From patchwork Tue Apr 16 12:35:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julian Stecklina X-Patchwork-Id: 13631776 Received: from DEU01-BE0-obe.outbound.protection.outlook.com (mail-be0deu01on2104.outbound.protection.outlook.com [40.107.127.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E409B101D4; Tue, 16 Apr 2024 12:36:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.127.104 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713271005; cv=fail; b=kgatMyPFPX0I1k+69jVNKp4y0BxCFlUFzJIo4sgJ0SZxT/gzKMroyygxbqkZwVOTLFiP7wKTRjuwkEuWwL/TN+IbqKty6WgkjoZ5blZJsn5YsnkxHmwQfoAX5cU9RDKvy6zHN1W3OmtbGKixykhlLsccYkco77W5mNXY9I7pheY= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713271005; c=relaxed/simple; bh=PaQi7Kdg+bSprtejyY3NaMGR8af5tS/cAE59T4HAdv0=; h=From:To:Cc:Subject:Date:Message-ID:Content-Type:MIME-Version; b=uqkMquYot1HBWCiGD2gbhJ/NKJjiENfLhpw506Mb2oUGwzZlPahfAvj8C5LyWQNBLoi8G6PHDKRVKvaMaxceJqpKSrHMrURWKg5fDD3IKQWhACbVTz28NKv/eXogYyXWoeaG9A0e15jDltpau+xzbxIP9MRuKC7FI5wrWNWwvXk= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=cyberus-technology.de; spf=pass smtp.mailfrom=cyberus-technology.de; dkim=pass (2048-bit key) header.d=cyberus-technology.de header.i=@cyberus-technology.de header.b=H57J/a7b; arc=fail smtp.client-ip=40.107.127.104 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=cyberus-technology.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=cyberus-technology.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=cyberus-technology.de header.i=@cyberus-technology.de header.b="H57J/a7b" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=M72vljV2SBTYQZs/FehW4F5hLnfLlCqc/cuHGn2aFd2YrnACDgwQWdFFTLcLBHqq3RuLWoCuYgXXoAiYJGBQ+nRSBoxXC3+El0TFLivpOLi2WO4B5CJSMhjgpGxZ75Yf0L8VhQcPLyOfbO95m7HgALJKr5jSsVta2tGrgDTroRxl8QZ1VT2l01UdP2M0IEt4ll6/HxG9WrjaiumY3rSTYMKz49dSwng4sGFU/yjfUBMsNWAPVW04mb2kp4Sn8byOxfVc4TP265F8JOGhGMybqoi4eaMCZacLP9W+T4FwJXRWqDFSnfCxau+58j6f/gKInkQ7XEeRWbJh1FroJqZQrQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7RaaYZ/Ezw21a6jN9N1MR606d2UFF0BBp5iTDn6vPHc=; b=jGTCmTy3noxTU0mtvBf6Dbv91BCvIlHf0cAGZFeSzfipizR6yeUuPhj7WFKlRhKZSQt6a1LM7H3aLEt8VTxUkERRUEwsdjChyoPPM/lxaHny6/oFLDCSRRyJIlz+74lv4vjUExMeXDY7+RkBY4lAnMi9b442k21dE+svZU9SxYIuNpHpRJ0PSnpet/dT5fUwgp29fILGfzN5NtzAJJtv+UNQIgvW+QPyOxH+k+MtzBh0CmhWVbzO5RTkwe+jqUp2KKWtGoBHnHRT6O1mrG+OYfEI3llbTehMIH++crOEYv1CCHWVWr7szWsxsxnX33P+TW3QCEFpTQtpYR9NsnPJiA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cyberus-technology.de; dmarc=pass action=none header.from=cyberus-technology.de; dkim=pass header.d=cyberus-technology.