From 05c1f60f8913dd85d611170228e65b5fb33c15db Mon Sep 17 00:00:00 2001 From: Jeremy Cline Date: Mon, 7 May 2018 15:31:40 -0400 Subject: Backport fix for KVM on core 2 processors (rhbz 1566258) --- ...exec-controls-for-UMIP-iff-emulating-UMIP.patch | 84 ++++++++++++++++++++++ kernel.spec | 6 ++ 2 files changed, 90 insertions(+) create mode 100644 KVM-vmx-update-sec-exec-controls-for-UMIP-iff-emulating-UMIP.patch diff --git a/KVM-vmx-update-sec-exec-controls-for-UMIP-iff-emulating-UMIP.patch b/KVM-vmx-update-sec-exec-controls-for-UMIP-iff-emulating-UMIP.patch new file mode 100644 index 000000000..04ce255d2 --- /dev/null +++ b/KVM-vmx-update-sec-exec-controls-for-UMIP-iff-emulating-UMIP.patch @@ -0,0 +1,84 @@ +From f96625ad37248a2fb2616f39ee8dff3ebcab3247 Mon Sep 17 00:00:00 2001 +From: Sean Christopherson +Date: Mon, 30 Apr 2018 10:01:06 -0700 +Subject: [PATCH] KVM: vmx: update sec exec controls for UMIP iff emulating + UMIP +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Update SECONDARY_EXEC_DESC for UMIP emulation if and only UMIP +is actually being emulated. Skipping the VMCS update eliminates +unnecessary VMREAD/VMWRITE when UMIP is supported in hardware, +and on platforms that don't have SECONDARY_VM_EXEC_CONTROL. The +latter case resolves a bug where KVM would fill the kernel log +with warnings due to failed VMWRITEs on older platforms. + +Fixes: 0367f205a3b7 ("KVM: vmx: add support for emulating UMIP") +Cc: stable@vger.kernel.org #4.16 +Reported-by: Paolo Zeppegno +Suggested-by: Paolo Bonzini +Suggested-by: Radim Krčmář +Signed-off-by: Sean Christopherson +Signed-off-by: Jeremy Cline +--- + arch/x86/kvm/vmx.c | 28 +++++++++++++++------------- + 1 file changed, 15 insertions(+), 13 deletions(-) + +diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c +index 657c93409042..4861811438ff 100644 +--- a/arch/x86/kvm/vmx.c ++++ b/arch/x86/kvm/vmx.c +@@ -1314,6 +1314,12 @@ static inline bool cpu_has_vmx_vmfunc(void) + SECONDARY_EXEC_ENABLE_VMFUNC; + } + ++static bool vmx_umip_emulated(void) ++{ ++ return vmcs_config.cpu_based_2nd_exec_ctrl & ++ SECONDARY_EXEC_DESC; ++} ++ + static inline bool report_flexpriority(void) + { + return flexpriority_enabled; +@@ -4494,14 +4500,16 @@ static int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) + (to_vmx(vcpu)->rmode.vm86_active ? + KVM_RMODE_VM_CR4_ALWAYS_ON : KVM_PMODE_VM_CR4_ALWAYS_ON); + +- if ((cr4 & X86_CR4_UMIP) && !boot_cpu_has(X86_FEATURE_UMIP)) { +- vmcs_set_bits(SECONDARY_VM_EXEC_CONTROL, +- SECONDARY_EXEC_DESC); +- hw_cr4 &= ~X86_CR4_UMIP; +- } else if (!is_guest_mode(vcpu) || +- !nested_cpu_has2(get_vmcs12(vcpu), SECONDARY_EXEC_DESC)) +- vmcs_clear_bits(SECONDARY_VM_EXEC_CONTROL, ++ if (!boot_cpu_has(X86_FEATURE_UMIP) && vmx_umip_emulated()) { ++ if (cr4 & X86_CR4_UMIP) { ++ vmcs_set_bits(SECONDARY_VM_EXEC_CONTROL, + SECONDARY_EXEC_DESC); ++ hw_cr4 &= ~X86_CR4_UMIP; ++ } else if (!is_guest_mode(vcpu) || ++ !nested_cpu_has2(get_vmcs12(vcpu), SECONDARY_EXEC_DESC)) ++ vmcs_clear_bits(SECONDARY_VM_EXEC_CONTROL, ++ SECONDARY_EXEC_DESC); ++ } + + if (cr4 & X86_CR4_VMXE) { + /* +@@ -9243,12 +9251,6 @@ static bool vmx_xsaves_supported(void) + SECONDARY_EXEC_XSAVES; + } + +-static bool vmx_umip_emulated(void) +-{ +- return vmcs_config.cpu_based_2nd_exec_ctrl & +- SECONDARY_EXEC_DESC; +-} +- + static void vmx_recover_nmi_blocking(struct vcpu_vmx *vmx) + { + u32 exit_intr_info; +-- +2.17.0 + diff --git a/kernel.spec b/kernel.spec index 8195d1573..b98464d31 100644 --- a/kernel.spec +++ b/kernel.spec @@ -674,6 +674,9 @@ Patch510: 0001-xfs-enhance-dinode-verifier.patch # CVE-2018-10323 rhbz 1571627 1571630 Patch511: 0001-xfs-set-format-back-to-extents-if-xfs_bmap_extents_t.patch +# rhbz 1566258 +Patch512: KVM-vmx-update-sec-exec-controls-for-UMIP-iff-emulating-UMIP.patch + # END OF PATCH DEFINITIONS %endif @@ -1927,6 +1930,9 @@ fi # # %changelog +* Mon May 07 2018 Jeremy Cline +- Fix issue with KVM on older Core 2 processors (rhbz 1566258) + * Sat May 5 2018 Peter Robinson - ARM and Raspberry Pi fixes - Fix USB-2 on Tegra devices -- cgit