From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 17 May 2021 08:48:49 +0000 (+0200)
Subject: 5.12-stable patches
X-Git-Tag: v5.4.120~50
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=36e4d208a52f782f5f3e88f484e1395593e9c030;p=thirdparty%2Fkernel%2Fstable-queue.git

5.12-stable patches

added patches:
	kvm-vmx-disable-preemption-when-probing-user-return-msrs.patch
	kvm-vmx-do-not-advertise-rdpid-if-enable_rdtscp-control-is-unsupported.patch
---

diff --git a/queue-5.12/kvm-vmx-disable-preemption-when-probing-user-return-msrs.patch b/queue-5.12/kvm-vmx-disable-preemption-when-probing-user-return-msrs.patch
new file mode 100644
index 00000000000..abb0c0dcd09
--- /dev/null
+++ b/queue-5.12/kvm-vmx-disable-preemption-when-probing-user-return-msrs.patch
@@ -0,0 +1,82 @@
+From 5104d7ffcf24749939bea7fdb5378d186473f890 Mon Sep 17 00:00:00 2001
+From: Sean Christopherson <seanjc@google.com>
+Date: Tue, 4 May 2021 10:17:24 -0700
+Subject: KVM: VMX: Disable preemption when probing user return MSRs
+
+From: Sean Christopherson <seanjc@google.com>
+
+commit 5104d7ffcf24749939bea7fdb5378d186473f890 upstream.
+
+Disable preemption when probing a user return MSR via RDSMR/WRMSR.  If
+the MSR holds a different value per logical CPU, the WRMSR could corrupt
+the host's value if KVM is preempted between the RDMSR and WRMSR, and
+then rescheduled on a different CPU.
+
+Opportunistically land the helper in common x86, SVM will use the helper
+in a future commit.
+
+Fixes: 4be534102624 ("KVM: VMX: Initialize vmx->guest_msrs[] right after allocation")
+Cc: stable@vger.kernel.org
+Cc: Xiaoyao Li <xiaoyao.li@intel.com>
+Signed-off-by: Sean Christopherson <seanjc@google.com>
+Message-Id: <20210504171734.1434054-6-seanjc@google.com>
+Reviewed-by: Jim Mattson <jmattson@google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/include/asm/kvm_host.h |    1 +
+ arch/x86/kvm/vmx/vmx.c          |    5 +----
+ arch/x86/kvm/x86.c              |   16 ++++++++++++++++
+ 3 files changed, 18 insertions(+), 4 deletions(-)
+
+--- a/arch/x86/include/asm/kvm_host.h
++++ b/arch/x86/include/asm/kvm_host.h
+@@ -1753,6 +1753,7 @@ int kvm_pv_send_ipi(struct kvm *kvm, uns
+ 		    unsigned long icr, int op_64_bit);
+ 
+ void kvm_define_user_return_msr(unsigned index, u32 msr);
++int kvm_probe_user_return_msr(u32 msr);
+ int kvm_set_user_return_msr(unsigned index, u64 val, u64 mask);
+ 
+ u64 kvm_scale_tsc(struct kvm_vcpu *vcpu, u64 tsc);
+--- a/arch/x86/kvm/vmx/vmx.c
++++ b/arch/x86/kvm/vmx/vmx.c
+@@ -6914,12 +6914,9 @@ static int vmx_create_vcpu(struct kvm_vc
+ 
+ 	for (i = 0; i < ARRAY_SIZE(vmx_uret_msrs_list); ++i) {
+ 		u32 index = vmx_uret_msrs_list[i];
+-		u32 data_low, data_high;
+ 		int j = vmx->nr_uret_msrs;
+ 
+-		if (rdmsr_safe(index, &data_low, &data_high) < 0)
+-			continue;
+-		if (wrmsr_safe(index, data_low, data_high) < 0)
++		if (kvm_probe_user_return_msr(index))
+ 			continue;
+ 
+ 		vmx->guest_uret_msrs[j].slot = i;
