From patchwork Tue Jun 13 20:30:34 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sean Christopherson <seanjc@google.com>
X-Patchwork-Id: 10727
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp809931vqr;
        Tue, 13 Jun 2023 13:37:07 -0700 (PDT)
X-Google-Smtp-Source: 
 ACHHUZ4au3/q4IrfDM8ySsBEZzHAF5538P8Hfda4U3cWaCc8GNcEaaXHbAuIKaV+1s1ixdXY2irH
X-Received: by 2002:a19:9155:0:b0:4f4:d538:3450 with SMTP id
 y21-20020a199155000000b004f4d5383450mr7208784lfj.49.1686688627328;
        Tue, 13 Jun 2023 13:37:07 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1686688627; cv=none;
        d=google.com; s=arc-20160816;
        b=gMXFnkJw3glvodsWBvLX51Op5vies22eq4une8jqbWicRNbnvQV0XCBAPhkWN0/njb
         DnaNDv0oVIIYW1GoyfWx8Uoj/P/ZX6mzGwPHYFa0vww9PHplHdlSi5awHpcL53efJuWR
         COhX3DmpjInGCUDYvlRp5vA7RPOPMKWRGFpsHrV+X55K2O8dyBKlZXRLxAddn9gfdo3L
         uQPY2NbMjm6YXXm4MnvGvao0lUkGlIoagyAaH0+1+qQP10NGtKYnQ6qw8TYrippbDPjV
         PuAf1ZWqvunB9gwnjKsz5leWaIq5iUb2zb6gpG7tABTqF0FQ1Tv53pzNJPg+0lbFgQS1
         uhFg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:cc:to:from:subject:message-id:mime-version:date
         :reply-to:dkim-signature;
        bh=+Rpn40+f4Bdf6IBKYbjZfc4eEK05I3gCfm7ge6XmBs0=;
        b=NHYV0b2VlKe1effa6fgFC8OTUAPk+bk1arIHwwL5+8PB78BqajGEoSzid3uhXRLjit
         cUQbXs+MztkX/JA/6C/F1aGi66hjJ/9+x76zDn/dGqbqMPmOdyHi2OBrJRWNjNIW4yxC
         anpTIaInG3N94xgKa+XgOXhUEBYIeQn4wHWg++dB6ciqL1AxcadB97m2R/imCc59RfU6
         HqJctxQlqd5fGe2bq4dvEqXP+t64D/sMhCEcZYGJN5KCyWOJyZlutOXwhuThwmJaovpw
         zKFp9f/1yq6X3/uumlDdnpPW8lbQIKm2RUO/ncrxFIEy+7MNTz/ijs0KOhzAiOI75u+x
         7qBg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20221208 header.b=b8ZDd8iU;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 o10-20020a17090611ca00b0096f560fb6absi3795168eja.822.2023.06.13.13.36.42;
        Tue, 13 Jun 2023 13:37:07 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20221208 header.b=b8ZDd8iU;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S237642AbjFMUan (ORCPT <rfc822;lekhanya01809@gmail.com>
        + 99 others); Tue, 13 Jun 2023 16:30:43 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39318 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232580AbjFMUal (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 13 Jun 2023 16:30:41 -0400
Received: from mail-pg1-x549.google.com (mail-pg1-x549.google.com
 [IPv6:2607:f8b0:4864:20::549])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 26AC5E6C
        for <linux-kernel@vger.kernel.org>;
 Tue, 13 Jun 2023 13:30:41 -0700 (PDT)
Received: by mail-pg1-x549.google.com with SMTP id
 41be03b00d2f7-543a89d0387so2545041a12.1
        for <linux-kernel@vger.kernel.org>;
 Tue, 13 Jun 2023 13:30:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20221208; t=1686688240; x=1689280240;
        h=cc:to:from:subject:message-id:mime-version:date:reply-to:from:to:cc
         :subject:date:message-id:reply-to;
        bh=+Rpn40+f4Bdf6IBKYbjZfc4eEK05I3gCfm7ge6XmBs0=;
        b=b8ZDd8iUuYxcXuTOdwxoMFCIW1w8TM1A9HYO3S9l1PT3dSoKaMOFAVNnn1Nti6i76K