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cyberus-technology.de; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7RaaYZ/Ezw21a6jN9N1MR606d2UFF0BBp5iTDn6vPHc=; b=H57J/a7bh5xJ80fvXfIIpf426yVugwWUbDXNH48s/wIEu/FnUXfP8ZcIuFpG7CCCbDJiuEiaFVYhmlkFJrbYsS2gfKeZQvTZs086oB5m8grQbbPApTNRjqBk6Pwm+JrisY8vV9guQTpIyYDiQV2YSxJhEfoJInMC3QsrULyzBJPWOBAJTK8ilzhkSogwUcogxaW8sF/f/kUXQBPwYYYnlz7B5c7oWl12Mwl/4xKQ14dEYAsmPl8IDdveAQ+S7BQ95JiY257JWG/j2qibkD1ooWbljWAw0PwxzM45Q3RNuK0/RvXV830RsYlJSGI7ySGZ/npsKrsnrHYqa4MQq98ndw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cyberus-technology.de; Received: from FR2P281MB2329.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:38::7) by FR2P281MB1543.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:90::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7452.50; Tue, 16 Apr 2024 12:36:38 +0000 Received: from FR2P281MB2329.DEUP281.PROD.OUTLOOK.COM ([fe80::cd58:a187:5d01:55f5]) by FR2P281MB2329.DEUP281.PROD.OUTLOOK.COM ([fe80::cd58:a187:5d01:55f5%6]) with mapi id 15.20.7452.049; Tue, 16 Apr 2024 12:36:38 +0000 From: Julian Stecklina To: Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" Cc: Thomas Prescher , Julian Stecklina , kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 1/2] KVM: nVMX: fix CR4_READ_SHADOW when L0 updates CR4 during a signal Date: Tue, 16 Apr 2024 14:35:56 +0200 Message-ID: <20240416123558.212040-1-julian.stecklina@cyberus-technology.de> X-Mailer: git-send-email 2.43.2 X-ClientProxiedBy: MA2P292CA0026.ESPP292.PROD.OUTLOOK.COM (2603:10a6:250::12) To FR2P281MB2329.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:38::7) Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: FR2P281MB2329:EE_|FR2P281MB1543:EE_ X-MS-Office365-Filtering-Correlation-Id: 5a5f1b05-de4c-4a1e-a355-08dc5e11dc72 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: +vNTtfVdsVui/hQRR+5jU8gWU03ea8Z4GjDhqthOoQg/jD7QRtGbOvzVqHGcH3D+EfgNBroMmZgOgJMWS7IriCmo+2kAtTjf5MhoapyYu6aV2q+79afM6cl2DuB2Yfl/rc570Fm1WDFUFUeepNyPvMlWXfYZn0gCT7pry6aQI5iY9rG9y5RDxdVXTOV5MB+LJmJdzTQUq5085eZ7Ksd43wQTMEUm6r6q9h0iulZhPMvm+lnmr3NslvMoZWy5gouiwCkTW4lFf9VuUyktP9d2M2kwZk8v7sboh3P7oNql0/d5ceWwuP2WlId7zyETlNUh9IFkKLheEJKhDW5QQzbXLCcSg8+lBdXW+94GmtRLa5w+JomdCzsYjyrBc48gowmlK1sdPKSFs77mOh1RE8OMr2DfEIbSCnX2BHpkrEynZZPLTIqoWksyrcF2g