 2020 08:08:46 -0500 (EST) Subject: FAILED: patch "[PATCH] KVM: x86: Fix potential put_fpu() w/o load_fpu() on MPX" failed to apply to 4.14-stable tree To: sean.j.christopherson@intel.com, pbonzini@redhat.com Cc: From: Date: Sun, 09 Feb 2020 13:22:44 +0100 Message-ID: <158125096467128@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to . thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From f958bd2314d117f8c29f4821401bc1925bc2e5ef Mon Sep 17 00:00:00 2001 From: Sean Christopherson Date: Mon, 9 Dec 2019 12:19:31 -0800 Subject: [PATCH] KVM: x86: Fix potential put_fpu() w/o load_fpu() on MPX platform Unlike most state managed by XSAVE, MPX is initialized to zero on INIT. Because INITs are usually recognized in the context of a VCPU_RUN call, kvm_vcpu_reset() puts the guest's FPU so that the FPU state is resident in memory, zeros the MPX state, and reloads FPU state to hardware. But, in the unlikely event that an INIT is recognized during kvm_arch_vcpu_ioctl_get_mpstate() via kvm_apic_accept_events(), kvm_vcpu_reset() will call kvm_put_guest_fpu() without a preceding kvm_load_guest_fpu() and corrupt the guest's FPU state (and possibly userspace's FPU state as well). Given that MPX is being removed from the kernel[*], fix the bug with the simple-but-ugly approach of loading the guest's FPU during KVM_GET_MP_STATE. [*] See commit f240652b6032b ("x86/mpx: Remove MPX APIs"). Fixes: f775b13eedee2 ("x86,kvm: move qemu/guest FPU switching out to vcpu_run") Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson Signed-off-by: Paolo Bonzini diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 3051324f72d3..0af5cb637bea 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -8714,6 +8714,8 @@ int kvm_arch_vcpu_ioctl_get_mpstate(struct kvm_vcpu *vcpu, struct kvm_mp_state *mp_state) { vcpu_load(vcpu); + if (kvm_mpx_supported()) + kvm_load_guest_fpu(vcpu); kvm_apic_accept_events(vcpu); if (vcpu->arch.mp_state == KVM_MP_STATE_HALTED && @@ -8722,6 +8724,8 @@ int kvm_arch_vcpu_ioctl_get_mpstate(struct kvm_vcpu *vcpu, else mp_state->mp_state = vcpu->arch.mp_state; + if (kvm_mpx_supported()) + kvm_put_guest_fpu(vcpu); vcpu_put(vcpu); return 0; }