From nobody Fri Dec 19 00:05:12 2025 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D3C5E27CCEB for ; Thu, 5 Jun 2025 19:50:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749153027; cv=none; b=TmLcTELmUqBGYxoFmoihzKQK8m67QN5/HnIfH12+AgamnpE+CqzM2jO3GpPYTKPY01lW2TAR1bw+VYQLWtPxKb8/xPQ44fjwsU3XCTA5inj6fbl9MG5+VoO2i3t+c1Gafl/e/ALFUW4OO8b5z6BVUyErCT7vq950+HqwrbArADY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749153027; c=relaxed/simple; bh=aZ890D4c2otV8dXfljJVZ3yZSCyWORqFvzJMd1T5OEQ=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=X6wmCsdqODvnlplPuUf2FVf2zGqoxOnWX0kJ/MrpAXVYpWqegEqmF7OzLfvlhmKZOKuweX/9riRG1UOu0Cg5FL2ABxfCSzy/ddSvtYtYdP5K0LxuJo8TPXRZ8qB5eYf84QDgjdWY9niJi/aIbORyE5pSdXSMZUYr9KRIlamGsDc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=j9BiLlqV; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="j9BiLlqV" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-2358430be61so11561685ad.2 for ; Thu, 05 Jun 2025 12:50:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1749153025; x=1749757825; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=Yh85KLZs5g2N1g/C3H1XUc3OdMT8vH9q0BF8iu8KMD8=; b=j9BiLlqVEkFfkPh0FCqJ7CkSbad+cJQOAl+kDwK5rjK/9T/gyYhHMSgcFwDshDbjAi dKZXyXX62R00y8VF3mO7vP0xAVFFrBxZvutE4MJy8ZD1M0VB1TDSJAShpYgQgb33XPJi cn+MWOyr+MOQWFL9OXrjt3mN9IsgKvI4Oau+9/txpvTyJ9C/MA+KCkxn4QxNchiaZxS/ 7axFobfU64Mi6roy+1vmmgQwgfiSYNqpN+YxIQ91B3CMx+JCHRW93iJTzMDQ+uyJtK3J sQXGRjj2wABwlKFd16lrJ3kF0TJHMrQ75XgMVLp05k5l9xmTEXrxyqpXHlykOG2IAN0g DXaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749153025; x=1749757825; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Yh85KLZs5g2N1g/C3H1XUc3OdMT8vH9q0BF8iu8KMD8=; b=HyCfFvape5AOpu+U3P5AWm8i4RKnbA0n0R4b8Uv83th8QsAvLtUIvztT/sxsoAJmbe 4zLILCgO6z9xcQtduChXDQnnMtpJMNEuHKxi5aPjEIfs2XZuxv/MWYY8diGTy9AHAnRE s8/M5ES+hqSVTiK4d4e48qNv9Rp+DlaHyaDUu3ATtEtFJ5ulcPandcioIITbuIxFV/zy q2ylM79YfERoRm1boeBIHM6w6gdAASVDClzfeagHNQZiJyE31C5zQovrNVAsDEtsM59t XQWbTh0SdvAmj3Uut7hpZ9OHxy2SgUA9jkr3324/6LJ7vbtGPPdCQD8MwuN3KhGPj57/ /OcA== X-Forwarded-Encrypted: i=1; AJvYcCVCBajiGpJykjacsjdrpbnibM3gEL4vxL5pnF4iCKzCCUpa2BM8sG1SvM/n/uU/esmCp39+raDNftbXFjw=@vger.kernel.org X-Gm-Message-State: AOJu0YyD4L0VjeOniptDcyMAQTO0TPxD5lATI4iv4g280ZkVst7rIqYc FgDEFylqGgCrd8V4+p8hC6M9ktXmX2dAxX4Yju+1mo33uewmx2iGHZG8smgt7xZZfu+fcDErzbk 5dqnawA== X-Google-Smtp-Source: AGHT+IHzvxbdDdfnfWZ9af+RjkmA2KEI4LuJiSUG1HjoMKppEofk4kNWIkNWtL/EBOlyMdx1LTeQgUXXx/M= X-Received: from pjblr6.prod.google.com ([2002:a17:90b:4b86:b0:313:2412:ced6]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:903:2390:b0:235:7c6:eba2 with SMTP id d9443c01a7336-23601dc42d7mr9522965ad.37.1749153025099; Thu, 05 Jun 2025 12:50:25 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 5 Jun 2025 12:50:15 -0700 In-Reply-To: <20250605195018.539901-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250605195018.539901-1-seanjc@google.com> X-Mailer: git-send-email 2.50.0.rc0.604.gd4ff7b7c86-goog Message-ID: <20250605195018.539901-2-seanjc@google.com> Subject: [PATCH 1/4] KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting MP_STATE From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, syzbot+c1cbaedc2613058d5194@syzkaller.appspotmail.