pve-kernel-lowlatency-qoup/patches/kernel/0023-KVM-x86-SVM-use-smram-structs.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Maxim Levitsky <mlevitsk@redhat.com>
Date: Tue, 21 Jun 2022 18:09:01 +0300
Subject: [PATCH] KVM: x86: SVM: use smram structs

This removes the last user of put_smstate/GET_SMSTATE so
remove these functions as well.

Also add a sanity check that we don't attempt to enter the SMM
on non long mode capable guest CPU with a running nested guest.

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 arch/x86/include/asm/kvm_host.h |  6 ------
 arch/x86/kvm/svm/svm.c          | 28 +++++++++++++++++-----------
 2 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 867febee8fc3..4b443624b884 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1931,12 +1931,6 @@ static inline int kvm_cpu_get_apicid(int mps_cpu)
 #endif
 }
 
-#define put_smstate(type, buf, offset, val)                      \
-	*(type *)((buf) + (offset) - 0x7e00) = val
-
-#define GET_SMSTATE(type, buf, offset)		\
-	(*(type *)((buf) + (offset) - 0x7e00))
-
 int kvm_cpu_dirty_log_size(void);
 
 int alloc_all_memslots_rmaps(struct kvm *kvm);
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 21f747eacc9a..283b1ca95317 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -4304,6 +4304,7 @@ static int svm_smi_allowed(struct kvm_vcpu *vcpu, bool for_injection)
 
 static int svm_enter_smm(struct kvm_vcpu *vcpu, char *smstate)
 {
+	struct kvm_smram_state_64 *smram = (struct kvm_smram_state_64 *)smstate;
 	struct vcpu_svm *svm = to_svm(vcpu);
 	struct kvm_host_map map_save;
 	int ret;
@@ -4311,10 +4312,17 @@ static int svm_enter_smm(struct kvm_vcpu *vcpu, char *smstate)
 	if (!is_guest_mode(vcpu))
 		return 0;
 
-	/* FED8h - SVM Guest */
-	put_smstate(u64, smstate, 0x7ed8, 1);
-	/* FEE0h - SVM Guest VMCB Physical Address */
-	put_smstate(u64, smstate, 0x7ee0, svm->nested.vmcb12_gpa);
+	/*
+	 * 32 bit SMRAM format doesn't preserve EFER and SVM state.
+	 * SVM should not be enabled by the userspace without marking
+	 * the CPU as at least long mode capable.
+	 */
+
+	if (!guest_cpuid_has(vcpu, X86_FEATURE_SVM))
+		return 1;
+
+	smram->svm_guest_flag = 1;
+	smram->svm_guest_vmcb_gpa = svm->nested.vmcb12_gpa;
 
 	svm->vmcb->save.rax = vcpu->arch.regs[VCPU_REGS_RAX];
 	svm->vmcb->save.rsp = vcpu->arch.regs[VCPU_REGS_RSP];
@@ -4351,9 +4359,9 @@ static int svm_enter_smm(struct kvm_vcpu *vcpu, char *smstate)
 
 static int svm_leave_smm(struct kvm_vcpu *vcpu, const char *smstate)
 {
+	struct kvm_smram_state_64 *smram = (struct kvm_smram_state_64 *)smstate;
 	struct vcpu_svm *svm = to_svm(vcpu);
 	struct kvm_host_map map, map_save;
-	u64 saved_efer, vmcb12_gpa;
 	struct vmcb *vmcb12;
 	int ret;
 
@@ -4361,18 +4369,16 @@ static int svm_leave_smm(struct kvm_vcpu *vcpu, const char *smstate)
 		return 0;
 
 	/* Non-zero if SMI arrived while vCPU was in guest mode. */
-	if (!GET_SMSTATE(u64, smstate, 0x7ed8))
+	if (!smram->svm_guest_flag)
 		return 0;
 
 	if (!guest_cpuid_has(vcpu, X86_FEATURE_SVM))
 		return 1;
 
-	saved_efer = GET_SMSTATE(u64, smstate, 0x7ed0);
-	if (!(saved_efer & EFER_SVME))
+	if (!(smram->efer & EFER_SVME))
 		return 1;
 
-	vmcb12_gpa = GET_SMSTATE(u64, smstate, 0x7ee0);
-	if (kvm_vcpu_map(vcpu, gpa_to_gfn(vmcb12_gpa), &map) == -EINVAL)
+	if (kvm_vcpu_map(vcpu, gpa_to_gfn(smram->svm_guest_vmcb_gpa), &map) == -EINVAL)
 		return 1;
 
 	ret = 1;
@@ -4397,7 +4403,7 @@ static int svm_leave_smm(struct kvm_vcpu *vcpu, const char *smstate)
 
 	vmcb12 = map.hva;
 	nested_load_control_from_vmcb12(svm, &vmcb12->control);
-	ret = enter_svm_guest_mode(vcpu, vmcb12_gpa, vmcb12, false);
+	ret = enter_svm_guest_mode(vcpu, smram->svm_guest_vmcb_gpa, vmcb12, false);
 
 	if (ret)
 		goto unmap_save;
backport "SMM emulation and interrupt shadow fixes" Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2022-07-27 14:45:07 +03:00			`From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001`
			`From: Maxim Levitsky <mlevitsk@redhat.com>`
			`Date: Tue, 21 Jun 2022 18:09:01 +0300`
			`Subject: [PATCH] KVM: x86: SVM: use smram structs`