3J3KZwdau1zlob0PiTChCon08J3Z5OOy/3cGSJvP5wA2xKB5eaGt1QiAMw/Iq4RAsocoYXyNgaYzW21RMZAIdqctAkDqNNR8wmUoC9hf0dddX2Bm48Inx1nbUR2vYClYBs/R30jiocwrQbIw5sDg7uyyf8E+w6deQIEVxmE4SYa+Nqknbo9qA8XES35LmDXXT1Kpi4TP37cJ+OXUH7Ex7jNyub37+DUt8gm5JpN/IHKb50WbFMZfx7wzyZtT5EohkafaarGfHY6Ro7s2BJuZ+fVDzyo7OtT2hlKlL4vWfxW9oygOV96K/be8H1uiJweQ58uU2hCz2g77LVpzfmQOUsNYkTjZjgg6NEUYxC1VwZ5j0lfZmdXFLGL79V9Cm6ZaO1bcZkegAd2U63SdOx4J6BfB39uu1GCZ7MLE5ZEgNi7r/1DnFmUkx6NOgsMx+QjKP6/KDykwIkLRvXFKNcI3hAhMH46Lw0GcaTadbiAF94+W8RTuXn26rrsQ9abO1uDfstpfeF5JlnhwJhZBT4MVdeWNSovsNc14QTKt5BhOCGieX8gBJKVDMoR7waLZWn1ZMVXP+P2dT5MJNCZ/avLZ6DQbp9Sg4mW7O6n14nSuNMuCyiZK8YDPECcFVUiIEO4uoqp3xThvj5JbafppUGeMx++OVWiHO0TcYbfkIvXGGTU/Zo68y63KQje4aBbxnjwoH1dAop3NcaAa4UlYHbsf8FJkqJliDnxFsikNcnbd+i6H2cTc++KKjtKVqBvMUDyJB92jncmLuAupWgvUMcKahgknElpxqM1z1vqFYhIrHNhQIVbxLykivGhZdGLU65FxOw8DP5kTkS4AyFdlyER6ZpkuIpNSA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:FR2P281MB2329.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(7416005)(376005)(1800799015)(366007)(52116005)(38350700005);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: mUYSpRUs8SNZuhhpPdAO4waLeoDnjYiZ1xTRSDM7fGp2cbyY+akneOaGj80gyqcw6837IcIlkhtwF+iGniJUTQAecVSBTKGwnUiktjH+eZimM0VwhX/FkYTPNMXW2lY375+daOSmAGEISDGCjZlwz08kAYwCrVkuS/Tr7pKfcF7/8xEg/r1hvd2doLzzLjcIUCCraSTGfxBsMqkkr2HRTEPa/bdMBuAQca7QOGUW4CsrY9l+SWqxrIw8HW505kGru2E4N2O+GnH/2jAuLQiUzXA+ZT37HRt9JT9oneCfqpqiaqEdrjVr2bINhPMEFRpxhS1TWgsb30PAlcXXTMdbGOxS+VOCeHw6jsKlXQSqCid6YlkMDXz2AfCvgvZSBZ5DI0Iz7lZrKEO9fYAGbMxYx1xchBPivfEXdHbXWXspvIrivysdXHllwlKJ+luqv7wM4iPkIxaEmVpKylwlXjlUYBEuC+PmvAQwggXpma4QO58FN85paGkTOPA/DBBsWZsKww/HDFme70WmlTw2l8ThKVzDjcG8jq9+pv+uK1QzYBl5K14Dop2N+ERN74FOIVm74NnnwkPJz+62X4C3ZUvxAwx1u20rFogiTZiUSvCxxF9j/oxWi7sezzrYpimeJg4EzjwexjOWDAEMSWGVt+oWQX9KRZhSsgItE5zJBCbFlJ7TBpme1kcKkztJmpIMckW5Yco+ZJF3ta/fvqxJtXoUdH+8LOjp1KHkEOT/wmUYi0H8kapHLHTxzirEc1VNHTvLq/OT0ZCtjaAR2G0hdL4DXm6BvlS7sVZm6e6vycl+vk8YLfUQXTv/WgHm3DKRnWBhsOlPTTKBdOiWDdl2ANhOyvBFN5CLw451HvRVyIJJApp4sLzpfuvnYF3UQcGqNgkPmx9NFZ0F9iC53EcbVAYKMaU7Nl6VEyaLbp9UOXNU9tlupy6eP/PmSV5aEHbyQfdlTBrMOfMtZMKld5fvdUrVxMOgPNHI48Bilz4dlPXRll6k//w56ttnCQ4dZmBRs2VDEgyp3soBsLChLRtBsszqsCf8KFV/9J6LvRYEl/niZde3fnFzc+aIjana0YjjoPT3ki2aMwaYQJFAK8mywZ5Q6/NY2dMcJCrR2/csGaUOeOzeQgcBIin5wlOIH8DPq6F7U0dqaGPFaOqEH2iKGBK4Ko6QhdCxzp+4vkP+z6OrjzMlmrHXqCzWIR3MRw33kbezAeFOZZU3MUF9+ZOQr2gTkiBVHSn+vcbgqF31HadycrDtiS9PWLYPCK/ox5Z4stSg/eUMx3JwwXA7siYZS/3MMtv14oKX27jcHYNgsLXjiiMBQuHKTu7A4SqhL8YZI1XfqmOZInJxu+Xla/WbJSZyEhEXlasS2WkJBpUMozLXgriE55tiTrLZr58zsdHiKmfXUfFcZUM96xhJKxhRUidKENWp+/UFsY5I/s36TygwDTbnGBWfEWem61nhp8pWVT5EXeLJqTCZEE4N1gH6mSwvgUIVTqVkQh4ci+euVvJIdfWc83NhNqv8ZHXinHzpIOnbWjqwZpms0edB4BZzn2ZJkdBx8o9eIN8pPD8M0rm+wyoZ+8xXvT7Zl1or8x8FMqXgPhgwvrcnG5Vwcsz+XLaUSzilt6Th9n0CklZ+SpUxHcU= X-OriginatorOrg: