From nobody Mon Apr 27 09:14:01 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 05EC1C433EF for ; Tue, 14 Jun 2022 21:58:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1352656AbiFNV6y (ORCPT ); Tue, 14 Jun 2022 17:58:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52896 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1356793AbiFNV6i (ORCPT ); Tue, 14 Jun 2022 17:58:38 -0400 Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com [IPv6:2607:f8b0:4864:20::1049]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8E06022538 for ; Tue, 14 Jun 2022 14:58:36 -0700 (PDT) Received: by mail-pj1-x1049.google.com with SMTP id 92-20020a17090a09e500b001d917022847so4186712pjo.1 for ; Tue, 14 Jun 2022 14:58:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=reply-to:date:in-reply-to:message-id:mime-version:references :subject:from:to:cc; bh=ebS8dne3mnDpirg5LR725mOTZXQcHNFKEGxHVUOffsM=; b=VOwSyBvRR60i3AzxCfJhD5+jngE1w8CYRvv8U8CK6pDoMBqQQF3kymLu/Jhj/Ht8Wu tsUDCkoUg3wR2qxrZlzyReHtjtB/Ue0KVWcMHJO232lmeNnTU0jmy5LHaNksHjvBKOqj A3mZlVivN46URKThiboEbJrzzdyRLdzI0mnFc7JGTBd3Fl6BfSJ1Bu0/2mhq7FJbkwBW n0ULn4Mj4aH+laV/eA5fLJqPbrVXsioPLv60mDy0bBQRkPGatFGl282hjjDcviWkkh1h C7jke03Z+rNSjxHv/WhUudNUhUT/73YExrWmzV2ypLTeiq+OpVM4priwcbU77a3K++o+ W6UQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:reply-to:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=ebS8dne3mnDpirg5LR725mOTZXQcHNFKEGxHVUOffsM=; b=yTlV9ot5W4MBp07fejdp0DrWCPossyTXKKsCPvovg/gtMNGF0jAcYPg37Y2/EyH71d PVj0mcXhqrg/nc57FUqtQGFrGOjbANAScJbyjcAbZkTZGFd0dxb96LXHy5ZVagDUAYn2 Fq0kqPwbMLQz8j/mgCgGQrFXsNliL4QLpk5dQnFfE0BPWCrnDhQZncX1cMRkiqaZtufp 8b/qMubtt5Nybw1JYYnnBeDXWmeAScHetRJnW9v3b+lr87ffzNAcUcW68pJPCCwYIGcq TRQ/iICu/RUPd3Hji9ZvAD/r5/zt/NoG0cqfe/nI3fmZzlslwApVd+2YOEUi0btutBM5 7PRQ== X-Gm-Message-State: AJIora93OiCVSBPMtAc2VB7IM31cf0VIemvYJxndKFdvOpaKL9EYD9wD hufze8J1Y+whXQdecpvvDPNsC85mA4A= X-Google-Smtp-Source: AGRyM1vMQ6nhSdUpnQYVSpnpt2k+LMXtZ71PU0X63rWRBPPfkzBD6InMr8CLS1qvxKaEQ0bcMvu1i2cChow= X-Received: from seanjc.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:3e5]) (user=seanjc job=sendgmr) by 2002:a17:902:64c2:b0:168:c298:bdee with SMTP id y2-20020a17090264c200b00168c298bdeemr6090894pli.82.1655243916084; Tue, 14 Jun 2022 14:58:36 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 14 Jun 2022 21:58:27 +0000 In-Reply-To: <20220614215831.3762138-1-seanjc@google.com> Message-Id: <20220614215831.3762138-2-seanjc@google.com> Mime-Version: 1.0 References: <20220614215831.3762138-1-seanjc@google.com> X-Mailer: git-send-email 2.36.1.476.g0c4daa206d-goog Subject: [PATCH 1/5] KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case From: Sean Christopherson To: Paolo Bonzini Cc: Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Lei Wang Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" If a nested run isn't pending, snapshot vmcs01.GUEST_BNDCFGS irrespective of whether or not VM_ENTRY_LOAD_BNDCFGS is set in vmcs12. When restoring nested state, e.g. after migration, without a nested run pending, prepare_vmcs02() will propagate nested.vmcs01_guest_bndcfgs to vmcs02, i.e. will load garbage/zeros into vmcs02.GUEST_BNDCFGS. If userspace