mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2025-01-05 13:24:23 +08:00
fa578398a0
If a nested run isn't pending, snapshot vmcs01.GUEST_BNDCFGS irrespective
of whether or not VM_ENTRY_LOAD_BNDCFGS is set in vmcs12. When restoring
nested state, e.g. after migration, without a nested run pending,
prepare_vmcs02() will propagate nested.vmcs01_guest_bndcfgs to vmcs02,
i.e. will load garbage/zeros into vmcs02.GUEST_BNDCFGS.
If userspace restores nested state before MSRs, then loading garbage is a
non-issue as loading BNDCFGS will also update vmcs02. But if usersepace
restores MSRs first, then KVM is responsible for propagating L2's value,
which is actually thrown into vmcs01, into vmcs02.
Restoring L2 MSRs into vmcs01, i.e. loading all MSRs before nested state
is all kinds of bizarre and ideally would not be supported. Sadly, some
VMMs do exactly that and rely on KVM to make things work.
Note, there's still a lurking SMM bug, as propagating vmcs01.GUEST_BNDFGS
to vmcs02 across RSM may corrupt L2's BNDCFGS. But KVM's entire VMX+SMM
emulation is flawed as SMI+RSM should not toouch _any_ VMCS when use the
"default treatment of SMIs", i.e. when not using an SMI Transfer Monitor.
Link: https://lore.kernel.org/all/Yobt1XwOfb5M6Dfa@google.com
Fixes:
|
||
|---|---|---|
| .. | ||
| mmu | ||
| svm | ||
| vmx | ||
| cpuid.c | ||
| cpuid.h | ||
| debugfs.c | ||
| emulate.c | ||
| fpu.h | ||
| hyperv.c | ||
| hyperv.h | ||
| i8254.c | ||
| i8254.h | ||
| i8259.c | ||
| ioapic.c | ||
| ioapic.h | ||
| irq_comm.c | ||
| irq.c | ||
| irq.h | ||
| Kconfig | ||
| kvm_cache_regs.h | ||
| kvm_emulate.h | ||
| kvm_onhyperv.c | ||
| kvm_onhyperv.h | ||
| lapic.c | ||
| lapic.h | ||
| Makefile | ||
| mmu.h | ||
| mtrr.c | ||
| pmu.c | ||
| pmu.h | ||
| reverse_cpuid.h | ||
| trace.h | ||
| tss.h | ||
| x86.c | ||
| x86.h | ||
| xen.c | ||
| xen.h | ||