releases/5.10.50/kvm-nvmx-ensure-64-bit-shift-when-checking-vmfunc-bi.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 44486ee666011f231fd660aee04c1054ab3f71dc Mon Sep 17 00:00:00 2001
 From: Sasha Levin <sashal@kernel.org>
 Date: Wed, 9 Jun 2021 16:42:22 -0700
 Subject: KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap

 From: Sean Christopherson <seanjc@google.com>

 [ Upstream commit 0e75225dfa4c5d5d51291f54a3d2d5895bad38da ]

 Use BIT_ULL() instead of an open-coded shift to check whether or not a
 function is enabled in L1's VMFUNC bitmap.  This is a benign bug as KVM
 supports only bit 0, and will fail VM-Enter if any other bits are set,
 i.e. bits 63:32 are guaranteed to be zero.

 Note, "function" is bounded by hardware as VMFUNC will #UD before taking
 a VM-Exit if the function is greater than 63.

 Before:
   if ((vmcs12->vm_function_control & (1 << function)) == 0)
    0x000000000001a916 <+118>:	mov    $0x1,%eax
    0x000000000001a91b <+123>:	shl    %cl,%eax
    0x000000000001a91d <+125>:	cltq
    0x000000000001a91f <+127>:	and    0x128(%rbx),%rax

 After:
   if (!(vmcs12->vm_function_control & BIT_ULL(function & 63)))
    0x000000000001a955 <+117>:	mov    0x128(%rbx),%rdx
    0x000000000001a95c <+124>:	bt     %rax,%rdx

 Fixes: 27c42a1bb867 ("KVM: nVMX: Enable VMFUNC for the L1 hypervisor")
 Signed-off-by: Sean Christopherson <seanjc@google.com>
 Message-Id: <20210609234235.1244004-3-seanjc@google.com>
 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
 Signed-off-by: Sasha Levin <sashal@kernel.org>
 ---
  arch/x86/kvm/vmx/nested.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

 diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
 index 4cd998bb1f0a..8f1319b7d3bd 100644
 --- a/arch/x86/kvm/vmx/nested.c
 +++ b/arch/x86/kvm/vmx/nested.c
 @@ -5536,7 +5536,7 @@ static int handle_vmfunc(struct kvm_vcpu *vcpu)
  	}

  	vmcs12 = get_vmcs12(vcpu);
 -	if ((vmcs12->vm_function_control & (1 << function)) == 0)
 +	if (!(vmcs12->vm_function_control & BIT_ULL(function)))
  		goto fail;

  	switch (function) {
 --
 2.30.2
	From 44486ee666011f231fd660aee04c1054ab3f71dc Mon Sep 17 00:00:00 2001
	From: Sasha Levin <sashal@kernel.org>
	Date: Wed, 9 Jun 2021 16:42:22 -0700
	Subject: KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap

	From: Sean Christopherson <seanjc@google.com>

	[ Upstream commit 0e75225dfa4c5d5d51291f54a3d2d5895bad38da ]

	Use BIT_ULL() instead of an open-coded shift to check whether or not a
	function is enabled in L1's VMFUNC bitmap. This is a benign bug as KVM
	supports only bit 0, and will fail VM-Enter if any other bits are set,
	i.e. bits 63:32 are guaranteed to be zero.

	Note, "function" is bounded by hardware as VMFUNC will #UD before taking
	a VM-Exit if the function is greater than 63.

	Before:
	if ((vmcs12->vm_function_control & (1 << function)) == 0)
	0x000000000001a916 <+118>: mov $0x1,%eax
	0x000000000001a91b <+123>: shl %cl,%eax
	0x000000000001a91d <+125>: cltq
	0x000000000001a91f <+127>: and 0x128(%rbx),%rax

	After:
	if (!(vmcs12->vm_function_control & BIT_ULL(function & 63)))
	0x000000000001a955 <+117>: mov 0x128(%rbx),%rdx
	0x000000000001a95c <+124>: bt %rax,%rdx

	Fixes: 27c42a1bb867 ("KVM: nVMX: Enable VMFUNC for the L1 hypervisor")
	Signed-off-by: Sean Christopherson <seanjc@google.com>
	Message-Id: <20210609234235.1244004-3-seanjc@google.com>
	Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
	Signed-off-by: Sasha Levin <sashal@kernel.org>
	---
	arch/x86/kvm/vmx/nested.c \| 2 +-
	1 file changed, 1 insertion(+), 1 deletion(-)

	diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
	index 4cd998bb1f0a..8f1319b7d3bd 100644
	--- a/arch/x86/kvm/vmx/nested.c
	+++ b/arch/x86/kvm/vmx/nested.c
	@@ -5536,7 +5536,7 @@ static int handle_vmfunc(struct kvm_vcpu *vcpu)
	}

	vmcs12 = get_vmcs12(vcpu);
	- if ((vmcs12->vm_function_control & (1 << function)) == 0)
	+ if (!(vmcs12->vm_function_control & BIT_ULL(function)))
	goto fail;

	switch (function) {
	--
	2.30.2