restores nested state before MSRs, then loading garbage is a non-issue as loading BNDCFGS will also update vmcs02. But if usersepace restores MSRs first, then KVM is responsible for propagating L2's value, which is actually thrown into vmcs01, into vmcs02. Restoring L2 MSRs into vmcs01, i.e. loading all MSRs before nested state is all kinds of bizarre and ideally would not be supported. Sadly, some VMMs do exactly that and rely on KVM to make things work. Note, there's still a lurking SMM bug, as propagating vmcs01.GUEST_BNDFGS to vmcs02 across RSM may corrupt L2's BNDCFGS. But KVM's entire VMX+SMM emulation is flawed as SMI+RSM should not toouch _any_ VMCS when use the "default treatment of SMIs", i.e. when not using an SMI Transfer Monitor. Link: https://lore.kernel.org/all/Yobt1XwOfb5M6Dfa@google.com Fixes: 62cf9bd8118c ("KVM: nVMX: Fix emulation of VM_ENTRY_LOAD_BNDCFGS") Cc: stable@vger.kernel.org Cc: Lei Wang Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/nested.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 7d8cd0ebcc75..66c25bb56938 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -3382,7 +3382,8 @@ enum nvmx_vmentry_status nested_vmx_enter_non_root_mo= de(struct kvm_vcpu *vcpu, if (!(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_DEBUG_CONTROLS)) vmx->nested.vmcs01_debugctl =3D vmcs_read64(GUEST_IA32_DEBUGCTL); if (kvm_mpx_supported() && - !(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS)) + (!vmx->nested.nested_run_pending || + !(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS))) vmx->nested.vmcs01_guest_bndcfgs =3D vmcs_read64(GUEST_BNDCFGS); =20 /* --=20 2.36.1.476.g0c4daa206d-goog From nobody Mon Apr 27 09:14:01 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E7F1CC43334 for ; Tue, 14 Jun 2022 21:59:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1355592AbiFNV67 (ORCPT ); Tue, 14 Jun 2022 17:58:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52906 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1357154AbiFNV6j (ORCPT ); Tue, 14 Jun 2022 17:58:39 -0400 Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com [IPv6:2607:f8b0:4864:20::1049]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 47AE51D322 for ; Tue, 14 Jun 2022 14:58:38 -0700 (PDT) Received: by mail-pj1-x1049.google.com with SMTP id u10-20020a17090a1d4a00b001e862680928so4176671pju.9 for ; Tue, 14 Jun 2022 14:58:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=reply-to:date:in-reply-to:message-id:mime-version:references :subject:from:to:cc; bh=dUrHYPjTeyeIaiftDlK8lvhq4xdyB6rSMhx+E9kZeQI=; b=RfCHJ3J1fNmHDZEev7mBJJN9myc3lMSXoLRzE2Em2X8P3DMPVasWAbim4o5g3WlEoQ 3QHsJodpIlcfjTU0RQd721ClRWbaIejLI2WPMjqdowR/ig5uyjkMtX9QC0qUbJZnHSmM 3HY5fKOeyqV7yolP5ij6JRIywi+RSZx37PtrtMfO0TE7WWkWPeS6fzuMQqvms+cJmARZ MPg20mobH3LwXo+Kn89TORBec+u/89bzPu5i8yycEVlDpO/vtC/DNzR2qvNjw+sEU1Vf tHs/PFPYLcOBi8afgwu+g006VVwkThlxkNsACsrUQAV2YEZseJ7JG2wGZr5Vrcp30x+f TKCQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:reply-to:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=dUrHYPjTeyeIaiftDlK8lvhq4xdyB6rSMhx+E9kZeQI=; b=Ly2GggPd9m57uKgJ+svoHBS5v4ydkD9KvIV5i1K2+8OXUnMQ2AEQHGhPjZU2N+fOlT +wjMR1Npe6WxoVBuYSHZND2L1IjiZJWlFiOuiqnZNAVDP6ppPi3JpVAk8xLaMIs94mqU eqBWFK4TVBjUWMq0crYxGyELBbHuQh0YIRQfKP9iPN6uoM1PHw72nOQjZ/0EunuXc4xv 9t0OB4ElkIPcBeH7fCldELskIpSo7hoO8BMFKq0M+jZeeolS9bHifHNCIT0EpHhRat/l vyFNk7XUcXSTkw6GlspGr89ROr1kQhcX0+yNzTIfQCKSwRaxHkYH8da7PybsN3gX3VHp UPYQ== X-Gm-Message-State: AJIora+fFzehE5j+blyJaXNN43qZ7zqr7qiNFMA9LRF7t6mHPvAqpLC7 z2mIqgwOPIP9c+9noLPwzhyWcnEmP0A= X-Google-Smtp-Source: AGRyM1uxtN4kfUs+KDPhUJOzCINTOwvP2Tf5ZCH5wEjU8SgnIy/HKAxWzaoLeqWCVfnitfkG/N6r2akI3FQ= X-Received: from seanjc.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:3e5]) (user=seanjc job=sendgmr) by 2002:a17:902:f353:b0:167:7bc1:b1b9 with SMTP id q19-20020a170902f35300b001677bc1b1b9mr6211259ple.117.1655243917791; Tue, 14 Jun 2022 14:58:37 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 14 Jun 2022 21:58:28 +0000 In-Reply-To: <20220614215831.3762138-1-seanjc@google.com> Message-Id: <20220614215831.3762138-3-seanjc@google.com> Mime-Version: 1.0 References: <20220614215831.3762138-1-seanjc@google.com> X-Mailer: git-send-email 2.36.1.476.g0c4daa206d-goog Subject: [PATCH 2/5] KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case From: Sean Christopherson To: Paolo Bonzini Cc: Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Lei Wang Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" If a nested run isn't pending, snapshot vmcs01.GUEST_IA32_DEBUGCTL irrespective of whether or not VM_ENTRY_LOAD_DEBUG_CONTROLS is set in vmcs12. When restoring nested state, e.g. after migration, without a nested run pending, prepare_vmcs02() will propagate nested.vmcs01_debugctl to vmcs02, i.e. will load garbage/zeros into vmcs02.GUEST_IA32_DEBUGCTL. If userspace restores nested state before MSRs, then loading garbage is a non-issue as loading DEBUGCTL will also update vmcs02. But if usersepace restores MSRs first, then KVM is responsible for propagating L2's value, which is actually thrown into vmcs01, into vmcs02. Restoring L2 MSRs into vmcs01, i.e. loading all MSRs before nested state is all kinds of bizarre and ideally would not be supported. Sadly, some VMMs do exactly that and rely on KVM to make things work. Note, there's still a lurking SMM bug, as propagating vmcs01's DEBUGCTL to vmcs02 across RSM may corrupt L2's DEBUGCTL. But KVM's entire VMX+SMM emulation is flawed as SMI+RSM should not toouch _any_ VMCS when use the "default treatment of SMIs", i.e. when not using an SMI Transfer Monitor. Link: https://lore.kernel.org/all/Yobt1XwOfb5M6Dfa@google.com Fixes: 8fcc4b5923af ("kvm: nVMX: Introduce KVM_CAP_NESTED_STATE") Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/nested.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 66c25bb56938..4a53e0c73445 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -3379,7 +3379,8 @@ enum nvmx_vmentry_status nested_vmx_enter_non_root_mo= de(struct kvm_vcpu *vcpu, if (likely(!evaluate_pending_interrupts) && kvm_vcpu_apicv_active(vcpu)) evaluate_pending_interrupts |=3D vmx_has_apicv_interrupt(vcpu); =20 - if (!(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_DEBUG_CONTROLS)) + if (!vmx->nested.nested_run_pending || + !