[thirdparty/kernel/stable-queue.git] / releases / 4.11.2 / kvm-x86-fix-user-triggerable-warning-in-kvm_apic_accept_events.patch

From 28bf28887976d8881a3a59491896c718fade7355 Mon Sep 17 00:00:00 2001
From: David Hildenbrand <david@redhat.com>
Date: Thu, 23 Mar 2017 11:46:03 +0100
Subject: KVM: x86: fix user triggerable warning in kvm_apic_accept_events()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

From: David Hildenbrand <david@redhat.com>

commit 28bf28887976d8881a3a59491896c718fade7355 upstream.

If we already entered/are about to enter SMM, don't allow switching to
INIT/SIPI_RECEIVED, otherwise the next call to kvm_apic_accept_events()
will report a warning.

Same applies if we are already in MP state INIT_RECEIVED and SMM is
requested to be turned on. Refuse to set the VCPU events in this case.

Fixes: cd7764fe9f73 ("KVM: x86: latch INITs while in system management mode")
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/kvm/x86.c |   12 ++++++++++++
 1 file changed, 12 insertions(+)

--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3127,6 +3127,12 @@ static int kvm_vcpu_ioctl_x86_set_vcpu_e
 	    (events->exception.nr > 31 || events->exception.nr == NMI_VECTOR))
 		return -EINVAL;
 
+	/* INITs are latched while in SMM */
+	if (events->flags & KVM_VCPUEVENT_VALID_SMM &&
+	    (events->smi.smm || events->smi.pending) &&
+	    vcpu->arch.mp_state == KVM_MP_STATE_INIT_RECEIVED)
+		return -EINVAL;
+
 	process_nmi(vcpu);
 	vcpu->arch.exception.pending = events->exception.injected;
 	vcpu->arch.exception.nr = events->exception.nr;
@@ -7355,6 +7361,12 @@ int kvm_arch_vcpu_ioctl_set_mpstate(stru
 	    mp_state->mp_state != KVM_MP_STATE_RUNNABLE)
 		return -EINVAL;
 
+	/* INITs are latched while in SMM */
+	if ((is_smm(vcpu) || vcpu->arch.smi_pending) &&
+	    (mp_state->mp_state == KVM_MP_STATE_SIPI_RECEIVED ||
+	     mp_state->mp_state == KVM_MP_STATE_INIT_RECEIVED))
+		return -EINVAL;
+
 	if (mp_state->mp_state == KVM_MP_STATE_SIPI_RECEIVED) {
 		vcpu->arch.mp_state = KVM_MP_STATE_INIT_RECEIVED;
 		set_bit(KVM_APIC_SIPI, &vcpu->arch.apic->pending_events);
Commit	Line	Data
b889272d GKH	1	From 28bf28887976d8881a3a59491896c718fade7355 Mon Sep 17 00:00:00 2001
	2	From: David Hildenbrand <david@redhat.com>
	3	Date: Thu, 23 Mar 2017 11:46:03 +0100
	4	Subject: KVM: x86: fix user triggerable warning in kvm_apic_accept_events()
	5	MIME-Version: 1.0
	6	Content-Type: text/plain; charset=UTF-8
	7	Content-Transfer-Encoding: 8bit
	8
	9	From: David Hildenbrand <david@redhat.com>
	10
	11	commit 28bf28887976d8881a3a59491896c718fade7355 upstream.
	12
	13	If we already entered/are about to enter SMM, don't allow switching to
	14	INIT/SIPI_RECEIVED, otherwise the next call to kvm_apic_accept_events()
	15	will report a warning.
	16
	17	Same applies if we are already in MP state INIT_RECEIVED and SMM is
	18	requested to be turned on. Refuse to set the VCPU events in this case.
	19
	20	Fixes: cd7764fe9f73 ("KVM: x86: latch INITs while in system management mode")
	21	Reported-by: Dmitry Vyukov <dvyukov@google.com>
	22	Signed-off-by: David Hildenbrand <david@redhat.com>
	23	Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
	24	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	25
	26	---
	27	arch/x86/kvm/x86.c \| 12 ++++++++++++
	28	1 file changed, 12 insertions(+)
	29
	30	--- a/arch/x86/kvm/x86.c
	31	+++ b/arch/x86/kvm/x86.c
	32	@@ -3127,6 +3127,12 @@ static int kvm_vcpu_ioctl_x86_set_vcpu_e
	33	(events->exception.nr > 31 \|\| events->exception.nr == NMI_VECTOR))
	34	return -EINVAL;
	35
	36	+ /* INITs are latched while in SMM */
	37	+ if (events->flags & KVM_VCPUEVENT_VALID_SMM &&
	38	+ (events->smi.smm \|\| events->smi.pending) &&
	39	+ vcpu->arch.mp_state == KVM_MP_STATE_INIT_RECEIVED)
	40	+ return -EINVAL;
	41	+
	42	process_nmi(vcpu);
	43	vcpu->arch.exception.pending = events->exception.injected;
	44	vcpu->arch.exception.nr = events->exception.nr;
	45	@@ -7355,6 +7361,12 @@ int kvm_arch_vcpu_ioctl_set_mpstate(stru
	46	mp_state->mp_state != KVM_MP_STATE_RUNNABLE)
	47	return -EINVAL;
	48
	49	+ /* INITs are latched while in SMM */
	50	+ if ((is_smm(vcpu) \|\| vcpu->arch.smi_pending) &&
	51	+ (mp_state->mp_state == KVM_MP_STATE_SIPI_RECEIVED \|\|
	52	+ mp_state->mp_state == KVM_MP_STATE_INIT_RECEIVED))
	53	+ return -EINVAL;
	54	+
	55	if (mp_state->mp_state == KVM_MP_STATE_SIPI_RECEIVED) {
	56	vcpu->arch.mp_state = KVM_MP_STATE_INIT_RECEIVED;
	57	set_bit(KVM_APIC_SIPI, &vcpu->arch.apic->pending_events);