From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 1 Sep 2021 09:50:13 +0000 (+0200)
Subject: 4.19-stable patches
X-Git-Tag: v4.4.283~26
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e0ae739225dabbaac74d7a71caecdc62e3a27c95;p=thirdparty%2Fkernel%2Fstable-queue.git

4.19-stable patches

added patches:
	kvm-x86-mmu-treat-nx-as-used-not-reserved-for-all-tdp-shadow-mmus.patch
---

diff --git a/queue-4.19/kvm-x86-mmu-treat-nx-as-used-not-reserved-for-all-tdp-shadow-mmus.patch b/queue-4.19/kvm-x86-mmu-treat-nx-as-used-not-reserved-for-all-tdp-shadow-mmus.patch
new file mode 100644
index 00000000000..ff60b5c5729
--- /dev/null
+++ b/queue-4.19/kvm-x86-mmu-treat-nx-as-used-not-reserved-for-all-tdp-shadow-mmus.patch
@@ -0,0 +1,50 @@
+From foo@baz Wed Sep  1 11:30:29 AM CEST 2021
+From: Sean Christopherson <seanjc@google.com>
+Date: Tue, 22 Jun 2021 10:56:47 -0700
+Subject: KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP shadow MMUs
+
+From: Sean Christopherson <seanjc@google.com>
+
+commit 112022bdb5bc372e00e6e43cb88ee38ea67b97bd upstream
+
+Mark NX as being used for all non-nested shadow MMUs, as KVM will set the
+NX bit for huge SPTEs if the iTLB mutli-hit mitigation is enabled.
+Checking the mitigation itself is not sufficient as it can be toggled on
+at any time and KVM doesn't reset MMU contexts when that happens.  KVM
+could reset the contexts, but that would require purging all SPTEs in all
+MMUs, for no real benefit.  And, KVM already forces EFER.NX=1 when TDP is
+disabled (for WP=0, SMEP=1, NX=0), so technically NX is never reserved
+for shadow MMUs.
+
+Fixes: b8e8c8303ff2 ("kvm: mmu: ITLB_MULTIHIT mitigation")
+Cc: stable@vger.kernel.org
+Signed-off-by: Sean Christopherson <seanjc@google.com>
+Message-Id: <20210622175739.3610207-3-seanjc@google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+[sudip: use old path and adjust context]
+Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/kvm/mmu.c |   11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/mmu.c
++++ b/arch/x86/kvm/mmu.c
+@@ -4557,7 +4557,16 @@ static void reset_rsvds_bits_mask_ept(st
+ void
+ reset_shadow_zero_bits_mask(struct kvm_vcpu *vcpu, struct kvm_mmu *context)
+ {
+-	bool uses_nx = context->nx || context->base_role.smep_andnot_wp;
++	/*
++	 * KVM uses NX when TDP is disabled to handle a variety of scenarios,
++	 * notably for huge SPTEs if iTLB multi-hit mitigation is enabled and
++	 * to generate correct permissions for CR0.WP=0/CR4.SMEP=1/EFER.NX=0.
++	 * The iTLB multi-hit workaround can be toggled at any time, so assume
++	 * NX can be used by any non-nested shadow MMU to avoid having to reset
++	 * MMU contexts.  Note, KVM forces EFER.NX=1 when TDP is disabled.
++	 */
++	bool uses_nx = context->nx || !tdp_enabled ||
++		context->base_role.smep_andnot_wp;
+ 	struct rsvd_bits_validate *shadow_zero_check;
+ 	int i;
+ 
diff --git a/queue-4.19/series b/queue-4.19/series
index 1508191d35b..8d6b0ccc780 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -28,3 +28,4 @@ drm-nouveau-disp-power-down-unused-dp-links-during-i.patch
 net-rds-dma_map_sg-is-entitled-to-merge-entries.patch
 vt_kdsetmode-extend-console-locking.patch
 fbmem-add-margin-check-to-fb_check_caps.patch
+kvm-x86-mmu-treat-nx-as-used-not-reserved-for-all-tdp-shadow-mmus.patch