4.4-stable patches

added patches:
	kvm-vmx-fix-x2apic-check-in-vmx_msr_bitmap_mode.patch

diff --git a/queue-4.4/kvm-vmx-fix-x2apic-check-in-vmx_msr_bitmap_mode.patch b/queue-4.4/kvm-vmx-fix-x2apic-check-in-vmx_msr_bitmap_mode.patch
new file mode 100644 (file)
index 0000000..a88bc73
--- /dev/null
+++ b/queue-4.4/kvm-vmx-fix-x2apic-check-in-vmx_msr_bitmap_mode.patch
@@ -0,0 +1,51 @@
+From joro@8bytes.org  Thu Feb 21 15:15:48 2019
+From: Joerg Roedel <joro@8bytes.org>
+Date: Thu, 21 Feb 2019 14:52:13 +0100
+Subject: KVM: VMX: Fix x2apic check in vmx_msr_bitmap_mode()
+To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, stable@vger.kernel.org
+Cc: Ben Hutchings <ben.hutchings@codethink.co.uk>, David Woodhouse <dwmw@amazon.co.uk>, Paolo Bonzini <pbonzini@redhat.com>, Jim Mattson <jmattson@google.com>, linux-kernel@vger.kernel.org, Joerg Roedel <jroedel@suse.de>
+Message-ID: <20190221135213.23926-1-joro@8bytes.org>
+
+From: Joerg Roedel <jroedel@suse.de>
+
+The stable backport of upstream commit
+
+       904e14fb7cb96 KVM: VMX: make MSR bitmaps per-VCPU
+
+has a bug in vmx_msr_bitmap_mode(). It enables the x2apic
+MSR-bitmap when the kernel emulates x2apic for the guest in
+software. The upstream version of the commit checkes whether
+the hardware has virtualization enabled for x2apic
+emulation.
+
+Since KVM emulates x2apic for guests even when the host does
+not support x2apic in hardware, this causes the intercept of
+at least the X2APIC_TASKPRI MSR to be disabled on machines
+not supporting that MSR. The result is undefined behavior,
+on some machines (Intel Westmere based) it causes a crash of
+the guest kernel when it tries to access that MSR.
+
+Change the check in vmx_msr_bitmap_mode() to match the upstream
+code. This fixes the guest crashes observed with stable
+kernels starting with v4.4.168 through v4.4.175.
+
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/vmx.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -4628,7 +4628,9 @@ static u8 vmx_msr_bitmap_mode(struct kvm
+ {
+       u8 mode = 0;
+ 
+-      if (irqchip_in_kernel(vcpu->kvm) && apic_x2apic_mode(vcpu->arch.apic)) {
++      if (cpu_has_secondary_exec_ctrls() &&
++          (vmcs_read32(SECONDARY_VM_EXEC_CONTROL) &
++           SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE)) {
+               mode |= MSR_BITMAP_MODE_X2APIC;
+               if (enable_apicv)
+                       mode |= MSR_BITMAP_MODE_X2APIC_APICV;

diff --git a/queue-4.4/series b/queue-4.4/series
index ff9d79cfc6c8bb9a5dc0a4d5618dad0c9e342f99..8045515a1138d36ed6514483379467f9f98cb87c 100644 (file)
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -17,3 +17,4 @@ mfd-as3722-mark-pm-functions-as-__maybe_unused.patch
 net-x25-do-not-hold-the-cpu-too-long-in-x25_new_lci.patch
 misdn-fix-a-race-in-dev_expire_timer.patch
 ax25-fix-possible-use-after-free.patch
+kvm-vmx-fix-x2apic-check-in-vmx_msr_bitmap_mode.patch