(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_DEBUG_CONTROLS)) vmx->nested.vmcs01_debugctl =3D vmcs_read64(GUEST_IA32_DEBUGCTL); if (kvm_mpx_supported() && (!vmx->nested.nested_run_pending || --=20 2.36.1.476.g0c4daa206d-goog From nobody Mon Apr 27 09:14:01 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2FEFFC43334 for ; Tue, 14 Jun 2022 21:59:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1358191AbiFNV7B (ORCPT ); Tue, 14 Jun 2022 17:59:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52928 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1357803AbiFNV6k (ORCPT ); Tue, 14 Jun 2022 17:58:40 -0400 Received: from mail-pj1-x104a.google.com (mail-pj1-x104a.google.com [IPv6:2607:f8b0:4864:20::104a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EB44D1E3DB for ; Tue, 14 Jun 2022 14:58:39 -0700 (PDT) Received: by mail-pj1-x104a.google.com with SMTP id ob5-20020a17090b390500b001e2f03294a7so136848pjb.8 for ; Tue, 14 Jun 2022 14:58:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=reply-to:date:in-reply-to:message-id:mime-version:references :subject:from:to:cc; bh=4cmqk23DQrPKWneD8bfnXS0oC9sry0DDafSS8X/CWrY=; b=l7Hyql+C78Kd52RjmTYdrcgLYsY6UXxV7s65+2yyhvoLQjvsARJmTI0lrfWXIJZGou xooLNsnrvS4ofkFC7QyPahtMB1e0c3DxonlLqJ4xSbrZtgmzqqHvduPqwfoYbIMkdyMW SSIWWqyg16Y7cJPZpK7LGta0EC1Kxhe/6uHv1PKhLVhBdUPcWcsyNWzwHtGxnW/Br3pC vw95EhjCh7ZvWRtnQ+7PIe/cW695vLsl/jP0P2UE1QVcoIuSzJ6bWlCPblWqtGIGF0eC gslGW6JDKfEIN8aGlriT/8pHt+3MDWPq7002wmNeWY6Q/fQY6hc5byK0nTTv3ToXXQbS 61zw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:reply-to:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=4cmqk23DQrPKWneD8bfnXS0oC9sry0DDafSS8X/CWrY=; b=RcEODgwJyZjZIG5NZUUNTBqlGdOk1f167vfJU7ldr4l0NguPbVsh7bq/hXjVZkXd/j e1bugM14uKUMrEI94h1B43C45rrDPOUAu0bAy7MaH399i8btkYr9Ad53ohCqCAFxG2XP K4COUcWNwLAMGG9uIbjfvPmTksxtwMSe2dEYrr84W1DyHSMEnlMDQIFuKaLY/0AoYOgS FhvkSPmtPH4XyP8THg5uBUveG/2qnmyKn7xTWVWhZAawSXZYe0GrwzpGiUxFFHUrbf8p WJ5tGGBNX8bM4dcbJL1LlTRfnzvBF6YqQw3kLqVQwk3U/XNd/CAorXENdi9AdEBZWbl9 psZA== X-Gm-Message-State: AOAM531al0wZvk5xhm2jAdxGjwYV72d3F0ZsmHim5ROo6h0fMdbdas+r /nDfGn8IqULud/p5DwRwY8/NAUy7f/s= X-Google-Smtp-Source: AGRyM1tppxzX8x/S4uyoNAr8Mb9Nltty5GKCKylv/JWEvOgXdviTwh9iRY9BihNAmupoKG78fgFqDFdvczE= X-Received: from seanjc.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:3e5]) (user=seanjc job=sendgmr) by 2002:a05:6a00:1688:b0:517:cf7b:9293 with SMTP id k8-20020a056a00168800b00517cf7b9293mr6709889pfc.7.1655243919477; Tue, 14 Jun 2022 14:58:39 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 14 Jun 2022 21:58:29 +0000 In-Reply-To: <20220614215831.3762138-1-seanjc@google.com> Message-Id: <20220614215831.3762138-4-seanjc@google.com> Mime-Version: 1.0 References: <20220614215831.3762138-1-seanjc@google.com> X-Mailer: git-send-email 2.36.1.476.g0c4daa206d-goog Subject: [PATCH 3/5] KVM: nVMX: Rename nested.vmcs01_* fields to nested.pre_vmenter_* From: Sean Christopherson To: Paolo Bonzini Cc: Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Lei Wang Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Rename the fields in struct nested_vmx used to snapshot pre-VM-Enter values to reflect that they can hold L2's values when restoring nested