cyberus-technology.de X-MS-Exchange-CrossTenant-Network-Message-Id: 5a5f1b05-de4c-4a1e-a355-08dc5e11dc72 X-MS-Exchange-CrossTenant-AuthSource: FR2P281MB2329.DEUP281.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Apr 2024 12:36:38.7138 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f4e0f4e0-9d68-4bd6-a95b-0cba36dbac2e X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 3Ve3BSVMTG8EUL5E8/sY+Agm/CBL0j4mQ8Kl+N6YSXyWuqbDaNw8t1m+xXwnKU0lN3/QlRKm0vQ0kmf5Rx0hCMYXNChJWj0xmN1CMWF47/vo3RkdvUY7Vt5kxYyk8iGU X-MS-Exchange-Transport-CrossTenantHeadersStamped: FR2P281MB1543 From: Thomas Prescher This issue occurs when the kernel is interrupted by a signal while running a L2 guest. If the signal is meant to be delivered to the L0 VMM, and L0 updates CR4 for L1, i.e. when the VMM sets KVM_SYNC_X86_SREGS in kvm_run->kvm_dirty_regs, the kernel programs an incorrect read shadow value for L2's CR4. The result is that the guest can read a value for CR4 where bits from L1 have leaked into L2. We found this issue by running uXen [1] as L2 in VirtualBox/KVM [2]. The issue can also easily be reproduced in Qemu/KVM if we force a sreg sync on each call to KVM_RUN [3]. The issue can also be reproduced by running a L2 Windows 10. In the Windows case, CR4.VMXE leaks from L1 to L2 causing the OS to blue-screen with a kernel thread exception during TLB invalidation where the following code sequence triggers the issue: mov rax, cr4 <--- L2 reads CR4 with contents from L1 mov rcx, cr4 btc 0x7, rax <--- L2 toggles CR4.PGE mov cr4, rax <--- #GP because L2 writes CR4 with reserved bits set mov cr4, rcx The existing code seems to fixup CR4_READ_SHADOW after calling vmx_set_cr4 except in __set_sregs_common. While we could fix it there as well, it's easier to just handle it centrally. There might be a similar issue with CR0. [1] https://github.com/OpenXT/uxen [2] https://github.com/cyberus-technology/virtualbox-kvm [3] https://github.com/tpressure/qemu/commit/d64c9d5e76f3f3b747bea7653d677bd61e13aafe Signed-off-by: Julian Stecklina Signed-off-by: Thomas Prescher --- arch/x86/kvm/vmx/vmx.