Fix (mostly benign) bugs in SVM where KVM treats exit codes as 32-bit values instead of 64-bit values.
The most dangerous aspect of the mess is that simply fixing KVM would likely break KVM-on-KVM setups if only L1 is patched. To try and avoid such breakage while also fixing KVM, I opted to have KVM retain its checks on only bits 31:0 if KVM is running as a VM (as detected by X86_FEATURE_HYPERVISOR). v2: - Drop the nSVM #VMEXIT fixes (already merged). - Collect reviews. [Yosry] - Fix inverted svm_is_vmrun_failure() check. [Yosry] - Use __print_symbolic_u64() and __print_flags_u64() in tracepoints. [Test Bot] - Track exit_code as a u64 in KVM selftests. - Make HV_SVM_EXITCODE_ENL an ull like everything else. [Michael] - Add a compile-time assertion to verify HV_SVM_EXITCODE_ENL == SVM_EXIT_SW. v1: https://lore.kernel.org/all/[email protected] Sean Christopherson (8): KVM: SVM: Add a helper to detect VMRUN failures KVM: SVM: Open code handling of unexpected exits in svm_invoke_exit_handler() KVM: SVM: Check for an unexpected VM-Exit after RETPOLINE "fast" handling KVM: SVM: Filter out 64-bit exit codes when invoking exit handlers on bare metal KVM: SVM: Treat exit_code as an unsigned 64-bit value through all of KVM KVM: SVM: Limit incorrect check on SVM_EXIT_ERR to running as a VM KVM: SVM: Harden exit_code against being used in Spectre-like attacks KVM: SVM: Assert that Hyper-V's HV_SVM_EXITCODE_ENL == SVM_EXIT_SW arch/x86/include/asm/svm.h | 3 +- arch/x86/include/uapi/asm/svm.h | 32 ++++++------ arch/x86/kvm/svm/hyperv.c | 7 ++- arch/x86/kvm/svm/nested.c | 29 ++++------- arch/x86/kvm/svm/sev.c | 36 +++++-------- arch/x86/kvm/svm/svm.c | 51 +++++++++++-------- arch/x86/kvm/svm/svm.h | 12 +++-- arch/x86/kvm/trace.h | 6 +-- include/hyperv/hvgdk.h | 2 +- tools/testing/selftests/kvm/include/x86/svm.h | 3 +- .../kvm/x86/svm_nested_soft_inject_test.c | 4 +- 11 files changed, 90 insertions(+), 95 deletions(-) base-commit: 9448598b22c50c8a5bb77a9103e2d49f134c9578 -- 2.52.0.351.gbe84eed79e-goog