         iAmnnItQAZYKEBIM1BNi5nfvn7iHNDbnfTIpbnrmFmx7Z9gY1TzVoMEQz39gkC/DZTCI
         QAH7zUuHynhwLCaaelZAac8gKLUi4nxCys75U3WDuU4Zijk6rRl3eaqnqzApyds+YnoL
         ytU8meRMztZkyUAoUgfA9zZvC5nVVFkNakVvom+WzjJf28qfpFvI12huXCZqgHPTSVo+
         c4U4BIae/f62nN7Rq7rNhT1bqrBT9eDsNTDOJaJRITjtHYeGActlfv0PwEKhKcnQfEGR
         KcQw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1686688240; x=1689280240;
        h=cc:to:from:subject:message-id:mime-version:date:reply-to
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=+Rpn40+f4Bdf6IBKYbjZfc4eEK05I3gCfm7ge6XmBs0=;
        b=RGB7f4oh6DqipBI3xmasyK+U+8PRNDh/l0pCx9FarpOzgBFepOuWHUXbNPCV/FEwoO
         67Xs0h7EPRK66ZaBBKyNW5HTcrg+L6HZDCT1UJGo9DS5ldtfX3wEPXc9R1tTln3ITuQh
         7+kXZqN+0C/fIah1U2PiAs0Dloftx1wrG3tl5NN+xroLBqlTsBiJNwE+AfzE2riSY100
         IwfY1MP5U8x/EFBKrl6UOegHSfEtpSiy7tkoughZQ/QdRg8h20SfqaavvTnC5Qo9+Nvk
         4dmFwwHa3D0P6tqwfL/CKIQlmaCieZ5uCvVNCxw02HxKWaySPBPVRKn2UCbAM7lPex94
         KpiQ==
X-Gm-Message-State: AC+VfDz81v5TnCC8KX9yZDLSU8M2szv80MNSRvjRT7x9mxxrJZIvXyVf
        z/XT515v0TZpD4goAx5eBEoHjJwdmZI=
X-Received: from zagreus.c.googlers.com
 ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a65:4088:0:b0:540:3370:217a with SMTP id
 t8-20020a654088000000b005403370217amr2031536pgp.5.1686688240543; Tue, 13 Jun
 2023 13:30:40 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 13 Jun 2023 13:30:34 -0700
Mime-Version: 1.0
X-Mailer: git-send-email 2.41.0.162.gfafddb0af9-goog
Message-ID: <20230613203037.1968489-1-seanjc@google.com>
Subject: [PATCH 0/3] KVM: x86: CR0 vs. KVM_SET_SREGS and !URG
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
        Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
        syzbot+5feef0b9ee9c8e9e5689@syzkaller.appspotmail.com,
        Jim Mattson <jmattson@google.com>
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL
        autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1768621214255570616?=
X-GMAIL-MSGID: =?utf-8?q?1768621214255570616?=

Fix a longstanding bug where KVM doesn't check the incoming CR0 provided
by userspace via KVM_SET_SREGS, and then fix a VMX specific bug that let
the missing CR0 check escalate from "just" a failed VM-Entry, to a "KVM is
all kinds of confused and generates a WARN" issue.

Expand the set_sregs_test selftest to provide basic CR0 coverage

Sean Christopherson (3):
  KVM: x86: Disallow KVM_SET_SREGS{2} if incoming CR0 is invalid
  KVM: VMX: Don't fudge CR0 and CR4 for restricted L2 guest
  KVM: selftests: Expand x86's sregs test to cover illegal CR0 values

 arch/x86/include/asm/kvm-x86-ops.h            |  1 +
 arch/x86/include/asm/kvm_host.h               |  3 +-
 arch/x86/kvm/svm/svm.c                        |  6 ++
 arch/x86/kvm/vmx/vmx.c                        | 41 ++++++++---
 arch/x86/kvm/x86.c                            | 34 +++++----
 .../selftests/kvm/x86_64/set_sregs_test.c     | 70 +++++++++++--------
 6 files changed, 100 insertions(+), 55 deletions(-)


base-commit: 24ff4c08e5bbdd7399d45f940f10fed030dfadda