[pve-kernel.git] / patches / kernel / 0015-KVM-x86-do-not-report-preemption-if-the-steal-time-c.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Thu, 4 Aug 2022 15:28:32 +0200
Subject: [PATCH] KVM: x86: do not report preemption if the steal time cache is
 stale

commit c3c28d24d910a746b02f496d190e0e8c6560224b upstream.

Commit 7e2175ebd695 ("KVM: x86: Fix recording of guest steal time
/ preempted status", 2021-11-11) open coded the previous call to
kvm_map_gfn, but in doing so it dropped the comparison between the cached
guest physical address and the one in the MSR.  This cause an incorrect
cache hit if the guest modifies the steal time address while the memslots
remain the same.  This can happen with kexec, in which case the preempted
bit is written at the address used by the old kernel instead of
the old one.

Cc: David Woodhouse <dwmw@amazon.co.uk>
Cc: stable@vger.kernel.org
Fixes: 7e2175ebd695 ("KVM: x86: Fix recording of guest steal time / preempted status")
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 arch/x86/kvm/x86.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index a99eec435652..a088f5e76966 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -4603,6 +4603,7 @@ static void kvm_steal_time_set_preempted(struct kvm_vcpu *vcpu)
 	struct kvm_steal_time __user *st;
 	struct kvm_memslots *slots;
 	static const u8 preempted = KVM_VCPU_PREEMPTED;
+	gpa_t gpa = vcpu->arch.st.msr_val & KVM_STEAL_VALID_BITS;
 
 	if (!(vcpu->arch.st.msr_val & KVM_MSR_ENABLED))
 		return;
@@ -4617,6 +4618,7 @@ static void kvm_steal_time_set_preempted(struct kvm_vcpu *vcpu)
 	slots = kvm_memslots(vcpu->kvm);
 
 	if (unlikely(slots->generation != ghc->generation ||
+		     gpa != ghc->gpa ||
 		     kvm_is_error_hva(ghc->hva) || !ghc->memslot))
 		return;
Commit	Line	Data
bb7155fd TL	1	From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
	2	From: Paolo Bonzini <pbonzini@redhat.com>
	3	Date: Thu, 4 Aug 2022 15:28:32 +0200
	4	Subject: [PATCH] KVM: x86: do not report preemption if the steal time cache is
	5	stale
	6
	7	commit c3c28d24d910a746b02f496d190e0e8c6560224b upstream.
	8
	9	Commit 7e2175ebd695 ("KVM: x86: Fix recording of guest steal time
	10	/ preempted status", 2021-11-11) open coded the previous call to
	11	kvm_map_gfn, but in doing so it dropped the comparison between the cached
	12	guest physical address and the one in the MSR. This cause an incorrect
	13	cache hit if the guest modifies the steal time address while the memslots
	14	remain the same. This can happen with kexec, in which case the preempted
	15	bit is written at the address used by the old kernel instead of
	16	the old one.
	17
	18	Cc: David Woodhouse <dwmw@amazon.co.uk>
	19	Cc: stable@vger.kernel.org
	20	Fixes: 7e2175ebd695 ("KVM: x86: Fix recording of guest steal time / preempted status")
	21	Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
	22	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	23	Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
	24	---
	25	arch/x86/kvm/x86.c \| 2 ++
	26	1 file changed, 2 insertions(+)
	27
	28	diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
3ae8384f	29	index a99eec435652..a088f5e76966 100644
bb7155fd TL	30	--- a/arch/x86/kvm/x86.c
bb7155fd TL	31	+++ b/arch/x86/kvm/x86.c
3ae8384f	32	@@ -4603,6 +4603,7 @@ static void kvm_steal_time_set_preempted(struct kvm_vcpu *vcpu)
bb7155fd TL	33	struct kvm_steal_time __user *st;
	34	struct kvm_memslots *slots;
	35	static const u8 preempted = KVM_VCPU_PREEMPTED;
	36	+ gpa_t gpa = vcpu->arch.st.msr_val & KVM_STEAL_VALID_BITS;
	37
	38	if (!(vcpu->arch.st.msr_val & KVM_MSR_ENABLED))
	39	return;
3ae8384f	40	@@ -4617,6 +4618,7 @@ static void kvm_steal_time_set_preempted(struct kvm_vcpu *vcpu)
bb7155fd TL	41	slots = kvm_memslots(vcpu->kvm);
	42
	43	if (unlikely(slots->generation != ghc->generation \|\|
	44	+ gpa != ghc->gpa \|\|
	45	kvm_is_error_hva(ghc->hva) \|\| !ghc->memslot))
	46	return;
	47