X-Git-Url: https://git.proxmox.com/?p=pve-kernel.git;a=blobdiff_plain;f=patches%2Fkernel%2F0015-KVM-x86-SVM-don-t-save-SVM-state-to-SMRAM-when-VM-is.patch;fp=patches%2Fkernel%2F0015-KVM-x86-SVM-don-t-save-SVM-state-to-SMRAM-when-VM-is.patch;h=fedb9bdadc4632a3b75fb084122a76b9cbe1fe93;hp=0000000000000000000000000000000000000000;hb=12247ad0df0f583b7811a4afe2c90756be3d342b;hpb=00d66e9633d596709f13c3153534014cc2b02aa7 diff --git a/patches/kernel/0015-KVM-x86-SVM-don-t-save-SVM-state-to-SMRAM-when-VM-is.patch b/patches/kernel/0015-KVM-x86-SVM-don-t-save-SVM-state-to-SMRAM-when-VM-is.patch new file mode 100644 index 0000000..fedb9bd --- /dev/null +++ b/patches/kernel/0015-KVM-x86-SVM-don-t-save-SVM-state-to-SMRAM-when-VM-is.patch @@ -0,0 +1,40 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Maxim Levitsky +Date: Wed, 3 Aug 2022 18:50:10 +0300 +Subject: [PATCH] KVM: x86: SVM: don't save SVM state to SMRAM when VM is not + long mode capable + +When the guest CPUID doesn't have support for long mode, 32 bit SMRAM +layout is used and it has no support for preserving EFER and/or SVM +state. + +Note that this isn't relevant to running 32 bit guests on VM which is +long mode capable - such VM can still run 32 bit guests in compatibility +mode. + +Signed-off-by: Maxim Levitsky +Signed-off-by: Thomas Lamprecht +--- + arch/x86/kvm/svm/svm.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c +index bfacbef667d7..6b02f99fe70c 100644 +--- a/arch/x86/kvm/svm/svm.c ++++ b/arch/x86/kvm/svm/svm.c +@@ -4394,6 +4394,15 @@ static int svm_enter_smm(struct kvm_vcpu *vcpu, union kvm_smram *smram) + if (!is_guest_mode(vcpu)) + return 0; + ++ /* ++ * 32 bit SMRAM format doesn't preserve EFER and SVM state. ++ * SVM should not be enabled by the userspace without marking ++ * the CPU as at least long mode capable. ++ */ ++ ++ if (!guest_cpuid_has(vcpu, X86_FEATURE_LM)) ++ return 1; ++ + smram->smram64.svm_guest_flag = 1; + smram->smram64.svm_guest_vmcb_gpa = svm->nested.vmcb12_gpa; +