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -335,6 +335,22 @@ static void kvm_on_user_return(struct us
+ 	}
+ }
+ 
++int kvm_probe_user_return_msr(u32 msr)
++{
++	u64 val;
++	int ret;
++
++	preempt_disable();
++	ret = rdmsrl_safe(msr, &val);
++	if (ret)
++		goto out;
++	ret = wrmsrl_safe(msr, val);
++out:
++	preempt_enable();
++	return ret;
++}
++EXPORT_SYMBOL_GPL(kvm_probe_user_return_msr);
++
+ void kvm_define_user_return_msr(unsigned slot, u32 msr)
+ {
+ 	BUG_ON(slot >= KVM_MAX_NR_USER_RETURN_MSRS);
diff --git a/queue-5.12/kvm-vmx-do-not-advertise-rdpid-if-enable_rdtscp-control-is-unsupported.patch b/queue-5.12/kvm-vmx-do-not-advertise-rdpid-if-enable_rdtscp-control-is-unsupported.patch
new file mode 100644
index 00000000000..91661125593
--- /dev/null
+++ b/queue-5.12/kvm-vmx-do-not-advertise-rdpid-if-enable_rdtscp-control-is-unsupported.patch
@@ -0,0 +1,42 @@
+From 8aec21c04caa2000f91cf8822ae0811e4b0c3971 Mon Sep 17 00:00:00 2001
+From: Sean Christopherson <seanjc@google.com>
+Date: Tue, 4 May 2021 10:17:20 -0700
+Subject: KVM: VMX: Do not advertise RDPID if ENABLE_RDTSCP control is unsupported
+
+From: Sean Christopherson <seanjc@google.com>
+
+commit 8aec21c04caa2000f91cf8822ae0811e4b0c3971 upstream.
+
+Clear KVM's RDPID capability if the ENABLE_RDTSCP secondary exec control is
+unsupported.  Despite being enumerated in a separate CPUID flag, RDPID is
+bundled under the same VMCS control as RDTSCP and will #UD in VMX non-root
+if ENABLE_RDTSCP is not enabled.
+
+Fixes: 41cd02c6f7f6 ("kvm: x86: Expose RDPID in KVM_GET_SUPPORTED_CPUID")
+Cc: stable@vger.kernel.org
+Signed-off-by: Sean Christopherson <seanjc@google.com>
+Message-Id: <20210504171734.1434054-2-seanjc@google.com>
+Reviewed-by: Jim Mattson <jmattson@google.com>
+Reviewed-by: Reiji Watanabe <reijiw@google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/kvm/vmx/vmx.c |    6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/kvm/vmx/vmx.c
++++ b/arch/x86/kvm/vmx/vmx.c
+@@ -7352,9 +7352,11 @@ static __init void vmx_set_cpu_caps(void
+ 	if (!cpu_has_vmx_xsaves())
+ 		kvm_cpu_cap_clear(X86_FEATURE_XSAVES);
+ 
+-	/* CPUID 0x80000001 */
+-	if (!cpu_has_vmx_rdtscp())
++	/* CPUID 0x80000001 and 0x7 (RDPID) */
++	if (!cpu_has_vmx_rdtscp()) {
+ 		kvm_cpu_cap_clear(X86_FEATURE_RDTSCP);
++		kvm_cpu_cap_clear(X86_FEATURE_RDPID);
++	}
+ 
+ 	if (cpu_has_vmx_waitpkg())
+ 		kvm_cpu_cap_check_and_set(X86_FEATURE_WAITPKG);
diff --git a/queue-5.12/series b/queue-5.12/series
index 0f7f72f68c7..00a2d412427 100644
--- a/queue-5.12/series
+++ b/queue-5.12/series
@@ -330,3 +330,5 @@ kvm-x86-emulate-rdpid-only-if-rdtscp-is-supported.patch
 kvm-x86-move-rdpid-emulation-intercept-to-its-own-enum.patch
 kvm-x86-add-support-for-rdpid-without-rdtscp.patch
 kvm-nvmx-always-make-an-attempt-to-map-evmcs-after-migration.patch
+kvm-vmx-do-not-advertise-rdpid-if-enable_rdtscp-control-is-unsupported.patch
+kvm-vmx-disable-preemption-when-probing-user-return-msrs.patch