--- /dev/null
+From 5104d7ffcf24749939bea7fdb5378d186473f890 Mon Sep 17 00:00:00 2001
+From: Sean Christopherson <seanjc@google.com>
+Date: Tue, 4 May 2021 10:17:24 -0700
+Subject: KVM: VMX: Disable preemption when probing user return MSRs
+
+From: Sean Christopherson <seanjc@google.com>
+
+commit 5104d7ffcf24749939bea7fdb5378d186473f890 upstream.
+
+Disable preemption when probing a user return MSR via RDSMR/WRMSR. If
+the MSR holds a different value per logical CPU, the WRMSR could corrupt
+the host's value if KVM is preempted between the RDMSR and WRMSR, and
+then rescheduled on a different CPU.
+
+Opportunistically land the helper in common x86, SVM will use the helper
+in a future commit.
+
+Fixes: 4be534102624 ("KVM: VMX: Initialize vmx->guest_msrs[] right after allocation")
+Cc: stable@vger.kernel.org
+Cc: Xiaoyao Li <xiaoyao.li@intel.com>
+Signed-off-by: Sean Christopherson <seanjc@google.com>
+Message-Id: <20210504171734.1434054-6-seanjc@google.com>
+Reviewed-by: Jim Mattson <jmattson@google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/include/asm/kvm_host.h | 1 +
+ arch/x86/kvm/vmx/vmx.c | 5 +----
+ arch/x86/kvm/x86.c | 16 ++++++++++++++++
+ 3 files changed, 18 insertions(+), 4 deletions(-)
+
+--- a/arch/x86/include/asm/kvm_host.h
++++ b/arch/x86/include/asm/kvm_host.h
+@@ -1753,6 +1753,7 @@ int kvm_pv_send_ipi(struct kvm *kvm, uns
+ unsigned long icr, int op_64_bit);
+
+ void kvm_define_user_return_msr(unsigned index, u32 msr);
++int kvm_probe_user_return_msr(u32 msr);
+ int kvm_set_user_return_msr(unsigned index, u64 val, u64 mask);
+
+ u64 kvm_scale_tsc(struct kvm_vcpu *vcpu, u64 tsc);
+--- a/arch/x86/kvm/vmx/vmx.c
++++ b/arch/x86/kvm/vmx/vmx.c
+@@ -6914,12 +6914,9 @@ static int vmx_create_vcpu(struct kvm_vc
+
+ for (i = 0; i < ARRAY_SIZE(vmx_uret_msrs_list); ++i) {
+ u32 index = vmx_uret_msrs_list[i];
+- u32 data_low, data_high;
+ int j = vmx->nr_uret_msrs;
+
+- if (rdmsr_safe(index, &data_low, &data_high) < 0)
+- continue;
+- if (wrmsr_safe(index, data_low, data_high) < 0)
++ if (kvm_probe_user_return_msr(index))
+ continue;
+
+ vmx->guest_uret_msrs[j].slot = i;
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -335,6 +335,22 @@ static void kvm_on_user_return(struct us
+ }
+ }
+
++int kvm_probe_user_return_msr(u32 msr)
++{
++ u64 val;
++ int ret;
++
++ preempt_disable();
++ ret = rdmsrl_safe(msr, &val);
++ if (ret)
++ goto out;
++ ret = wrmsrl_safe(msr, val);
++out:
++ preempt_enable();
++ return ret;
++}
++EXPORT_SYMBOL_GPL(kvm_probe_user_return_msr);
++
+ void kvm_define_user_return_msr(unsigned slot, u32 msr)
+ {
+ BUG_ON(slot >= KVM_MAX_NR_USER_RETURN_MSRS);
--- /dev/null
+From 8aec21c04caa2000f91cf8822ae0811e4b0c3971 Mon Sep 17 00:00:00 2001
+From: Sean Christopherson <seanjc@google.com>
+Date: Tue, 4 May 2021 10:17:20 -0700
+Subject: KVM: VMX: Do not advertise RDPID if ENABLE_RDTSCP control is unsupported
+
+From: Sean Christopherson <seanjc@google.com>
+
+commit 8aec21c04caa2000f91cf8822ae0811e4b0c3971 upstream.
+
+Clear KVM's RDPID capability if the ENABLE_RDTSCP secondary exec control is
+unsupported. Despite being enumerated in a separate CPUID flag, RDPID is
+bundled under the same VMCS control as RDTSCP and will #UD in VMX non-root
+if ENABLE_RDTSCP is not enabled.
+
+Fixes: 41cd02c6f7f6 ("kvm: x86: Expose RDPID in KVM_GET_SUPPORTED_CPUID")
+Cc: stable@vger.kernel.org
+Signed-off-by: Sean Christopherson <seanjc@google.com>
+Message-Id: <20210504171734.1434054-2-seanjc@google.com>
+Reviewed-by: Jim Mattson <jmattson@google.com>
+Reviewed-by: Reiji Watanabe <reijiw@google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/kvm/vmx/vmx.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/kvm/vmx/vmx.c
++++ b/arch/x86/kvm/vmx/vmx.c
+@@ -7352,9 +7352,11 @@ static __init void vmx_set_cpu_caps(void
+ if (!cpu_has_vmx_xsaves())
+ kvm_cpu_cap_clear(X86_FEATURE_XSAVES);
+
+- /* CPUID 0x80000001 */
+- if (!cpu_has_vmx_rdtscp())
++ /* CPUID 0x80000001 and 0x7 (RDPID) */
++ if (!cpu_has_vmx_rdtscp()) {
+ kvm_cpu_cap_clear(X86_FEATURE_RDTSCP);
++ kvm_cpu_cap_clear(X86_FEATURE_RDPID);
++ }
+
+ if (cpu_has_vmx_waitpkg())
+ kvm_cpu_cap_check_and_set(X86_FEATURE_WAITPKG);
projects / thirdparty / kernel / stable-queue.git / commitdiff