			`This removes the last user of put_smstate/GET_SMSTATE so`
			`remove these functions as well.`

			`Also add a sanity check that we don't attempt to enter the SMM`
			`on non long mode capable guest CPU with a running nested guest.`

			`Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>`
			`Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>`
			`---`
			`arch/x86/include/asm/kvm_host.h \| 6 ------`
			`arch/x86/kvm/svm/svm.c \| 28 +++++++++++++++++-----------`
			`2 files changed, 17 insertions(+), 17 deletions(-)`

			`diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h`
			`index 867febee8fc3..4b443624b884 100644`
			`--- a/arch/x86/include/asm/kvm_host.h`
			`+++ b/arch/x86/include/asm/kvm_host.h`
			`@@ -1931,12 +1931,6 @@ static inline int kvm_cpu_get_apicid(int mps_cpu)`
			`#endif`
			`}`

			`-#define put_smstate(type, buf, offset, val) \`
			`- (type )((buf) + (offset) - 0x7e00) = val`
			`-`
			`-#define GET_SMSTATE(type, buf, offset) \`
			`- ((type )((buf) + (offset) - 0x7e00))`
			`-`
			`int kvm_cpu_dirty_log_size(void);`

			`int alloc_all_memslots_rmaps(struct kvm *kvm);`
			`diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c`
			`index 21f747eacc9a..283b1ca95317 100644`
			`--- a/arch/x86/kvm/svm/svm.c`
			`+++ b/arch/x86/kvm/svm/svm.c`
			`@@ -4304,6 +4304,7 @@ static int svm_smi_allowed(struct kvm_vcpu *vcpu, bool for_injection)`

			`static int svm_enter_smm(struct kvm_vcpu vcpu, char smstate)`
			`{`
			`+ struct kvm_smram_state_64 smram = (struct kvm_smram_state_64 )smstate;`
			`struct vcpu_svm *svm = to_svm(vcpu);`
			`struct kvm_host_map map_save;`
			`int ret;`
			`@@ -4311,10 +4312,17 @@ static int svm_enter_smm(struct kvm_vcpu vcpu, char smstate)`
			`if (!is_guest_mode(vcpu))`
			`return 0;`

			`- /* FED8h - SVM Guest */`
			`- put_smstate(u64, smstate, 0x7ed8, 1);`
			`- /* FEE0h - SVM Guest VMCB Physical Address */`
			`- put_smstate(u64, smstate, 0x7ee0, svm->nested.vmcb12_gpa);`
			`+ /*`
			`+ * 32 bit SMRAM format doesn't preserve EFER and SVM state.`
			`+ * SVM should not be enabled by the userspace without marking`
			`+ * the CPU as at least long mode capable.`
			`+ */`
			`+`
			`+ if (!guest_cpuid_has(vcpu, X86_FEATURE_SVM))`
			`+ return 1;`
			`+`
			`+ smram->svm_guest_flag = 1;`
			`+ smram->svm_guest_vmcb_gpa = svm->nested.vmcb12_gpa;`

			`svm->vmcb->save.rax = vcpu->arch.regs[VCPU_REGS_RAX];`
			`svm->vmcb->save.rsp = vcpu->arch.regs[VCPU_REGS_RSP];`
			`@@ -4351,9 +4359,9 @@ static int svm_enter_smm(struct kvm_vcpu vcpu, char smstate)`

			`static int svm_leave_smm(struct kvm_vcpu vcpu, const char smstate)`
			`{`
			`+ struct kvm_smram_state_64 smram = (struct kvm_smram_state_64 )smstate;`
			`struct vcpu_svm *svm = to_svm(vcpu);`
			`struct kvm_host_map map, map_save;`
			`- u64 saved_efer, vmcb12_gpa;`
			`struct vmcb *vmcb12;`
			`int ret;`

			`@@ -4361,18 +4369,16 @@ static int svm_leave_smm(struct kvm_vcpu vcpu, const char smstate)`
			`return 0;`

			`/* Non-zero if SMI arrived while vCPU was in guest mode. */`
			`- if (!GET_SMSTATE(u64, smstate, 0x7ed8))`
			`+ if (!smram->svm_guest_flag)`
			`return 0;`

			`if (!guest_cpuid_has(vcpu, X86_FEATURE_SVM))`
			`return 1;`

			`- saved_efer = GET_SMSTATE(u64, smstate, 0x7ed0);`
			`- if (!(saved_efer & EFER_SVME))`
			`+ if (!(smram->efer & EFER_SVME))`
			`return 1;`

			`- vmcb12_gpa = GET_SMSTATE(u64, smstate, 0x7ee0);`
			`- if (kvm_vcpu_map(vcpu, gpa_to_gfn(vmcb12_gpa), &map) == -EINVAL)`
			`+ if (kvm_vcpu_map(vcpu, gpa_to_gfn(smram->svm_guest_vmcb_gpa), &map) == -EINVAL)`
			`return 1;`

			`ret = 1;`
			`@@ -4397,7 +4403,7 @@ static int svm_leave_smm(struct kvm_vcpu vcpu, const char smstate)`

			`vmcb12 = map.hva;`
			`nested_load_control_from_vmcb12(svm, &vmcb12->control);`
			`- ret = enter_svm_guest_mode(vcpu, vmcb12_gpa, vmcb12, false);`
			`+ ret = enter_svm_guest_mode(vcpu, smram->svm_guest_vmcb_gpa, vmcb12, false);`

			`if (ret)`
			`goto unmap_save;`