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Allow userspace to set a vCPU's mp_state to INIT_RECEIVED in conjunction with a pending SMI, as rejecting that combination could result in KVM disallowing reflecting the output from KVM_GET_VCPU_EVENTS back into KVM via KVM_SET_VCPU_EVENTS. At the time the check was added, smi_pending could only be set in the context of KVM_RUN, with the vCPU in the RUNNABLE state. I.e. it was impossible for KVM to save vCPU state such that userspace could see a pending SMI for a vCPU in WFS. That no longer holds true now that KVM processes requested SMIs during KVM_GET_VCPU_EVENTS, e.g. if a vCPU receives an SMI while in WFS, and then userspace saves vCPU state. Note, this may partially re-open the user-triggerable WARN that was mostly closed by commit 28bf28887976 ("KVM: x86: fix user triggerable warning in kvm_apic_accept_events()"), but that WARN can already be triggered in several other ways, e.g. if userspace stuffs VMXON=3D1 after putting the vCPU into WFS. That issue will be addressed in an upcoming commit, in a more robust fashion (hopefully). Fixes: 1f7becf1b7e2 ("KVM: x86: get smi pending status correctly") Signed-off-by: Sean Christopherson --- arch/x86/kvm/x86.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index dd34a2ec854c..7e3ab297a1bf 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -11895,10 +11895,9 @@ int kvm_arch_vcpu_ioctl_set_mpstate(struct kvm_vcp= u *vcpu, /* * Pending INITs are reported using KVM_SET_VCPU_EVENTS, disallow * forcing the guest into INIT/SIPI if those events are supposed to be - * blocked. KVM prioritizes SMI over INIT, so reject INIT/SIPI state - * if an SMI is pending as well. + * blocked. */ - if ((!kvm_apic_init_sipi_allowed(vcpu) || vcpu->arch.smi_pending) && + if (!kvm_apic_init_sipi_allowed(vcpu) && (mp_state->mp_state =3D=3D KVM_MP_STATE_SIPI_RECEIVED || mp_state->mp_state =3D=3D KVM_MP_STATE_INIT_RECEIVED)) goto out; --=20 2.50.0.rc0.604.gd4ff7b7c86-goog From nobody Fri Dec 19 00:05:12 2025 Received: from mail-pg1-f201.google.com (mail-pg1-f201.google.com [209.85.215.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 33FEF27BF99 for ; Thu, 5 Jun 2025 19:50:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749153028; cv=none; b=ULdPeJtZDTesOH6KWg1nBJVpHrjZqiERCh3RGQKD1u+UVaPkLtR5v4wTkWBY4XNOEMQ5YPZ/TsLsUwhJpYc/X3YYbo/s5lECK1Rnpiey0nMepTGuAQnF3VPkXTBtpqmIwIS/7Ge4lsadIPKaaK/fq6UILv1rsawJcagCdyAFfdU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749153028; c=relaxed/simple; bh=tl81ljfB6m8YEQiW9w1zLjezK6LB1wYGmVO0WO5cqpw=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=l8Tq6X9tO3SZutoEiUyulMsRcVyfnMZN75uz8YSBK5nT8hKzbzQR7Vovt1gg0P9ljyYgGBNzCxg8sV39dqmmpfNZiSvE3YYffe4IQm63uLSw8jkMDr4RobTqrkFQ+Zb4F/pbi7wKeTnMi1Qp94HZiSIGhysT/TTalIGDNOKof0Q= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=WhqAjHeJ; arc=none smtp.client-ip=209.85.215.