state, e.g. if userspace restores MSRs before nested state. As crazy as it seems, restoring MSRs before nested state actually works (because KVM goes out if it's way to make it work), even though the initial MSR writes will hit vmcs01 despite holding L2 values. Add a related comment to vmx_enter_smm() to call out that using the common VM-Exit and VM-Enter helpers to emulate SMI and RSM is wrong and broken. The few MSRs that have snapshots _could_ be fixed by taking a snapshot prior to the forced VM-Exit instead of at forced VM-Enter, but that's just the tip of the iceberg as the rather long list of MSRs that aren't snapshotted (hello, VM-Exit MSR load list) can't be handled this way. Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/nested.c | 8 ++++---- arch/x86/kvm/vmx/vmx.c | 7 +++++++ arch/x86/kvm/vmx/vmx.h | 15 ++++++++++++--- 3 files changed, 23 insertions(+), 7 deletions(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 4a53e0c73445..38015f4ecc54 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -2520,11 +2520,11 @@ static int prepare_vmcs02(struct kvm_vcpu *vcpu, st= ruct vmcs12 *vmcs12, vmcs_write64(GUEST_IA32_DEBUGCTL, vmcs12->guest_ia32_debugctl); } else { kvm_set_dr(vcpu, 7, vcpu->arch.dr7); - vmcs_write64(GUEST_IA32_DEBUGCTL, vmx->nested.vmcs01_debugctl); + vmcs_write64(GUEST_IA32_DEBUGCTL, vmx->nested.pre_vmenter_debugctl); } if (kvm_mpx_supported() && (!vmx->nested.nested_run_pending || !(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS))) - vmcs_write64(GUEST_BNDCFGS, vmx->nested.vmcs01_guest_bndcfgs); + vmcs_write64(GUEST_BNDCFGS, vmx->nested.pre_vmenter_bndcfgs); vmx_set_rflags(vcpu, vmcs12->guest_rflags); =20 /* EXCEPTION_BITMAP and CR0_GUEST_HOST_MASK should basically be the @@ -3381,11 +3381,11 @@ enum nvmx_vmentry_status nested_vmx_enter_non_root_= mode(struct kvm_vcpu *vcpu, =20 if (!vmx->nested.nested_run_pending || !(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_DEBUG_CONTROLS)) - vmx->nested.vmcs01_debugctl =3D vmcs_read64(GUEST_IA32_DEBUGCTL); + vmx->nested.pre_vmenter_debugctl =3D vmcs_read64(GUEST_IA32_DEBUGCTL); if (kvm_mpx_supported() && (!vmx->nested.nested_run_pending || !(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS))) - vmx->nested.vmcs01_guest_bndcfgs =3D vmcs_read64(GUEST_BNDCFGS); + vmx->nested.pre_vmenter_bndcfgs =3D vmcs_read64(GUEST_BNDCFGS); =20 /* * Overwrite vmcs01.GUEST_CR3 with L1's CR3 if EPT is disabled *and* diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 5e14e4c40007..b3f9b8bb1fa8 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7843,6 +7843,13 @@ static int vmx_enter_smm(struct kvm_vcpu *vcpu, char= *smstate) { struct vcpu_vmx *vmx =3D to_vmx(vcpu); =20 + /* + * TODO: Implement custom flows for forcing the vCPU out/in of L2 on + * SMI and RSM. Using the common VM-Exit + VM-Enter routines is wrong + * SMI and RSM only modify state that is saved and restored via SMRAM. + * E.g. most MSRs are left untouched, but many are modified by VM-Exit + * and VM-Enter, and thus L2's values may be corrupted on SMI+RSM. + */ vmx->nested.smm.guest_mode =3D is_guest_mode(vcpu); if (vmx->nested.smm.guest_mode) nested_vmx_vmexit(vcpu, -1, 