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 6780313914f8..0d4af00245f3 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -3474,7 +3474,11 @@ void vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) hw_cr4 &= ~(X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_PKE); } - vmcs_writel(CR4_READ_SHADOW, cr4); + if (is_guest_mode(vcpu)) + vmcs_writel(CR4_READ_SHADOW, nested_read_cr4(get_vmcs12(vcpu))); + else + vmcs_writel(CR4_READ_SHADOW, cr4); + vmcs_writel(GUEST_CR4, hw_cr4); if ((cr4 ^ old_cr4) & (X86_CR4_OSXSAVE | X86_CR4_PKE)) From patchwork Tue Apr 16 12:35:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julian Stecklina X-Patchwork-Id: 13631777 Received: from DEU01-BE0-obe.outbound.protection.outlook.com (mail-be0deu01on2104.outbound.protection.outlook.com [40.107.127.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F357A42059; Tue, 16 Apr 2024 12:36:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.127.104 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713271007; cv=fail; b=FDUcrlYWPde3qdavFJ7HU6YtKE+iF+giz4AOHCYVJZfj3MkfAMRX2aBm6uF+uBcy1u1VCabLL3O+A6ewn9TxD2/WOHNG+Z8ktJOeOB3OAaNcRaejZuT2G+mxTMN9bzxbShB0db+rFfEIicOxF5TtDmGS4kwKXpMwpTsn7NdqIa4= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713271007; c=relaxed/simple; bh=aUYVOjc6Vc5BHwVUVDe3y3bHM4F0WyVoIq8DE38Y+V8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: Content-Type:MIME-Version; b=FurCmmUluZOAWPy0Tk7PcLWOG1LEoAyi67GWQCZp76ZF3PvzgU8vDHrvs7VFNmsVEPKY1+YRyaUpY2yWHySE2jO8gLfE8IxiUQPhjPZTKMj5B5Ij3JCt4G1tkPpzu7pm0wboyGfnNMOJWH6+W6Ut18wYUOBjyzNnJTUjEMfDYf8= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=cyberus-technology.de; spf=pass smtp.mailfrom=cyberus-technology.de; dkim=pass (2048-bit key) header.d=cyberus-technology.de header.i=@cyberus-technology.de header.b=OVp/Yu12; arc=fail smtp.client-ip=40.107.127.104 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=cyberus-technology.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=cyberus-technology.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=cyberus-technology.de header.i=@cyberus-technology.de