From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Google-Smtp-Source: ACJfBouJflVUEnwJn/y/FJNRmW8Xt339qoWJDSPTa72Vgb4EB/Yie13ArnPAGAorGBx6h+pYzHZ1 ARC-Seal: i=1; a=rsa-sha256; t=1514816733; cv=none; d=google.com; s=arc-20160816; b=onpDCmaTAJesPXoAK7C+xaW8Z9u99Ppd5jbM5Am98KaP5lwS01d3luZtG2c3ryCFoj c1dlWnk+jm2zkLJr57j6BcBIWvjSzGyOLvUvpsIK1nWZWW3hfJEzGrvm6M6Rju71eTc4 vFEf72RQVEg4i8M51OYbjFx2TAdgE2uD382wTV3bilTPbBHebsOZteh0Al7yx1/NgMYL 1c4LJiuRTZZXZ9hpMOBXlzzSdvXUSVk7V0tHUnSORxBLkwa0Zs8WUQU4EK5hV3r08eX+ xPocMNJ7zXHSfjak1c05rGgS4nMzw3Gjikc8pxOik5jQriTvMR0QaUd9oD+DHiKzyQau AsBw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:user-agent:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=R4OtIn4HtUxpI0wUddsN6QAqr6V/nKdL+yQjmRmBUy4=; b=OzN4cLN/fj6a3BBa2iFMah2/me9vIX6EmWP6nxB1RqPJ0H5plPxtGC8tAeC9ac6wlG V1E11vuUonlnd7LYp0c3lsaBit/g9kw/PGunn7P0zQk9IuM+EY4tNjh97xyNnz/DDlGH rMccqbcOYjUAV8Rqv5PfoL40cC828xvgeeNfbKlUl7F87Agepiwm8lKdSDEDPxdwnBC9 aJY8CdfWcEf4Y6D4bdjg3sJbKi63g09LzgpWEz2mekYlWCNsGM8JoFE4WNQt71aIKMUs OZQeuEiNYFYzEK5JskD+Nh+JiSQJg9UZTDJLPu9e0MZ8CIPHKcfIfsUiqIFclzPrXDkY 6Bjw== ARC-Authentication-Results: i=1; mx.google.com; spf=softfail (google.com: domain of transitioning gregkh@linuxfoundation.org does not designate 90.92.71.90 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning gregkh@linuxfoundation.org does not designate 90.92.71.90 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jim Mattson , David Hildenbrand , Quan Xu , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Wanpeng Li Subject: [PATCH 4.4 11/63] KVM: X86: Fix load RFLAGS w/o the fixed bit Date: Mon, 1 Jan 2018 15:24:29 +0100 Message-Id: <20180101140044.283882282@linuxfoundation.org> X-Mailer: git-send-email 2.15.1 In-Reply-To: <20180101140042.456380281@linuxfoundation.org> References: <20180101140042.456380281@linuxfoundation.org> User-Agent: quilt/0.65 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-LABELS: =?utf-8?b?IlxcU2VudCI=?= X-GMAIL-THRID: =?utf-8?q?1588400471813179302?= X-GMAIL-MSGID: =?utf-8?q?1588400471813179302?= X-Mailing-List: linux-kernel@vger.kernel.org List-ID: 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Wanpeng Li commit d73235d17ba63b53dc0e1051dbc10a1f1be91b71 upstream. *** Guest State *** CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 CR3 = 0x00000000fffbc000 RSP = 0x0000000000000000 RIP = 0x0000000000000000 RFLAGS=0x00000000 DR7 = 0x0000000000000400 ^^^^^^^^^^ The failed vmentry is triggered by the following testcase when ept=Y: #include #include #include #include #include #include #include long r[5]; int main() { r[2] = open("/dev/kvm", O_RDONLY); r[3] = ioctl(r[2], KVM_CREATE_VM, 0); r[4] = ioctl(r[3], KVM_CREATE_VCPU, 7); struct kvm_regs regs = { .rflags = 0, }; ioctl(r[4], KVM_SET_REGS, ®s); ioctl(r[4], KVM_RUN, 0); } X86 RFLAGS bit 1 is fixed set, userspace can simply clearing bit 1 of RFLAGS with KVM_SET_REGS ioctl which results in vmentry fails. This patch fixes it by oring X86_EFLAGS_FIXED during ioctl. Suggested-by: Jim Mattson Reviewed-by: David Hildenbrand Reviewed-by: Quan Xu Cc: Paolo Bonzini Cc: Radim Krčmář Cc: Jim Mattson Signed-off-by: Wanpeng Li Signed-off-by: Paolo Bonzini Signed-off-by: Greg Kroah-Hartman --- arch/x86/kvm/x86.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -6941,7 +6941,7 @@ int kvm_arch_vcpu_ioctl_set_regs(struct #endif kvm_rip_write(vcpu, regs->rip); - kvm_set_rflags(vcpu, regs->rflags); + kvm_set_rflags(vcpu, regs->rflags | X86_EFLAGS_FIXED); vcpu->arch.exception.pending = false;