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="WhqAjHeJ" Received: by mail-pg1-f201.google.com with SMTP id 41be03b00d2f7-6c8f99fef10so1410420a12.3 for ; Thu, 05 Jun 2025 12:50:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1749153026; x=1749757826; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=cgrnOpyorI2GhVZsMGYu/YaMrQ323arhHY5WTGYiVCI=; b=WhqAjHeJZ60174zfRoBfnp6771s/VNB5m6Xx78FcSptRm4YOP2wjp0tOeC3NwkUEMN TCPgK1qHNX7D82uG0zo/PbGXEhhnEuiuUf9J5gDZmU4rgs81CZCLcLM+JQTWjJ52GHIs CZ1BNIPvvdPn4mVFjxXrLNR+CSANedzC+osCsKJaGhQfmYlTJjkksS1LDwdp1EU3RNAv HLsKzmR+hMnHEeBLrH6OgMpIqDNsaJl1o0maGa83ELZMCkZGSigq9y6DrTkHbzWqToJF mIPOnp1YIEaUrNtTOk3Ao3vey+HTNMJRS9DAUZYMngsEjCmgm8j7Fwf8aqZQsSUIU+8K P+Sg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749153026; x=1749757826; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=cgrnOpyorI2GhVZsMGYu/YaMrQ323arhHY5WTGYiVCI=; b=bMJjcpINUR0VIpWbt6INqSMx6yeiLJNEVRgdVAa6SC6iKORwn2Cur1d1ibfB33pbYV 7+S9V26pR6vsA5nJVCeokM7OTbXNhGr0P68FJxX1ZwKwh7NIaKLvH1kqx5Gg+02BDcyS WAarjpZYV8s9lSgmbvGTn77pcDQEc1n2c/+SvuNEmpxnsgc1py6o7PKanfjU2haBkK69 ycPvPp1dV/k5cVEpPCdfzubs3u3bL/x7qa5DKjLIr+OuzLWz56jWmZmDZdE/RbWZj99d Ysw5t0q5m16189C+uQDeC6KtnBBsnx1AxHw1dUIL5cCvhVu61K70RznsMNsv1GlIkxE2 R/iw== X-Forwarded-Encrypted: i=1; AJvYcCW1JGuLk+kEHLtEBOrW5PoutTdYPQuO41imY1Tayx0MG07XlqHGxuVRFEahTR43wMJXBvylXSqwceCIpJk=@vger.kernel.org X-Gm-Message-State: AOJu0YxKa2kCDBW/K1P4pr+4NcLdkiQuau4Wvu/QKFN0d1uKhSofVJO8 Wjmr7FFxa+5p6fo3w21XZAjeSSExHmIpExPoZ4JiIJMMyV4MbKujjpiPLrpsf5nxYoLwAibPUu6 dnz+Kzg== X-Google-Smtp-Source: AGHT+IEZob+J3u5Z2wcBpwf1N4gsPZ0uQKkkjBrhxp9Yl3Dih0oUARprTHpqEFsp7BJJHZ5reANLHpSk/Q0= X-Received: from pjg16.prod.google.com ([2002:a17:90b:3f50:b0:30e:5bd5:880d]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:3fcb:b0:313:2b30:e7bb with SMTP id 98e67ed59e1d1-31347308dfamr1432898a91.15.1749153026536; Thu, 05 Jun 2025 12:50:26 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 5 Jun 2025 12:50:16 -0700 In-Reply-To: <20250605195018.539901-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250605195018.539901-1-seanjc@google.com> X-Mailer: git-send-email 2.50.0.rc0.604.gd4ff7b7c86-goog Message-ID: <20250605195018.539901-3-seanjc@google.com> Subject: [PATCH 2/4] KVM: x86: WARN and reject KVM_RUN if vCPU's MP_STATE is SIPI_RECEIVED From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, syzbot+c1cbaedc2613058d5194@syzkaller.appspotmail.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" WARN if KVM_RUN is reached with a vCPU's mp_state set to SIPI_RECEIVED, as KVM no longer uses SIPI_RECEIVED internally, and should morph SIPI_RECEIVED into INIT_RECEIVED with a pending SIPI if userspace forces SIPI_RECEIVED. See commit 66450a21f996 ("KVM: x86: Rework INIT and SIPI handling") for more history and details. Signed-off-by: Sean Christopherson --- arch/x86/kvm/x86.