0, 0); diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h index 71bcb486e73f..a84c91ee2a48 100644 --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -219,9 +219,18 @@ struct nested_vmx { bool has_preemption_timer_deadline; bool preemption_timer_expired; =20 - /* to migrate it to L2 if VM_ENTRY_LOAD_DEBUG_CONTROLS is off */ - u64 vmcs01_debugctl; - u64 vmcs01_guest_bndcfgs; + /* + * Used to snapshot MSRs that are conditionally loaded on VM-Enter in + * order to propagate the guest's pre-VM-Enter value into vmcs02. For + * emulation of VMLAUNCH/VMRESUME, the snapshot will be of L1's value. + * For KVM_SET_NESTED_STATE, the snapshot is of L2's value, _if_ + * userspace restores MSRs before nested state. If userspace restores + * MSRs after nested state, the snapshot holds garbage, but KVM can't + * detect that, and the garbage value in vmcs02 will be overwritten by + * MSR restoration in any case. + */ + u64 pre_vmenter_debugctl; + u64 pre_vmenter_bndcfgs; =20 /* to migrate it to L1 if L2 writes to L1's CR8 directly */ int l1_tpr_threshold; --=20 2.36.1.476.g0c4daa206d-goog From nobody Mon Apr 27 09:14:01 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EADEFC43334 for ; Tue, 14 Jun 2022 21:59:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1358438AbiFNV7E (ORCPT ); Tue, 14 Jun 2022 17:59:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52944 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1358019AbiFNV6m (ORCPT ); Tue, 14 Jun 2022 17:58:42 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F234A1D322 for ; Tue, 14 Jun 2022 14:58:41 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id b6-20020a252e46000000b0065d5168f3f0so8597770ybn.21 for ; Tue, 14 Jun 2022 14:58:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=reply-to:date:in-reply-to:message-id:mime-version:references :subject:from:to:cc; bh=hM7xMbhXzzpQsznI3mGO8g+Dd+xj8PMNtipqtZvGG6k=; b=GuwmpLX88ftCnnpvqBc0WWzPL0wSNukaXGYAF8kRU3fV4GL4+B9Elr4s4+wWKQ3/Rz xg+LLlOREPuRcRxHZKOFIBVH6tpVgBcu+qg1SyPbYUuTj2LeHp4CzOFvYXE9NL+dQt1o +Vw0KhKxEtxeoXYu9Sj5Zl0XeKb8VflPBYqi0tGcGGuDmaOIEC/hxaGQZMlFoiLPgt48 m0Gk4uwi/E2c2iCDlKMiCd0GOlJfPgP6eKlWtS1GaMP4EVNyXrivSMOwwTyNIvKB+PBU uf651/XmhZiMVcMv1l9rlJ/4l5c6D+8s/y89roi6/XOnE9ZysvYaodORfCg8EVWtW3J0 zs1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:reply-to:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=hM7xMbhXzzpQsznI3mGO8g+Dd+xj8PMNtipqtZvGG6k=; b=k/0phgAMahsIQWJC/tjdHHu+JsSsxQ0SxvfBUemORZnTLyxcjKpQtU1WV+QuojzboU okx+93OYPwkOpWPknU8QP7NAhg2yRVZhzP1rejxwhxjZz8kH3Ac4hxyi+Ur0fVR4AaGB CA24ND8w48fTFEY6f1zMW1a907AfVXAZPWyX3CbNAoSHPhKtlk9auPgTZyllRCZ9l06n iWW0lk528vgRhBydH0hoaLLpeHTQZayltBkq+/4YwEEmZYc38fLroTmHT1J1PQ1XAJVS tMskrA/Gat1iyaUg8JPQTMcglkngNacQbtj7znPS0wGDoMTznppK6TPdE0CN0Xkwy30U iNUQ== X-Gm-Message-State: AJIora86JFEPfPYJTd0jPdg+h7oZuguH7AcTfkXjRACLw6Xaf5OADS9L r1601RPPwh3P9tsiTN37qsktHgnkkZ8= X-Google-Smtp-Source: AGRyM1tLv+/JKHGTDIKQSxOo/noztvW59rm5koNkZaEIoKlUtzDtwmNubj8LmcaWwHqarnkYTx9vUqSqWNs= X-Received: from seanjc.