header.b="OVp/Yu12" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mwfgsefvV8kD+tzgqhOOHIS3edApzmfVvgmpe49s4bSLYslRW8UX40YxsLVqVIdq2SJy3vzFavI5JYsSE85fAaPh7MyPVv0xk4IUkc74ACVHoeE6ed/6HD7h158XKZDWfTa5dVvPzJWFYCuAW0yF5/th2afPAfcxm+EoTwUI+e73RGNCxjtIsrDmUTmH37Be25xSak1WwQ3lq2t5XqpufpxGz7leEiaLRXlo5oonzzHtJfCsC9G7X60TGmbqag9TQVPrTCzvCbzYt+WzrkHaomHDtrZzoFeH+fh2BqbzZRwP/Nia0gVQULQcWLjKSFAQWSS/bxpZdMo6OvEFhfY3OQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3KIei3UMKdcBvkO9uGMBgk4HTS/AsvarqcqWzTFqpcU=; b=OUaVyB7LPEryeYPm0xPPxxNZPBszuOi+hfp4D20Kz4CVeybjH0TPZitqv1ByShJjyK8ozT5a9OnS2EsiC6pNfSZzXji4v4qDXbBjbjkmRHkTEpwBKcD3/BtTHqyk4NGqlRgIEQx7XakK6/Z/JxnUn7KMZsryVXXrHhW1lxbQyCC/CAi1+2oDFLYMflJEdu6XuRDSQqcGp/sLSGPQmrsJj6qRvAdMT+Mg0ajbxo6llADBYHabeZYxrbSeXABqAnvURPyITB/pQ9RpaZgAp3bWRorb9xRNaTt75JJEo5h05IcEqKasR7GeUxT6swpmxOe9qguSM1B7U7c+Nnwivuoy3Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cyberus-technology.de; dmarc=pass action=none header.from=cyberus-technology.de; dkim=pass header.d=cyberus-technology.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cyberus-technology.de; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3KIei3UMKdcBvkO9uGMBgk4HTS/AsvarqcqWzTFqpcU=; b=OVp/Yu12BBYWjkZh9ZlDBT/3ekL7EiOI0hlV1goBrTmizpoUFpb3v468AjGk0Bn1Qk6vxnQaJWFqV9KgpstzUdkMlfvbcZSiQ2ckWICP91GmJ/HkgulN5X7kD+3rqGiC6502C5uyIXRIOKeBhnIL3NTCIt6AIuwV4O8YD0vlE9nosE/E4XGFPYRZdnPj82n5o627JnwWecNQ+a5OKuZ+raUUGmZwtJ98U3w8Oi2zdZrxdXO9d3fuAfH6yrZ/LkRpWhjLDA6NduOLLQVit7tbNM+0hzV54I8mj/JDVBuOUANmSnp7ZscHOxiZkBei0rmOCbFkKvxDTB86foL9LCyTmQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cyberus-technology.de; Received: from FR2P281MB2329.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:38::7) by FR2P281MB1543.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:90::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7452.50; Tue, 16 Apr 2024 12:36:39 +0000 Received: from FR2P281MB2329.DEUP281.PROD.OUTLOOK.COM ([fe80::cd58:a187:5d01:55f5]) by FR2P281MB2329.DEUP281.PROD.OUTLOOK.COM ([fe80::cd58:a187:5d01:55f5%6]) with mapi id 15.20.7452.049; Tue, 16 Apr 2024 12:36:39 +0000 From: Julian Stecklina To: Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" Cc: Thomas Prescher , Julian Stecklina , kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 2/2] KVM: nVMX: remove unnecessary CR4_READ_SHADOW write Date: Tue, 16 Apr 2024 14:35:57 +0200 Message-ID: <20240416123558.212040-2-julian.stecklina@cyberus-technology.de> X-Mailer: git-send-email 2.43.2 In-Reply-To: <20240416123558.212040-1-julian.stecklina@cyberus-technology.de> References: <20240416123558.212040-1-julian.stecklina@cyberus-technology.de> X-ClientProxiedBy: MA2P292CA0026.ESPP292.PROD.OUTLOOK.COM (2603:10a6:250::12) To FR2P281MB2329.