[thirdparty/kernel/stable-queue.git] / releases / 4.18.14 / kvm-vmx-check-for-existence-of-secondary-exec-controls-before-accessing.patch

From fd6b6d9b82f97a851fb0078201ddc38fe9728cda Mon Sep 17 00:00:00 2001
From: Sean Christopherson <sean.j.christopherson@intel.com>
Date: Mon, 1 Oct 2018 14:25:34 -0700
Subject: KVM: VMX: check for existence of secondary exec controls before accessing

From: Sean Christopherson <sean.j.christopherson@intel.com>

commit fd6b6d9b82f97a851fb0078201ddc38fe9728cda upstream.

Return early from vmx_set_virtual_apic_mode() if the processor doesn't
support VIRTUALIZE_APIC_ACCESSES or VIRTUALIZE_X2APIC_MODE, both of
which reside in SECONDARY_VM_EXEC_CONTROL.  This eliminates warnings
due to VMWRITEs to SECONDARY_VM_EXEC_CONTROL (VMCS field 401e) failing
on processors without secondary exec controls.

Remove the similar check for TPR shadowing as it is incorporated in the
flexpriority_enabled check and the APIC-related code in
vmx_update_msr_bitmap() is further gated by VIRTUALIZE_X2APIC_MODE.

Reported-by: Gerhard Wiesinger <redhat@wiesinger.com>
Fixes: 8d860bbeedef ("kvm: vmx: Basic APIC virtualization controls have three settings")
Cc: Jim Mattson <jmattson@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/kvm/vmx.c |    7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -9826,15 +9826,16 @@ static void vmx_set_virtual_apic_mode(st
 	if (!lapic_in_kernel(vcpu))
 		return;
 
+	if (!flexpriority_enabled &&
+	    !cpu_has_vmx_virtualize_x2apic_mode())
+		return;
+
 	/* Postpone execution until vmcs01 is the current VMCS. */
 	if (is_guest_mode(vcpu)) {
 		to_vmx(vcpu)->nested.change_vmcs01_virtual_apic_mode = true;
 		return;
 	}
 
-	if (!cpu_need_tpr_shadow(vcpu))
-		return;
-
 	sec_exec_control = vmcs_read32(SECONDARY_VM_EXEC_CONTROL);
 	sec_exec_control &= ~(SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
 			      SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE);
Commit	Line	Data
7c34048e GKH	1	From fd6b6d9b82f97a851fb0078201ddc38fe9728cda Mon Sep 17 00:00:00 2001
	2	From: Sean Christopherson <sean.j.christopherson@intel.com>
	3	Date: Mon, 1 Oct 2018 14:25:34 -0700
	4	Subject: KVM: VMX: check for existence of secondary exec controls before accessing
	5
	6	From: Sean Christopherson <sean.j.christopherson@intel.com>
	7
	8	commit fd6b6d9b82f97a851fb0078201ddc38fe9728cda upstream.
	9
	10	Return early from vmx_set_virtual_apic_mode() if the processor doesn't
	11	support VIRTUALIZE_APIC_ACCESSES or VIRTUALIZE_X2APIC_MODE, both of
	12	which reside in SECONDARY_VM_EXEC_CONTROL. This eliminates warnings
	13	due to VMWRITEs to SECONDARY_VM_EXEC_CONTROL (VMCS field 401e) failing
	14	on processors without secondary exec controls.
	15
	16	Remove the similar check for TPR shadowing as it is incorporated in the
	17	flexpriority_enabled check and the APIC-related code in
	18	vmx_update_msr_bitmap() is further gated by VIRTUALIZE_X2APIC_MODE.
	19
	20	Reported-by: Gerhard Wiesinger <redhat@wiesinger.com>
	21	Fixes: 8d860bbeedef ("kvm: vmx: Basic APIC virtualization controls have three settings")
	22	Cc: Jim Mattson <jmattson@google.com>
	23	Cc: stable@vger.kernel.org
	24	Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
	25	Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
	26	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	27
	28	---
	29	arch/x86/kvm/vmx.c \| 7 ++++---
	30	1 file changed, 4 insertions(+), 3 deletions(-)
	31
	32	--- a/arch/x86/kvm/vmx.c
	33	+++ b/arch/x86/kvm/vmx.c
	34	@@ -9826,15 +9826,16 @@ static void vmx_set_virtual_apic_mode(st
	35	if (!lapic_in_kernel(vcpu))
	36	return;
	37
	38	+ if (!flexpriority_enabled &&
	39	+ !cpu_has_vmx_virtualize_x2apic_mode())
	40	+ return;
	41	+
	42	/* Postpone execution until vmcs01 is the current VMCS. */
	43	if (is_guest_mode(vcpu)) {
	44	to_vmx(vcpu)->nested.change_vmcs01_virtual_apic_mode = true;
	45	return;
	46	}
	47
	48	- if (!cpu_need_tpr_shadow(vcpu))
	49	- return;
	50	-
	51	sec_exec_control = vmcs_read32(SECONDARY_VM_EXEC_CONTROL);
	52	sec_exec_control &= ~(SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES \|
	53	SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE);