KVM: SVM: Never reject emulation due to SMAP errata for !SEV guests

stable inclusion from stable-v5.10.102 commit 9dcedbe943be8c93722c1ed68b59001b28b0d889 bugzilla: https://gitee.com/openeuler/kernel/issues/I567K6 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9dcedbe943be8c93722c1ed68b59001b28b0d889 -------------------------------- commit 55467fcd upstream. Always signal that emulation is possible for !SEV guests regardless of whether or not the CPU provided a valid instruction byte stream. KVM can read all guest state (memory and registers) for !SEV guests, i.e. can fetch the code stream from memory even if the CPU failed to do so because of the SMAP errata. Fixes: 05d5a486 ("KVM: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation)") Cc: stable@vger.kernel.org Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Brijesh Singh <brijesh.singh@amd.com> Signed-off-by: N Sean Christopherson <seanjc@google.com> Reviewed-by: N Liam Merwick <liam.merwick@oracle.com> Message-Id: <20220120010719.711476-2-seanjc@google.com> Signed-off-by: N Paolo Bonzini <pbonzini@redhat.com> [jwang: adjust context for kernel 5.10.101] Signed-off-by: N Jack Wang <jinpu.wang@ionos.com> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: N Yu Liao <liaoyu15@huawei.com> Reviewed-by: N Wei Li <liwei391@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>

KVM: SVM: Never reject emulation due to SMAP errata for !SEV guests
stable inclusion from stable-v5.10.102 commit 9dcedbe943be8c93722c1ed68b59001b28b0d889 bugzilla: https://gitee.com/openeuler/kernel/issues/I567K6 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9dcedbe943be8c93722c1ed68b59001b28b0d889 -------------------------------- commit 55467fcd upstream. Always signal that emulation is possible for !SEV guests regardless of whether or not the CPU provided a valid instruction byte stream. KVM can read all guest state (memory and registers) for !SEV guests, i.e. can fetch the code stream from memory even if the CPU failed to do so because of the SMAP errata. Fixes: 05d5a486 ("KVM: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation)") Cc: stable@vger.kernel.org Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Brijesh Singh <brijesh.singh@amd.com> Signed-off-by: N Sean Christopherson <seanjc@google.com> Reviewed-by: N Liam Merwick <liam.merwick@oracle.com> Message-Id: <20220120010719.711476-2-seanjc@google.com> Signed-off-by: N Paolo Bonzini <pbonzini@redhat.com> [jwang: adjust context for kernel 5.10.101] Signed-off-by: N Jack Wang <jinpu.wang@ionos.com> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: N Yu Liao <liaoyu15@huawei.com> Reviewed-by: N Wei Li <liwei391@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>
705cef9b · Sean Christopherson · Zheng Zengkai · e4025dcd · 705cef9b
隐藏空白更改
内联并排

Showing with 4 addition and 3 deletion

arch/x86/kvm/svm/svm.c arch/x86/kvm/svm/svm.c +4 -3

未找到文件。
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -4103,6 +4103,10 @@ static bool svm_can_emulate_instruction(struct kvm_vcpu *vcpu, void *insn, int i
 	bool smep, smap, is_user;
 	unsigned long cr4;

+	/* Emulation is always possible when KVM has access to all guest state. */
+	if (!sev_guest(vcpu->kvm))
+		return true;
+
 	/*
 	 * Detect and workaround Errata 1096 Fam_17h_00_0Fh.
 	 *
@@ -4151,9 +4155,6 @@ static bool svm_can_emulate_instruction(struct kvm_vcpu *vcpu, void *insn, int i
 	smap = cr4 & X86_CR4_SMAP;
 	is_user = svm_get_cpl(vcpu) == 3;
 	if (smap && (!smep || is_user)) {
-		if (!sev_guest(vcpu->kvm))
-			return true;
-
 		pr_err_ratelimited("KVM: SEV Guest triggered AMD Erratum 1096\n");

 		/*