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:38::7) Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: FR2P281MB2329:EE_|FR2P281MB1543:EE_ X-MS-Office365-Filtering-Correlation-Id: f4dee769-aa7d-4890-8267-08dc5e11dd0f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 1VWeVcC+YKjgl7oc98xwdalfxOseo7lIN32aet2FtEVs5eKpc1xrmw1jnn/L1OOFqhoQRXGgluGiVCH8supY5CP/aDtCLnSUeUeddlxuOtuUNypaf8ZiKVOJdCOHHa/iS5eBz990okYidl8kMOI44x8VaQu94+RvrkpTNzrwkzennMxWJE5q0jAf//ryNKVgwCVVDT7l98Z/cZOxe0zhWdQ7IHxCm79/lbdrc1LOut+J5+YrA51d19V2UHGvaWD1vHXwVlE7ljEeB4PMmZuj2WC84lypV0pn+JFc+gAd9bzMiErczKWEPvmvXotXJdQho6M4+/4ysjsdXcz11kH9OvGnd3aKy4ln8gaKIaqKYLkbkG6+2/DEU8+W3hCtKUDsN+7vmJPL948T9MFnkPlKmkVIrg40jqLRp1BiPMCtLq8V4usCBIOHI75wWYSoDfb6g3RdVne+wyyFm1JTYT1e5iTk7aSTcopfpblgbsGV5y6MztMPCGgWE9F8j7L02QkCvxb6kI1wT+l2Y5St3fWzHArqyjrZNjw43i9R1ZrlbdD0sQJJiBxAnAmgK4/EFwOyUNIobeCEGEFymwvjGqg3TTqaGn2x2V5YpJXfwMgW9CZKVkmsJ77+jn0v/DBKcJLO5oRziK2GH0MQeLnE7TKzGdwrI+Oy1OAJlpjdZ68lmW4Q6gXzXsvuxBvBf+U86IqL4s1p9YPTSZxE9WOscAFthmCNCaSTrsvgJkiDLFLMeBoB8hxwDcGO4mnx3R36gbePUQMe+CQKiEwRMjjye6HhTTJFSGSNytrQ0sFbyZbEsKdgQ0IOaZ8/rEU/zoiQJdeHcS6s7C3nYuDnfRs31MO9gSxQd9BtYmdQ8MCzKABz7rYpbqDDqNUw4y0QN3VMiq+npdiBJEKNTTcKT5FgE4PlLy9Dg4gkW/WCEXgu54B1eSXyoiJ1A0DVYjix0bQ51nZmpdLAjWnJ4WrTJRgk5lQ2q4SHul11QFfyrWY7SrtaUNcFe/Ng8/fwKug9FBoLNkFKoNKdVAhYLyhSvwjTsyEBtKaU0MnsRg1PK4noJkkWKUa7UgREW7j0PpL45xfa9ffOoU8tm9lzeWkO8DY0B/KocjdHuwnkLEw0DEjJPqN3YFbgiZQM70dkyc9vsW2uSN8x/FgyRVAjgglyYpPr9rKTK9pfnv/pMHWgEpL47VR7tU0Cnb/je0yGId3BK30jTVPIKY7Y3Otuk81vbQJTGCYIIjpE7RtdWy+/6pmqJScfW7omFOLU4dOfcq8HznJPPFbrGIz1yi++EiQT54Oo3TL4c+rDiTm657XYcPzmeqfyEbVM0M4pbo7hF44gJLXoA4I9oOR3zCoZcfMNEzNGFcTgVA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:FR2P281MB2329.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(7416005)(376005)(1800799015)(366007)(52116005)(38350700005);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 7qKqF0IADGO/IznKZXCMkvvC3Y4AcLA/EgfSS0DPQWnlZItl8iy7dPt4PLQZSyMsOCiprEB1iP/AM96csJXswDYE+lDIeWUd0jSuafev8gJRbl27b4nlnvriz2p7+yO/jIXw4s9zjkOsAHIchRWw7YXQxiLfsoVxMQw+09FxZA01oC5XYIYyNLhPJMqQ4Qicv2mihIfDNWfGK8gRCQdypKq2psoORRD7ntRo3zXU9aFZ99kgJb/KiWMDLvUjNWilUBT5rlwDVQ3q2AgpScZI2r+cX4CRoGcRuyD8QEKG/c92g/x3Rfz3i8ZIbwZBEqTN+GaSejeaOmhXfUNKrkQ8eZEG8tukMMBhgzrlX/u6O0/y+pL1J1+IOEQhJvq6c0bwRrAXq6JNr7PShXSR+0M2Sbcy1j6PKkvDzO/Us66AkfH0w5VMXcRPDgx/qR683OnQv2cGxmn2ZBBXfSaGa0BTVCPttddhHYzUhHn+lZj2b1VsAPc7IYNuuIO4ziivRy3hu04NN9In4oqZQ7cxT7aR7MM3RUD8xvvM5/A7k1wM3qkUfVdnCxwTWfcUPx9XCx5ugKSOe72bfZeLGhE08xTZkTht6T0N+7NOfGmzUpyLt36UR8ckex/JQRVlxEDUXo4N5lC3yaQkE8OEztj+PemlWl2DvrJrDSSRkrZ8/px9RXkJtuPRi+J3gHhzQ0/KLcBoczzomx06ukxBm3S+zl8UDkw8imniDPJGR5BkZfK1u1v4DksHfS2j4ek9wocELp9XkiCX5mITysRW8CXAVA0P2PKmtMR84Dfy+XkokG5g9WsuTHHFbE5PuN39tyC2Apblg+DZ0gnEQswFsKB9x933QVdMiEGGB4iVxULbI2oq5ws3qNkJ2OydmpdQSlEQ/FZdBXQvZCzhCQ9LNHwGLMrjjJndXjXyHAEu+Ca13Sts0Ig30SksBzrXj4xrXBwRcwZxSmXORYb25pHqPiclG4PHEaf+OXXSwqb9/6jTieDq0pPc7MADbbrSguufAYKdW5oqGiJF2mmEIDSeY0uqQnCEqNQonXKOMEj0B7ZNnhmonlgivGrjqOQNHzJiuhOtcz1ziW0wTL5UjvXSN8dIMyV2TcOTnSOVXtNgixXf91E3Q5FHX4yay9d0Mxo5r6RraEbQI62UoA86QqgCLGnQnpkvaLMndfM78TpkkGKkezLrYfGfH0ALoSi6Kiq5bgGqO1tc0stJ7/zxnEOr9MAP28+bez+PVh3enqZFcqa4guewlc757T0YQJLdby1bDhtXlWrKsNsxTKRwqo7A9xTNK63+b9No4mk58ontYajua/hwEHGm3AOE+jOK2nGRjHBHF5PwQTUa9Ap9ICL68ZeTfmhhNWYUiqinJ/a1BlJeS6NdBFBzM4hNwYBqEzmsbvNJ5MqA7mQK/p94ydIUROEwiU+jKfcTuiGEzuHUU1ClkLLZOGfyWWtHa6fbYC/nrL7Jd568/vkpdAL9rngPZ8uRlwVmYATsGMXahOPFQmklJjp4mo/LyOqnlYajHV4RP7IKXz3xtLDWyAyoOXx7TzZoRzgkPePS9huLDU43qUAG4G0xPTElepTZeoMwMyziYsJyu9KVc45Oge8SVX3Y6R16AHP8fvC9HTRbZtiITnt4i2H4DrU= X-OriginatorOrg: cyberus-technology.de X-MS-Exchange-CrossTenant-Network-Message-Id: f4dee769-aa7d-4890-8267-08dc5e11dd0f X-MS-Exchange-CrossTenant-AuthSource: FR2P281MB2329.DEUP281.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Apr 2024 12:36:39.8804 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f4e0f4e0-9d68-4bd6-a95b-0cba36dbac2e X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: /7UhVMmMGVk53/UTLYCOyASftyk+feDu5rUB4BGJXhyvJsQlXuLNKV5g7uuUNUzgXSBWKmjnwfQeTKtm8b4ot9osGUdSxHAS0Iytc8UYy5n6piYQVjXpHp3LLfvF0Nng X-MS-Exchange-Transport-CrossTenantHeadersStamped: FR2P281MB1543 From: Thomas Prescher This explicit change of CR4_READ_SHADOW is no longer necessary because it is now handled in vmx_set_cr4. Signed-off-by: Julian Stecklina Signed-off-by: Thomas Prescher --- arch/x86/kvm/vmx/nested.c | 1 - 1 file changed, 1 deletion(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index d05ddf751491..e191bf5d4831 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -2639,7 +2639,6 @@ static int prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12, vmcs_writel(CR0_READ_SHADOW, nested_read_cr0(vmcs12)); vmx_set_cr4(vcpu, vmcs12->guest_cr4); - vmcs_writel(CR4_READ_SHADOW, nested_read_cr4(vmcs12)); vcpu->arch.efer = nested_vmx_calc_efer(vmx, vmcs12); /* Note: may modify VM_ENTRY/EXIT_CONTROLS and GUEST/HOST_IA32_EFER */