[v2,3/9] KVM: x86: add kvm_leave_nested

Message ID	20221103141351.50662-4-mlevitsk@redhat.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <kvm-owner@kernel.org> From: Maxim Levitsky <mlevitsk@redhat.com> To: kvm@vger.kernel.org Cc: Paolo Bonzini <pbonzini@redhat.com>, Thomas Gleixner <tglx@linutronix.de>, linux-kernel@vger.kernel.org, Chenyi Qiang <chenyi.qiang@intel.com>, Yang Zhong <yang.zhong@intel.com>, x86@kernel.org, Shuah Khan <shuah@kernel.org>, Dave Hansen <dave.hansen@linux.intel.com>, "H. Peter Anvin" <hpa@zytor.com>, Maxim Levitsky <mlevitsk@redhat.com>, Colton Lewis <coltonlewis@google.com>, Borislav Petkov <bp@alien8.de>, Peter Xu <peterx@redhat.com>, Sean Christopherson <seanjc@google.com>, Jim Mattson <jmattson@google.com>, linux-kselftest@vger.kernel.org, Ingo Molnar <mingo@redhat.com>, Wei Wang <wei.w.wang@intel.com>, David Matlack <dmatlack@google.com>, stable@vger.kernel.org Subject: [PATCH v2 3/9] KVM: x86: add kvm_leave_nested Date: Thu, 3 Nov 2022 16:13:45 +0200 Message-Id: <20221103141351.50662-4-mlevitsk@redhat.com> In-Reply-To: <20221103141351.50662-1-mlevitsk@redhat.com> References: <20221103141351.50662-1-mlevitsk@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	nSVM: Security and correctness fixes \| expand [v2,0/9] nSVM: Security and correctness fixes [v2,1/9] KVM: x86: nSVM: leave nested mode on vCPU free [v2,2/9] KVM: x86: nSVM: harden svm_free_nested against freeing vmcb02 while still in use [v2,3/9] KVM: x86: add kvm_leave_nested [v2,4/9] KVM: x86: forcibly leave nested mode on vCPU reset [v2,5/9] KVM: selftests: move idt_entry to header [v2,6/9] kvm: selftests: add svm nested shutdown test [v2,7/9] KVM: x86: allow L1 to not intercept triple fault [v2,8/9] KVM: selftests: add svm part to triple_fault_test [v2,9/9] KVM: x86: remove exit_int_info warning in svm_handle_exit

Message ID

20221103141351.50662-4-mlevitsk@redhat.com (mailing list archive)

State

New, archived

Headers

From: Maxim Levitsky <mlevitsk@redhat.com>
To: kvm@vger.kernel.org
Cc: Paolo Bonzini <pbonzini@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        linux-kernel@vger.kernel.org,
        Chenyi Qiang <chenyi.qiang@intel.com>,
        Yang Zhong <yang.zhong@intel.com>, x86@kernel.org,
        Shuah Khan <shuah@kernel.org>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        "H. Peter Anvin" <hpa@zytor.com>,
        Maxim Levitsky <mlevitsk@redhat.com>,
        Colton Lewis <coltonlewis@google.com>,
        Borislav Petkov <bp@alien8.de>, Peter Xu <peterx@redhat.com>,
        Sean Christopherson <seanjc@google.com>,
        Jim Mattson <jmattson@google.com>,
        linux-kselftest@vger.kernel.org, Ingo Molnar <mingo@redhat.com>,
        Wei Wang <wei.w.wang@intel.com>,
        David Matlack <dmatlack@google.com>, stable@vger.kernel.org
Subject: [PATCH v2 3/9] KVM: x86: add kvm_leave_nested
Date: Thu,  3 Nov 2022 16:13:45 +0200
Message-Id: <20221103141351.50662-4-mlevitsk@redhat.com>
In-Reply-To: <20221103141351.50662-1-mlevitsk@redhat.com>
References: <20221103141351.50662-1-mlevitsk@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

nSVM: Security and correctness fixes | expand

Commit Message

Maxim Levitsky Nov. 3, 2022, 2:13 p.m. UTC

add kvm_leave_nested which wraps a call to nested_ops->leave_nested
into a function.

Cc: stable@vger.kernel.org
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
---
 arch/x86/kvm/svm/nested.c | 3 ---
 arch/x86/kvm/vmx/nested.c | 3 ---
 arch/x86/kvm/x86.c        | 8 +++++++-
 3 files changed, 7 insertions(+), 7 deletions(-)

Comments

Liam Merwick Nov. 21, 2022, 4:31 p.m. UTC | #1

On 03/11/2022 14:13, Maxim Levitsky wrote:
> add kvm_leave_nested which wraps a call to nested_ops->leave_nested
> into a function.
> 
> Cc: stable@vger.kernel.org
> Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>