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 7e3ab297a1bf..c3cbcd9e39f6 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -11547,6 +11547,20 @@ static void kvm_put_guest_fpu(struct kvm_vcpu *vcp= u) trace_kvm_fpu(0); } =20 +static int kvm_x86_vcpu_pre_run(struct kvm_vcpu *vcpu) +{ + /* + * SIPI_RECEIVED is obsolete; KVM leaves the vCPU in Wait-For-SIPI and + * tracks the pending SIPI separately. SIPI_RECEIVED is still accepted + * by KVM_SET_VCPU_EVENTS for backwards compatibility, but should be + * converted to INIT_RECEIVED. + */ + if (WARN_ON_ONCE(vcpu->arch.mp_state =3D=3D KVM_MP_STATE_SIPI_RECEIVED)) + return -EINVAL; + + return kvm_x86_call(vcpu_pre_run)(vcpu); +} + int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu) { struct kvm_queued_exception *ex =3D &vcpu->arch.exception; @@ -11649,7 +11663,7 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu) goto out; } =20 - r =3D kvm_x86_call(vcpu_pre_run)(vcpu); + r =3D kvm_x86_vcpu_pre_run(vcpu); if (r <=3D 0) goto out; =20 --=20 2.50.0.rc0.604.gd4ff7b7c86-goog From nobody Fri Dec 19 00:05:12 2025 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1020127F18B for ; Thu, 5 Jun 2025 19:50:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749153030; cv=none; b=KXpD4rNev6qCXdrr+ay7Tm13cUOYLqYX05+1Hh8s8YSpFd+CMRLg60phs6KYYToaMnwJ2a0dtQyH9FDqBnOGeVJPJ13Fr+xzLa8NzMtaSKgiURNoJWwn2Y9+/FWFL5xlUs+9I8F7GqeyhC9EPO2QfS5IhB0poBR4nsq81SfLmnw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749153030; c=relaxed/simple; bh=dMMmeVqG6y64MjPQv22VwPgGnCrbMuVJu5GSj+ydhl0=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=ZNfNLLIiKjTeD0rpLk28JevDiKPlPv/casKbbp/mSysbriD/JXEv7r12kmMHSQ5OkgRPH22ldhcxI9nJb2RfLqickHxO3LWeDbmPwk+9rD/aE96c40iWXx64fKeUIOZF6U49H1axjMun5G3bfYki41ngfk2kkn46H8PTc+m8TQw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Z0vCB+pS; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Z0vCB+pS" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-312df02acf5so1964377a91.1 for ; Thu, 05 Jun 2025 12:50:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1749153028; x=1749757828; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=e5/ya4b8F4i6OaZk//U+SRw0E/FULSSadOHslX+QOmc=; b=Z0vCB+pSagNZB5OyKJKNZov6STd8iuhhlIpFDoZMVkB55vprgsNTFwp1j53o762uX1 775gVQLvRnre/iTV6WR0IsW8UBsslakXcc9mrZd01B9TC9aRYMu770eeaapInwnAm29V OyswQXrYmum2ILnKJOtoVhAhhOpghrF4kywmxEby0iLNiJGTUJA7mUsjUGxabKl6Gzup JOHx1q4xaaC/n6pidysWmfBXQeT1fTcmh3KUoZ7hp6yiexKg1Esap3ASy8CjIYSRqIjP sHn3wmk91neq6Z4wpMYk4Jzx9ocoUe0TvpkJntxBTl5KRKOa0ym+XHgwydovLHb6mre6 c7gA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749153028; x=1749757828; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=e5/ya4b8F4i6OaZk//U+SRw0E/FULSSadOHslX+QOmc=; b=lDg+HMjMzSf9pT2x+EWM5CX2ci3NHijxzx/0+60DdLfLh+H92IuGFzYW7n/XWuqSIb