git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Sean Christopherson <seanjc@google.com>
	Tue, 13 Jun 2023 20:30:35 +0000 (13:30 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 3 Aug 2023 08:22:45 +0000 (10:22 +0200)
commit	427d42838c16667ceec491c86bca60ba206225b9
tree	407ea51ab9daa00f1dda50417fe44f24fa9c0294	tree
parent	4ed1549129f9c0388b89654b6bb1a81b553a8edf	commit \| diff

KVM: x86: Disallow KVM_SET_SREGS{2} if incoming CR0 is invalid

[ Upstream commit 26a0652cb453c72f6aab0974bc4939e9b14f886b ]

Reject KVM_SET_SREGS{2} with -EINVAL if the incoming CR0 is invalid,
e.g. due to setting bits 63:32, illegal combinations, or to a value that
isn't allowed in VMX (non-)root mode. The VMX checks in particular are
"fun" as failure to disallow Real Mode for an L2 that is configured with
unrestricted guest disabled, when KVM itself has unrestricted guest
enabled, will result in KVM forcing VM86 mode to virtual Real Mode for
L2, but then fail to unwind the related metadata when synthesizing a
nested VM-Exit back to L1 (which has unrestricted guest enabled).

Opportunistically fix a benign typo in the prototype for is_valid_cr4().

Cc: stable@vger.kernel.org
Reported-by: syzbot+5feef0b9ee9c8e9e5689@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/000000000000f316b705fdf6e2b4@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20230613203037.1968489-2-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

arch/x86/include/asm/kvm-x86-ops.h		diff \| blob \| blame \| history
arch/x86/include/asm/kvm_host.h		diff \| blob \| blame \| history
arch/x86/kvm/svm/svm.c		diff \| blob \| blame \| history
arch/x86/kvm/vmx/vmx.c		diff \| blob \| blame \| history
arch/x86/kvm/x86.c		diff \| blob \| blame \| history