From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gregkh@linuxfoundation.org>
X-Google-Smtp-Source: ACJfBot4HYKUTV111BH/RHE5ubII1tCdomUjp/m6OdZqs+dRtyU1j5SoOSp9+bzgiPxKPgZd9fay
ARC-Seal: i=1; a=rsa-sha256; t=1514816628; cv=none;
        d=google.com; s=arc-20160816;
        b=VDShwzBLY7s5GOYPIqte9iEMyXVhhiS6IxvGyKPQksxwopVEcQnAmibSUXJ3MkMovJ
         u2VQw+9bNs0iHPfCO5OfifJHmXLmC/Fzd0qP7lH29jMJXC3duvSePpAfaqjRSUBsD0si
         kqLdD3OmRvUrnVZVisOvWQhzDYtdcZ1Lpuh9tluv5PyY4Bn0G7+e77enBHBkxRSOw+Ly
         eDosVCSdVaQnYZq5fHZEG5q6MobZN5dR6moPYbuwnxGOsLrb8OUcWXIA/ztD5ZlTLcUf
         vRlTJehCev79RAYZEp5K2OmzhX+VzVGiSg0dh4B5sKd9O+aLv/tGgdr/M/gjUosFA4+t
         7p/g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=mime-version:user-agent:references:in-reply-to:message-id:date
         :subject:cc:to:from:arc-authentication-results;
        bh=wbufB6u3NcfoI5VIu2cNFv7vUngjP2xazEz7ZGAq7Ak=;
        b=RzEYRY4x5VrHhkmigTzAiqr/jc8V7aDVqE8tZBOfYmBi/Rm8UyyjiHwJaM7b28ni+4
         2iMq1BiIiT0iDtH9UMJa7pOcQ96CRZJhunlzkcXBmn3WB1jyq9JGWxM4BrkqLBFSy+3L
         gs2S6AeFn0mNU46TCUlRSFB7CISJPhcnGJp/9mxx3w9YSMgo3EhsiFbN5/O2ef3/LraU
         aF2bpTaYrjyJ9XU0sEFqO5umCDIX6yDijI17KXv61VPFk6LJIL+tZTMJSp9qFI8ROpwO
         0YUDsg3Rwn6qA4H9cl59zKj5KSGj/97B+8Rm2+roZWbtVmx5UOVf9Z373VqJlnuDLyGy
         0EEQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=softfail (google.com: domain of transitioning gregkh@linuxfoundation.org does not designate 90.92.71.90 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org
Authentication-Results: mx.google.com;
       spf=softfail (google.com: domain of transitioning gregkh@linuxfoundation.org does not designate 90.92.71.90 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org,
	Jim Mattson <jmattson@google.com>,
	David Hildenbrand <david@redhat.com>,
	Quan Xu <quan.xu0@gmail.com>,
	Paolo Bonzini <pbonzini@redhat.com>,
	=?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com>,
	Wanpeng Li <wanpeng.li@hotmail.com>
Subject: [PATCH 3.18 09/32] KVM: X86: Fix load RFLAGS w/o the fixed bit
Date: Mon,  1 Jan 2018 15:22:16 +0100
Message-Id: <20180101140014.558022139@linuxfoundation.org>
X-Mailer: git-send-email 2.15.1
In-Reply-To: <20180101140012.582300879@linuxfoundation.org>
References: <20180101140012.582300879@linuxfoundation.org>
User-Agent: quilt/0.65
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-LABELS: =?utf-8?b?IlxcU2VudCI=?=
X-GMAIL-THRID: =?utf-8?q?1588400360316762193?=
X-GMAIL-MSGID: =?utf-8?q?1588400360316762193?=
X-Mailing-List: linux-kernel@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Wanpeng Li <wanpeng.li@hotmail.com>

commit d73235d17ba63b53dc0e1051dbc10a1f1be91b71 upstream.

 *** Guest State ***
 CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
 CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
 CR3 = 0x00000000fffbc000
 RSP = 0x0000000000000000  RIP = 0x0000000000000000
 RFLAGS=0x00000000         DR7 = 0x0000000000000400
        ^^^^^^^^^^

The failed vmentry is triggered by the following testcase when ept=Y:

    #include <unistd.h>
    #include <sys/syscall.h>
    #include <string.h>
    #include <stdint.h>
    #include <linux/kvm.h>
    #include <fcntl.h>
    #include <sys/ioctl.h>

    long r[5];
    int main()
    {
    	r[2] = open("/dev/kvm", O_RDONLY);
    	r[3] = ioctl(r[2], KVM_CREATE_VM, 0);
    	r[4] = ioctl(r[3], KVM_CREATE_VCPU, 7);
    	struct kvm_regs regs = {
    		.rflags = 0,
    	};
    	ioctl(r[4], KVM_SET_REGS, &regs);
    	ioctl(r[4], KVM_RUN, 0);
    }

X86 RFLAGS bit 1 is fixed set, userspace can simply clearing bit 1
of RFLAGS with KVM_SET_REGS ioctl which results in vmentry fails.
This patch fixes it by oring X86_EFLAGS_FIXED during ioctl.

Suggested-by: Jim Mattson <jmattson@google.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Quan Xu <quan.xu0@gmail.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: Jim Mattson <jmattson@google.com>
Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/kvm/x86.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -6644,7 +6644,7 @@ int kvm_arch_vcpu_ioctl_set_regs(struct
 #endif
 
 	kvm_rip_write(vcpu, regs->rip);
-	kvm_set_rflags(vcpu, regs->rflags);
+	kvm_set_rflags(vcpu, regs->rflags | X86_EFLAGS_FIXED);
 
 	vcpu->arch.exception.pending = false;