ijJEAQkrf45G45shjnaJpJsTf3jVKLmflunUelfLffD1K0NetxwZq63xVgJyib9U2wnT HV+YtwYNevaHeHqT4295SVeEnojaAd7RNqFpekdvN/shMoPA8IE49+Ts+rrWvZ0ro/1A potg09+alRpZ9VejdqDBwAWc65YA6toZqTPJYc/6BJiXaMsQo8MEBe9nKzBYGkxKy3rE JYrQHr1gfOrYdkO6hyqairJ2kMKcFQ80QkMMa3fqARStw+Sg10niWY40dpV5cYWEUt7q Tnlg== X-Forwarded-Encrypted: i=1; AJvYcCWxhNUErVlIUxEdp3uqRDOemEKG6/Xt+08xGG8tENLPPGpYSxd8ThFWiX1AWnPPJQQVUGzTR9tVNL/8mPg=@vger.kernel.org X-Gm-Message-State: AOJu0Yyh3jdaAuovD2fEzSb6XY6jtEl23tAISnqldQLjUrpRQ+emluKC GCRz0b8is3l+3oVw6KbES1kgZvX34lAZKUntwS8x1463R8twhqNxX72H3HnG63kWamLO+6S/ymE WL2fONQ== X-Google-Smtp-Source: AGHT+IES7OKRIKK/BU05Qe7TJH5y0xsr3cOFiTR2JP9IX0NjNsoT6bbpcvX5TnLErMO9fBPCLPkFIeaGAT4= X-Received: from pjbeu15.prod.google.com ([2002:a17:90a:f94f:b0:311:6040:2c7a]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:5866:b0:311:be43:f09a with SMTP id 98e67ed59e1d1-31349f53ea6mr632451a91.9.1749153028181; Thu, 05 Jun 2025 12:50:28 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 5 Jun 2025 12:50:17 -0700 In-Reply-To: <20250605195018.539901-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250605195018.539901-1-seanjc@google.com> X-Mailer: git-send-email 2.50.0.rc0.604.gd4ff7b7c86-goog Message-ID: <20250605195018.539901-4-seanjc@google.com> Subject: [PATCH 3/4] KVM: x86: Move INIT_RECEIVED vs. INIT/SIPI blocked check to KVM_RUN From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, syzbot+c1cbaedc2613058d5194@syzkaller.appspotmail.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Check for the should-be-impossible scenario of a vCPU being in Wait-For-SIPI with INIT/SIPI blocked during KVM_RUN instead of trying to detect and prevent illegal combinations in every ioctl that sets relevant state. Attempting to handle every possible "set" path is a losing game of whack-a-mole, and risks breaking userspace. E.g. INIT/SIPI are blocked on Intel if the vCPU is in VMX Root mode (post-VMXON), and on AMD if GIF=3D0. Handling those scenarios would require potentially breaking changes to {vmx,svm}_set_nested_state(). Moving the check to KVM_RUN fixes a syzkaller-induced splat due to the aforementioned VMXON case, and in theory should close the hole once and for all. Note, kvm_x86_vcpu_pre_run() already handles SIPI_RECEIVED, only the WFS case needs additional attention. Reported-by: syzbot+c1cbaedc2613058d5194@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?id=3D490ae63d8d89cb82c5d462d16962= cf371df0e476 Signed-off-by: Sean Christopherson --- arch/x86/kvm/x86.c | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index c3cbcd9e39f6..9935307ad41f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -5487,12 +5487,6 @@ static int kvm_vcpu_ioctl_x86_set_vcpu_events(struct= kvm_vcpu *vcpu, (events->exception.nr > 31 || events->exception.nr =3D=3D NMI_VECTOR)) return -EINVAL; =20 - /* INITs are latched while in SMM */ - if (events->flags & KVM_VCPUEVENT_VALID_SMM && - (events->smi.smm || events->smi.pending) && - vcpu->arch.mp_state =3D=3D KVM_MP_STATE_INIT_RECEIVED) - return -EINVAL; - process_nmi(vcpu); =20 /* @@ -11558,6 +11552,14 @@ static int kvm_x86_vcpu_pre_run(struct kvm_vcpu *v= cpu) if (WARN_ON_ONCE(vcpu->arch.mp_state =3D=3D KVM_MP_STATE_SIPI_RECEIVED)) return -EINVAL; =20 + /* + * Disallow running the vCPU if userspace forced it into an impossible + * MP_STATE, e.g. if the vCPU is in WFS but SIPI is blocked. + */ + if (vcpu->arch.mp_state =3D=3D KVM_MP_STATE_INIT_RECEIVED && + !kvm_apic_init_sipi_allowed(vcpu)) + return -EINVAL; + return kvm_x86_call(vcpu_pre_run)(vcpu); } =20 @@ -11906,16 +11908,6 @@ int kvm_arch_vcpu_ioctl_set_mpstate(struct kvm_vcp= u *vcpu, goto out; } =20 - /* - * Pending INITs are reported using KVM_SET_VCPU_EVENTS, disallow - * forcing the guest into INIT/SIPI if those events are supposed to be - * blocked. - */ - if (!kvm_apic_init_sipi_allowed(vcpu) && - (mp_state->mp_state =3D=3D KVM_MP_STATE_SIPI_RECEIVED || - mp_state->mp_state =3D=3D KVM_MP_STATE_INIT_RECEIVED)) - goto out; - if (mp_state->mp_state =3D=3D KVM_MP_STATE_SIPI_RECEIVED) { kvm_set_mp_state(vcpu, KVM_MP_STATE_INIT_RECEIVED); set_bit(KVM_APIC_SIPI, &vcpu->arch.apic->pending_events); --=20 2.50.0.rc0.604.gd4ff7b7c86-goog From nobody Fri Dec 19 00:05:12 2025 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A7DF027FB06 for ; Thu, 5 Jun 2025 19:50:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749153032; cv=none; b=MtA4b8La6khll/OFTtEyyHkDtbMPUfmTOymmnbdleYSlBOzA/p6BvqX39gSANwethX/KrPPsFAwGOj31QFrIjVVt5PwwfWaJKvNsaCGyVcr1SOJn8sPb+Tpc98OPsSSVSiRznW+ff8cjVqqbcHnq9i+um1pMhkyhP/++/yT83qE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749153032; c=relaxed/simple; bh=DLH64El6OXN5WMeklaHTszwSOe1DG7x14NJ32u/E2Aw=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=gQhxOT7HaUpRbSH4DxWMRYvb3JX51O3tTketwISgo+hsbAtfpECLQ5I2dM0i7fGVOCc+sdearI3lbmgPT4VLKDStGvT+2txaU4zNjI16OyMks3pN3NJXJSqWS3bgy7B1r9TfSNUP3iMuSlt5d5P9S+sOuLMrXioA1Ilwp4/0Vb4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=wO0pDk8T; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="wO0pDk8T" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-311f4f2e6baso1535214a91.0 for ; Thu, 05 Jun 2025 12:50:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1749153030; x=1749757830; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=TadzeiVx8KJvVm3F7EgQlyQo6nVjOUl2f4eK4MtVzDs=; b=wO0pDk8TKceRBFpWSm4T8E5cZEShgaAHa0Qm0fNpHB/Vn9Etw2ApfX1fR2klEhoTi8 zDm5JA/6WRKAb6awbUhcGNujI9+WXiffPHs6bIb2jiw6Zi5/BEp7dXKCB/Xkr5gWv/xE QZZ7x9QMD/ELb69QJs+Mzx/M8ZvUGk/ofu3cvx+GwTT56NHkCdQF4kKtFZg7LwLiposh 62mhAtBwIFE3rihT35kYuPA9Fk6Kl251CSbm1xkVfiZ/CPASMjxVOzy1FwtR/hqf2gTm e2Aak4cTZXkBPzGzGDa8PIjfX2R85WACzQJ1cwvfeOSme5R+U4wyPljW9DAXmD+7A9UR umSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749153030; x=1749757830; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=TadzeiVx8KJvVm3F7EgQlyQo6nVjOUl2f4eK4MtVzDs=; b=D+OtTRs6YKENLYS8iUB2i5e284Qy8mJ6MwEP9L97ARR6hlm8Q+tiv4CdX/4Z4M74tc /S79gF9iEBDhfExA3aLz63mWRKNqY2rQLjt6CWpAo7a7csKimCZTXtTSWEaXkdL5T7EW jlO5bAeiktT5OwW6LGRtGIXc4mm+tQlk8u/ZmouMlazQA4XAxpesqgq4wzlqxSQZ5MQ4 tw5PBic+2fr9ECLWlt8nh/IHLGRqF7FbRUGz0dCRRUaTw7Xw9jXKvUnPdhJriGXJIGfv jOjWiwuT3M4EoyYAR0fiFxQ/VIRvMm7+hV9zA0vyeJ7o6T9hrs7dsPE1QCZlqy7WdTjB P4HQ== X-Forwarded-Encrypted: i=1; AJvYcCVSsmqdRE+NDVKQNMf0h9wNSj8AiZIvcRJ+h8DomX/Ji5PWQsfTkpHwjll2fS12CGxxi/MoSO8iBOarqa4=@vger.kernel.org X-Gm-Message-State: AOJu0YzuIKCQQK+VGsRUDFhwSsNuP35aD70sJV7ni0+JCrtWxVboBRlZ KYskTaa8jCQ42kMpVSZmuiaaGT7cG2xrFxafrlwkP6Mosa63cBxREB7K6VuwGemEf4/ezuNFTBv jz8Jj3g== X-Google-Smtp-Source: AGHT+IFqrgAXjDGGMOzkv9dbrRl1muhwdNPcu0ofy/G9fG1cymdj30b4P9mWjIJs9OS5z/LFkKNVH2aTo2o= X-Received: from pjbqo7.prod.google.com ([2002:a17:90b:3dc7:b0:312:e5dd:9248]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:1e42:b0:312:e731:5a6b with SMTP id 98e67ed59e1d1-31347799bd0mr1146466a91.32.1749153029991; Thu, 05 Jun 2025 12:50:29 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 5 Jun 2025 12:50:18 -0700 In-Reply-To: <20250605195018.539901-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250605195018.539901-1-seanjc@google.com> X-Mailer: git-send-email 2.50.0.rc0.604.gd4ff7b7c86-goog Message-ID: <20250605195018.539901-5-seanjc@google.com> Subject: [PATCH 4/4] KVM: x86: Refactor handling of SIPI_RECEIVED when setting MP_STATE From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, syzbot+c1cbaedc2613058d5194@syzkaller.appspotmail.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Convert the incoming mp_state to INIT_RECIEVED instead of manually calling kvm_set_mp_state() to make it more obvious that the SIPI_RECEIVED logic is translating the incoming state to KVM's internal tracking, as opposed to being some entirely unique flow. Opportunistically add a comment to explain what the code is doing. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/x86.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 9935307ad41f..47fef0e7f08f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -11908,11 +11908,17 @@ int kvm_arch_vcpu_ioctl_set_mpstate(struct kvm_vc= pu *vcpu, goto out; } =20 + /* + * SIPI_RECEIVED is obsolete and no longer used internally; KVM instead + * leaves the vCPU in INIT_RECIEVED (Wait-For-SIPI) and pends the SIPI. + * Translate SIPI_RECEIVED as appropriate for backwards compatibility. + */ if (mp_state->mp_state =3D=3D KVM_MP_STATE_SIPI_RECEIVED) { - kvm_set_mp_state(vcpu, KVM_MP_STATE_INIT_RECEIVED); + mp_state->mp_state =3D KVM_MP_STATE_INIT_RECEIVED; set_bit(KVM_APIC_SIPI, &vcpu->arch.apic->pending_events); - } else - kvm_set_mp_state(vcpu, mp_state->mp_state); + } + + kvm_set_mp_state(vcpu, mp_state->mp_state); kvm_make_request(KVM_REQ_EVENT, vcpu); =20 ret =3D 0; --=20 2.50.0.rc0.604.gd4ff7b7c86-goog