From nobody Tue Apr 7 06:55:05 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8B825ECAAD5 for ; Tue, 30 Aug 2022 23:17:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229560AbiH3XRU (ORCPT ); Tue, 30 Aug 2022 19:17:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37796 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231342AbiH3XQq (ORCPT ); Tue, 30 Aug 2022 19:16:46 -0400 Received: from mail-pj1-x104a.google.com (mail-pj1-x104a.google.com [IPv6:2607:f8b0:4864:20::104a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9B65D6A4A6 for ; Tue, 30 Aug 2022 16:16:19 -0700 (PDT) Received: by mail-pj1-x104a.google.com with SMTP id ng1-20020a17090b1a8100b001f4f9f69d48so11872892pjb.4 for ; Tue, 30 Aug 2022 16:16:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc; bh=ZlynD2151oAwoVetBZOi7ygkuiFbrmF9qnEbeilSaHk=; b=sW9B9SLCPv5zTB8B7Fiify7VlWOcvvPppU5ir+i6uzPnaTl8E2HyJpqa2R/2WmMSwY ecEecOG1/Xu+vJomiRWhB7S3JLY+HnlJcWomwIJjekLwfUyJtSYi3jsLlijpBPASrdUp hRD9p5uufXXSE7j5YmZCtxVZ7eBdyJ+qps1Wn1CKOqyvYS2nyV6K9W4wdEBGRb6syGJr NDxLQYZ1oR2w95a2Z+X9McwPsoKnW1DoA2ekhRX1wPMieLhP1BRLIxS4VjYlrMqCVv6h 6rEV77Pn8/8xy4flunM19T1whsgGBnUQFe2CHqSoSllmL7OsHvQpZMd0iSWJ3lfLq3kq G8JQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc; bh=ZlynD2151oAwoVetBZOi7ygkuiFbrmF9qnEbeilSaHk=; b=ClPFExYPHuVsIZC6QKjkPEBKAUL60srNM7oRCG/3+UjYDohc+CsB6mGhYGY0adPay1 1T4b7YTNuShLrSfxz4aexmrzdWmdrue3gGqYUFKdI7W1znuFnONDcWhrjvVHTXNwUHqL HFKPD/ILdu7ksvn+oF9ZWhgu5gXv0zoGSWmPgIoIEUN8zsP2bR8uEtbiuuloaU+BexL9 9nlNCGAMYaOkHGN+GVblKdoW7aY+NZU8zP6/yUJjt0PEE9z4Vd3h1Q1MSFyKTsffcNkh oejmvOAs7Z3ALyriZcLVVF5HRoLDSbX4Wl9uNQ72Q0Q1SyeF/M7EoHf2r5/DWeQlNbOh iLQw== X-Gm-Message-State: ACgBeo1FJrJ1xgJnx1o449jh18OofvjrfMXfd+15IqUmeli0kLJ/vCRx 1XUD4K70NZItikMTH8dPEuYinJL/sGc= X-Google-Smtp-Source: AA6agR5ardEOM1vUttPFlIZwPDoClV3JBCEUdeIemWGtCUXWy+yd11oFjAIkUOIh++12NAYBBHHZQ53S4dQ= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:6a00:1496:b0:52f:734f:9122 with SMTP id v22-20020a056a00149600b0052f734f9122mr23792706pfu.85.1661901378626; Tue, 30 Aug 2022 16:16:18 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 30 Aug 2022 23:15:48 +0000 In-Reply-To: <20220830231614.3580124-1-seanjc@google.com> Mime-Version: 1.0 References: <20220830231614.3580124-1-seanjc@google.com> X-Mailer: git-send-email 2.37.2.672.g94769d06f0-goog Message-ID: <20220830231614.3580124-2-seanjc@google.com> Subject: [PATCH v5 01/27] KVM: nVMX: Unconditionally purge queued/injected events on nested "exit" From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Jim Mattson , Maxim Levitsky , Oliver Upton , Peter Shier Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Drop pending exceptions and events queued for re-injection when leaving nested guest mode, even if the "exit" is due to VM-Fail, SMI, or forced by host userspace. Failure to purge events could result in an event belonging to L2 being injected into L1. This _should_ never happen for VM-Fail as all events should be blocked by nested_run_pending, but it's possible if KVM, not the L1 hypervisor, is the source of VM-Fail when running vmcs02. SMI is a nop (barring unknown bugs) as recognition of SMI and thus entry to SMM is blocked by pending exceptions and re-injected events. Forced exit is definitely buggy, but has likely gone unnoticed because userspace probably follows the forced exit with KVM_SET_VCPU_EVENTS (or some other ioctl() that purges the queue). Fixes: 4f350c6dbcb9 ("kvm: nVMX: Handle deferred early VMLAUNCH/VMRESUME fa= ilure properly") Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson Reviewed-by: Jim Mattson Reviewed-by: Maxim Levitsky --- arch/x86/kvm/vmx/nested.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index ddd4367d4826..ca07d4ce4383 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -4255,14 +4255,6 @@ static void prepare_vmcs12(struct kvm_vcpu *vcpu, st= ruct vmcs12 *vmcs12, nested_vmx_abort(vcpu, VMX_ABORT_SAVE_GUEST_MSR_FAIL); } - - /* - * Drop what we picked up for L2 via vmx_complete_interrupts. It is - * preserved above and would only end up incorrectly in L1. - */ - vcpu->arch.nmi_injected =3D false; - kvm_clear_exception_queue(vcpu); - kvm_clear_interrupt_queue(vcpu); } =20 /* @@ -4602,6 +4594,17 @@ void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 vm= _exit_reason, WARN_ON_ONCE(nested_early_check); } =20 + /* + * Drop events/exceptions that were queued for re-injection to L2 + * (picked up via vmx_complete_interrupts()), as well as exceptions + * that were pending for L2. Note, this must NOT be hoisted above + * prepare_vmcs12(), events/exceptions queued for re-injection need to + * be captured in vmcs12 (see vmcs12_save_pending_event()). + */ + vcpu->arch.nmi_injected =3D false; + kvm_clear_exception_queue(vcpu); + kvm_clear_interrupt_queue(vcpu); + vmx_switch_vmcs(vcpu, &vmx->vmcs01); =20 /* Update any VMCS fields that might have changed while L2 ran */ --=20 2.37.2.672.g94769d06f0-goog