From patchwork Wed Sep 19 22:42:22 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paolo Bonzini <pbonzini@redhat.com>
X-Patchwork-Id: 10606635
Return-Path: <kvm-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BFD43112B
	for <patchwork-kvm@patchwork.kernel.org>;
 Wed, 19 Sep 2018 22:42:33 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AF19B2CDCF
	for <patchwork-kvm@patchwork.kernel.org>;
 Wed, 19 Sep 2018 22:42:33 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id AD8382CE0B; Wed, 19 Sep 2018 22:42:33 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.8 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham
 version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 531B92CE08
	for <patchwork-kvm@patchwork.kernel.org>;
 Wed, 19 Sep 2018 22:42:33 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1732263AbeITEWc (ORCPT
        <rfc822;patchwork-kvm@patchwork.kernel.org>);
        Thu, 20 Sep 2018 00:22:32 -0400
Received: from mail-wr1-f67.google.com ([209.85.221.67]:33016 "EHLO
        mail-wr1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1731341AbeITEWc (ORCPT <rfc822;kvm@vger.kernel.org>);
        Thu, 20 Sep 2018 00:22:32 -0400
Received: by mail-wr1-f67.google.com with SMTP id v90-v6so7409656wrc.0;
        Wed, 19 Sep 2018 15:42:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=sender:from:to:subject:date:message-id;
        bh=aE0djoXpmYRWIFE9tManvEtbQQByBo9qtMheLyvjo9M=;
        b=iNTiK9HrzOX/bELAb4nnFGuPvgI/X+H/VHHyMhktJ92oMQeB+Mf+wSdGh3pmKrv+Xq
         Rxc73Cb3TBiAWJ1ODNmmwdKCIk/755d7CwmWOanLSeuSKZ/AulBN243uTpWiapVooiZi
         NVoQjjL9ykMoSs5E6TM4D/Pv4VvfMzuojAfsCcoSAm4qMjZdztS5zZlXMlodLivjx952
         eS02qVqOBySywN1b1x5wbgSdCbqrjGTTMx3MCUxyFoH9sMuIzgctxomdE6VZlfPsYT1m
         Crcuj/YTrAKrOeee2nSEyZJ92eqilIJt6dqwQogXHWP/jdLswvRotbx99eFD7xzCfZVR
         hf2Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:sender:from:to:subject:date:message-id;
        bh=aE0djoXpmYRWIFE9tManvEtbQQByBo9qtMheLyvjo9M=;
        b=hlJa9fwyu4CDEMu2scdl4S+znLNinMH7eAhhEGL45tbzw74s5IGTTeVDZZ3mB5WhTK
         yb9mNeDss2GWCCCfmY38zMLZyhOXhl499BSGkJNwnpNk9ByXGwvqHbigRAIsrmyhuUNy
         6o4u15ADfc0GAF9n4gC4sf0HPa8+M0fk4/gSNEvpWXuX9n6/rGG2+24snL161LJkR40g
         kg9+2OqjrBHHGuhBvIEYSv30tmlC8y+WWqllm3loOpHiR35GpRv8Q733npf0BV1HQ4Uz
         1GDLnsGXT06moZxoSJVt6Daj1gPTQBv8JtTo9wzcYUGkv3cv7s0fFVpI5CxkdAwhMSaC
         xCkg==
X-Gm-Message-State: APzg51Al3atLqFZSi+FLU/pcd0NpX4P65ueiwwC3bxqNOcfS/MbixyGX
        lysO57C8TaalhY8A3CUmNw9RWEGb
X-Google-Smtp-Source: 
 ANB0VdaJieBYnM/d1U4mQZezxsRcW85s//LCm+NXNrclfakTnoBk41860Jz5gVjh8oFuzmE2bBjaMw==
X-Received: by 2002:adf:a936:: with SMTP id
 u51-v6mr32236196wrc.175.1537396944764;
        Wed, 19 Sep 2018 15:42:24 -0700 (PDT)
Received: from 640k.lan (94-36-187-248.adsl-ull.clienti.tiscali.it.
 [94.36.187.248])
        by smtp.gmail.com with ESMTPSA id
 k5-v6sm6051252wrc.14.2018.09.19.15.42.23
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 19 Sep 2018 15:42:24 -0700 (PDT)
From: Paolo Bonzini <pbonzini@redhat.com>
To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Subject: [PATCH] KVM: VMX: check nested state and CR4.VMXE against SMM
Date: Thu, 20 Sep 2018 00:42:22 +0200
Message-Id: <1537396942-30774-1-git-send-email-pbonzini@redhat.com>
X-Mailer: git-send-email 1.8.3.1
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

VMX cannot be enabled under SMM, check it when CR4 is set and when nested
virtualization state is restored.

This should fix some WARNs reported by syzkaller, mostly around
alloc_shadow_vmcs.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 arch/x86/kvm/vmx.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index c76ca0e501cf..fc2870dddfe9 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -5398,9 +5398,10 @@ static int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
 		 * To use VMXON (and later other VMX instructions), a guest
 		 * must first be able to turn on cr4.VMXE (see handle_vmon()).
 		 * So basically the check on whether to allow nested VMX
-		 * is here.
+		 * is here.  We operate under the default treatment of SMM,
+		 * so VMX cannot be enabled under SMM.
 		 */
-		if (!nested_vmx_allowed(vcpu))
+		if (!nested_vmx_allowed(vcpu) || is_smm(vcpu))
 			return 1;
 	}
 
@@ -13977,6 +13978,14 @@ static int vmx_set_nested_state(struct kvm_vcpu *vcpu,
 	    ~(KVM_STATE_NESTED_SMM_GUEST_MODE | KVM_STATE_NESTED_SMM_VMXON))
 		return -EINVAL;
 
+	/*
+	 * SMM temporarily disables VMX, so we cannot be in guest mode,
+	 * nor can VMLAUNCH/VMRESUME be pending.  Outside SMM, SMM flags
+	 * must be zero.
+	 */
+	if (is_smm(vcpu) ? kvm_state->flags : kvm_state->vmx.smm.flags)
+		return -EINVAL;
+
 	if ((kvm_state->vmx.smm.flags & KVM_STATE_NESTED_SMM_GUEST_MODE) &&
 	    !(kvm_state->vmx.smm.flags & KVM_STATE_NESTED_SMM_VMXON))
 		return -EINVAL;