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:3e5]) (user=seanjc job=sendgmr) by 2002:a25:c544:0:b0:663:896f:2236 with SMTP id v65-20020a25c544000000b00663896f2236mr6636975ybe.234.1655243921135; Tue, 14 Jun 2022 14:58:41 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 14 Jun 2022 21:58:30 +0000 In-Reply-To: <20220614215831.3762138-1-seanjc@google.com> Message-Id: <20220614215831.3762138-5-seanjc@google.com> Mime-Version: 1.0 References: <20220614215831.3762138-1-seanjc@google.com> X-Mailer: git-send-email 2.36.1.476.g0c4daa206d-goog Subject: [PATCH 4/5] KVM: nVMX: Save BNDCFGS to vmcs12 iff relevant controls are exposed to L1 From: Sean Christopherson To: Paolo Bonzini Cc: Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Lei Wang Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Save BNDCFGS to vmcs12 (from vmcs02) if and only if at least of one of the load-on-entry or clear-on-exit fields for BNDCFGS is enumerated as an allowed-1 bit in vmcs12. Skipping the field avoids an unnecessary VMREAD when MPX is supported but not exposed to L1. Per Intel's SDM: If the processor supports either the 1-setting of the "load IA32_BNDCFGS" VM-entry control or that of the "clear IA32_BNDCFGS" VM-exit control, the contents of the IA32_BNDCFGS MSR are saved into the corresponding field. Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/nested.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 38015f4ecc54..496981b86f94 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -4104,7 +4104,8 @@ static void sync_vmcs02_to_vmcs12_rare(struct kvm_vcp= u *vcpu, vmcs12->guest_idtr_base =3D vmcs_readl(GUEST_IDTR_BASE); vmcs12->guest_pending_dbg_exceptions =3D vmcs_readl(GUEST_PENDING_DBG_EXCEPTIONS); - if (kvm_mpx_supported()) + if ((vmx->nested.msrs.entry_ctls_high & VM_ENTRY_LOAD_BNDCFGS) || + (vmx->nested.msrs.exit_ctls_high & VM_EXIT_CLEAR_BNDCFGS)) vmcs12->guest_bndcfgs =3D vmcs_read64(GUEST_BNDCFGS); =20 vmx->nested.need_sync_vmcs02_to_vmcs12_rare =3D false; --=20 2.36.1.476.g0c4daa206d-goog From nobody Mon Apr 27 09:14:01 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 56773C433EF for ; Tue, 14 Jun 2022 21:59:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1357076AbiFNV7K (ORCPT ); Tue, 14 Jun 2022 17:59:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52964 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1358384AbiFNV6o (ORCPT ); Tue, 14 Jun 2022 17:58:44 -0400 Received: from mail-pf1-x44a.google.com (mail-pf1-x44a.google.com [IPv6:2607:f8b0:4864:20::44a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7772A2182C for ; Tue, 14 Jun 2022 14:58:43 -0700 (PDT) Received: by mail-pf1-x44a.google.com with SMTP id cd16-20020a056a00421000b00520785db095so4273578pfb.15 for ; Tue, 14 Jun 2022 14:58:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=reply-to:date:in-reply-to:message-id:mime-version:references :subject:from:to:cc; bh=VkciRITE8MX2e/fBaXePCOT9PxykPyFPZjCAcpl0DRs=; b=Dgvl2DqkyuRiJ9H+pEZA8XMbJtPmxfmzXbRsqrSCNYHx54Pm7s/Vq1hUlhJqqu/dcM jim3cYglLC/fKlXqtfKtBBjDCxl+VBMJP4q3HqNDGwfrRigBv7wpt0/9KYBxICR36Ms3 i82ojnxgaG8DCPcNyQTURnzVOuGWARafqEVFK621s05dCBUzjTZIUt8CoALAe3jxmrGX iSf0FzP07cg60UHhsMfQqDtJG8vVzsnLlBKWaweawjeNybcoeoaRkC5QdXeKrkhBjtCE Vo/P1veqNhnomHe55Dx+/cc+kvoJ3N1/frBOaNedTGyFguaxFoi+Yo6FCqUU2bXcb06h 0ddQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:reply-to:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=VkciRITE8MX2e/fBaXePCOT9PxykPyFPZjCAcpl0DRs=; b=47i4eEctODx8MdhBo6Qx557uVe0Czrku2NmOD64aoGSAs2WO0MScVC5WH2lSNcoqUo N8Z7yFuwcT4M94hPoP+PFpUwE6GL5MCrdxn0YWUhokBN5/Ka3KVpnONGfoRiEuujd2kN ++v3F1I83bhQ4Fh8J3frWrSjS5VqUOEjd4kvVJfxGWE7uwXz9y9pHcfHQPcR577aEWtR oBvvRGPfL7vZ1iZVG38DUBv0gr3H5lVddbkR7o/SMWpVtQW+WJwwuVxbFZdd+cLBNUUf 5EhYwnz2GdDMEStVguFQkphtPcYTDLLeSQlivoBN1KCIWP91OS0eyaPB3DDkg865MIdX PjAQ== X-Gm-Message-State: AOAM533ZcBaX6XSbX1FfKXbN4xtTAEEvNrraXy5IXHUpvEN5P+4sBPls TY90S0zniDLNTUy8z5sliRV2qVFax7E= X-Google-Smtp-Source: ABdhPJwtYfSgBHJzdAZ9JEnVys0qD/gftvIVUq7SlQzKbZlVNnru294GpsA3hurbIhuRRDdC2aCPnYUMcTU= X-Received: from seanjc.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:3e5]) (user=seanjc job=sendgmr) by 2002:a05:6a00:a03:b0:522:990c:c795 with SMTP id p3-20020a056a000a0300b00522990cc795mr6481704pfh.15.1655243922923; Tue, 14 Jun 2022 14:58:42 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 14 Jun 2022 21:58:31 +0000 In-Reply-To: <20220614215831.3762138-1-seanjc@google.com> Message-Id: <20220614215831.3762138-6-seanjc@google.com> Mime-Version: 1.0 References: <20220614215831.3762138-1-seanjc@google.com> X-Mailer: git-send-email 2.36.1.476.g0c4daa206d-goog Subject: [PATCH 5/5] KVM: nVMX: Update vmcs12 on BNDCFGS write, not at vmcs02=>vmcs12 sync From: Sean Christopherson To: Paolo Bonzini Cc: Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Lei Wang Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Update vmcs12->guest_bndcfgs on intercepted writes to BNDCFGS from L2 instead of waiting until vmcs02 is synchronized to vmcs12. KVM always intercepts BNDCFGS accesses, so the only way the value in vmcs02 can change is via KVM's explicit VMWRITE during emulation. Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/nested.c | 3 --- arch/x86/kvm/vmx/vmx.c | 6 ++++++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 496981b86f94..aad938e1e51d 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -4104,9 +4104,6 @@ static void sync_vmcs02_to_vmcs12_rare(struct kvm_vcp= u *vcpu, vmcs12->guest_idtr_base =3D vmcs_readl(GUEST_IDTR_BASE); vmcs12->guest_pending_dbg_exceptions =3D vmcs_readl(GUEST_PENDING_DBG_EXCEPTIONS); - if ((vmx->nested.msrs.entry_ctls_high & VM_ENTRY_LOAD_BNDCFGS) || - (vmx->nested.msrs.exit_ctls_high & VM_EXIT_CLEAR_BNDCFGS)) - vmcs12->guest_bndcfgs =3D vmcs_read64(GUEST_BNDCFGS); =20 vmx->nested.need_sync_vmcs02_to_vmcs12_rare =3D false; } diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index b3f9b8bb1fa8..1463669f7a99 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -2044,6 +2044,12 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct= msr_data *msr_info) if (is_noncanonical_address(data & PAGE_MASK, vcpu) || (data & MSR_IA32_BNDCFGS_RSVD)) return 1; + + if (is_guest_mode(vcpu) && + ((vmx->nested.msrs.entry_ctls_high & VM_ENTRY_LOAD_BNDCFGS) || + (vmx->nested.msrs.exit_ctls_high & VM_EXIT_CLEAR_BNDCFGS))) + get_vmcs12(vcpu)->guest_bndcfgs =3D data; + vmcs_write64(GUEST_BNDCFGS, data); break; case MSR_IA32_UMWAIT_CONTROL: --=20 2.36.1.476.g0c4daa206d-goog