Reviewed-by: Liam Merwick <liam.merwick@oracle.com>


> ---
>   arch/x86/kvm/svm/nested.c | 3 ---
>   arch/x86/kvm/vmx/nested.c | 3 ---
>   arch/x86/kvm/x86.c        | 8 +++++++-
>   3 files changed, 7 insertions(+), 7 deletions(-)
> 
> diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
> index b74da40c1fc40c..bcc4f6620f8aec 100644
> --- a/arch/x86/kvm/svm/nested.c
> +++ b/arch/x86/kvm/svm/nested.c
> @@ -1147,9 +1147,6 @@ void svm_free_nested(struct vcpu_svm *svm)
>   	svm->nested.initialized = false;
>   }
>   
> -/*
> - * Forcibly leave nested mode in order to be able to reset the VCPU later on.
> - */
>   void svm_leave_nested(struct kvm_vcpu *vcpu)
>   {
>   	struct vcpu_svm *svm = to_svm(vcpu);
> diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
> index 61a2e551640a08..1ebe141a0a015f 100644
> --- a/arch/x86/kvm/vmx/nested.c
> +++ b/arch/x86/kvm/vmx/nested.c
> @@ -6441,9 +6441,6 @@ static int vmx_get_nested_state(struct kvm_vcpu *vcpu,
>   	return kvm_state.size;
>   }
>   
> -/*
> - * Forcibly leave nested mode in order to be able to reset the VCPU later on.
> - */
>   void vmx_leave_nested(struct kvm_vcpu *vcpu)
>   {
>   	if (is_guest_mode(vcpu)) {
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index cd9eb13e2ed7fc..316ab1d5317f92 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -627,6 +627,12 @@ static void kvm_queue_exception_vmexit(struct kvm_vcpu *vcpu, unsigned int vecto
>   	ex->payload = payload;
>   }
>   
> +/* Forcibly leave the nested mode in cases like a vCPU reset */
> +static void kvm_leave_nested(struct kvm_vcpu *vcpu)
> +{
> +	kvm_x86_ops.nested_ops->leave_nested(vcpu);
> +}
> +
>   static void kvm_multiple_exception(struct kvm_vcpu *vcpu,
>   		unsigned nr, bool has_error, u32 error_code,
>   	        bool has_payload, unsigned long payload, bool reinject)
> @@ -5193,7 +5199,7 @@ static int kvm_vcpu_ioctl_x86_set_vcpu_events(struct kvm_vcpu *vcpu,
>   	if (events->flags & KVM_VCPUEVENT_VALID_SMM) {
>   #ifdef CONFIG_KVM_SMM
>   		if (!!(vcpu->arch.hflags & HF_SMM_MASK) != events->smi.smm) {
> -			kvm_x86_ops.nested_ops->leave_nested(vcpu);
> +			kvm_leave_nested(vcpu);
>   			kvm_smm_changed(vcpu, events->smi.smm);
>   		}
>

diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index b74da40c1fc40c..bcc4f6620f8aec 100644
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -1147,9 +1147,6 @@  void svm_free_nested(struct vcpu_svm *svm)
 	svm->nested.initialized = false;
 }
 
-/*
- * Forcibly leave nested mode in order to be able to reset the VCPU later on.
- */
 void svm_leave_nested(struct kvm_vcpu *vcpu)
 {
 	struct vcpu_svm *svm = to_svm(vcpu);
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index 61a2e551640a08..1ebe141a0a015f 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -6441,9 +6441,6 @@  static int vmx_get_nested_state(struct kvm_vcpu *vcpu,
 	return kvm_state.size;
 }
 
-/*
- * Forcibly leave nested mode in order to be able to reset the VCPU later on.
- */
 void vmx_leave_nested(struct kvm_vcpu *vcpu)
 {
 	if (is_guest_mode(vcpu)) {
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index cd9eb13e2ed7fc..316ab1d5317f92 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -627,6 +627,12 @@  static void kvm_queue_exception_vmexit(struct kvm_vcpu *vcpu, unsigned int vecto
 	ex->payload = payload;
 }
 
+/* Forcibly leave the nested mode in cases like a vCPU reset */
+static void kvm_leave_nested(struct kvm_vcpu *vcpu)
+{
+	kvm_x86_ops.nested_ops->leave_nested(vcpu);
+}
+
 static void kvm_multiple_exception(struct kvm_vcpu *vcpu,
 		unsigned nr, bool has_error, u32 error_code,
 	        bool has_payload, unsigned long payload, bool reinject)
@@ -5193,7 +5199,7 @@  static int kvm_vcpu_ioctl_x86_set_vcpu_events(struct kvm_vcpu *vcpu,
 	if (events->flags & KVM_VCPUEVENT_VALID_SMM) {
 #ifdef CONFIG_KVM_SMM
 		if (!!(vcpu->arch.hflags & HF_SMM_MASK) != events->smi.smm) {
-			kvm_x86_ops.nested_ops->leave_nested(vcpu);
+			kvm_leave_nested(vcpu);
 			kvm_smm_changed(vcpu, events->smi.smm);
 		}

[v2,3/9] KVM: x86: add kvm_leave_nested

Commit Message

Comments

Patch