releases/4.16.17/kvm-apic-flush-tlb-after-apic-mode-address-change-if-vpids-are-in-use.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From foo@baz Sun Jun 17 12:07:33 CEST 2018
 From: Junaid Shahid <junaids@google.com>
 Date: Thu, 26 Apr 2018 13:09:50 -0700
 Subject: kvm: apic: Flush TLB after APIC mode/address change if VPIDs are in use

 From: Junaid Shahid <junaids@google.com>

 [ Upstream commit a468f2dbf921d02f5107378501693137a812999b ]

 Currently, KVM flushes the TLB after a change to the APIC access page
 address or the APIC mode when EPT mode is enabled. However, even in
 shadow paging mode, a TLB flush is needed if VPIDs are being used, as
 specified in the Intel SDM Section 29.4.5.

 So replace vmx_flush_tlb_ept_only() with vmx_flush_tlb(), which will
 flush if either EPT or VPIDs are in use.

 Signed-off-by: Junaid Shahid <junaids@google.com>
 Reviewed-by: Jim Mattson <jmattson@google.com>
 Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
 Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 ---
  arch/x86/kvm/vmx.c |   14 ++++----------
  1 file changed, 4 insertions(+), 10 deletions(-)

 --- a/arch/x86/kvm/vmx.c
 +++ b/arch/x86/kvm/vmx.c
 @@ -4272,12 +4272,6 @@ static void vmx_flush_tlb(struct kvm_vcp
  	__vmx_flush_tlb(vcpu, to_vmx(vcpu)->vpid, invalidate_gpa);
  }

 -static void vmx_flush_tlb_ept_only(struct kvm_vcpu *vcpu)
 -{
 -	if (enable_ept)
 -		vmx_flush_tlb(vcpu, true);
 -}
 -
  static void vmx_decache_cr0_guest_bits(struct kvm_vcpu *vcpu)
  {
  	ulong cr0_guest_owned_bits = vcpu->arch.cr0_guest_owned_bits;
 @@ -9030,7 +9024,7 @@ static void vmx_set_virtual_x2apic_mode(
  	} else {
  		sec_exec_control &= ~SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE;
  		sec_exec_control |= SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES;
 -		vmx_flush_tlb_ept_only(vcpu);
 +		vmx_flush_tlb(vcpu, true);
  	}
  	vmcs_write32(SECONDARY_VM_EXEC_CONTROL, sec_exec_control);

 @@ -9058,7 +9052,7 @@ static void vmx_set_apic_access_page_add
  	    !nested_cpu_has2(get_vmcs12(&vmx->vcpu),
  			     SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES)) {
  		vmcs_write64(APIC_ACCESS_ADDR, hpa);
 -		vmx_flush_tlb_ept_only(vcpu);
 +		vmx_flush_tlb(vcpu, true);
  	}
  }

 @@ -10950,7 +10944,7 @@ static int prepare_vmcs02(struct kvm_vcp
  		}
  	} else if (nested_cpu_has2(vmcs12,
  				   SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES)) {
 -		vmx_flush_tlb_ept_only(vcpu);
 +		vmx_flush_tlb(vcpu, true);
  	}

  	/*
 @@ -11777,7 +11771,7 @@ static void nested_vmx_vmexit(struct kvm
  	} else if (!nested_cpu_has_ept(vmcs12) &&
  		   nested_cpu_has2(vmcs12,
  				   SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES)) {
 -		vmx_flush_tlb_ept_only(vcpu);
 +		vmx_flush_tlb(vcpu, true);
  	}

  	/* This is needed for same reason as it was needed in prepare_vmcs02 */
	From foo@baz Sun Jun 17 12:07:33 CEST 2018
	From: Junaid Shahid <junaids@google.com>
	Date: Thu, 26 Apr 2018 13:09:50 -0700
	Subject: kvm: apic: Flush TLB after APIC mode/address change if VPIDs are in use

	From: Junaid Shahid <junaids@google.com>

	[ Upstream commit a468f2dbf921d02f5107378501693137a812999b ]

	Currently, KVM flushes the TLB after a change to the APIC access page
	address or the APIC mode when EPT mode is enabled. However, even in
	shadow paging mode, a TLB flush is needed if VPIDs are being used, as
	specified in the Intel SDM Section 29.4.5.

	So replace vmx_flush_tlb_ept_only() with vmx_flush_tlb(), which will
	flush if either EPT or VPIDs are in use.

	Signed-off-by: Junaid Shahid <junaids@google.com>
	Reviewed-by: Jim Mattson <jmattson@google.com>
	Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
	Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	---
	arch/x86/kvm/vmx.c \| 14 ++++----------
	1 file changed, 4 insertions(+), 10 deletions(-)

	--- a/arch/x86/kvm/vmx.c
	+++ b/arch/x86/kvm/vmx.c
	@@ -4272,12 +4272,6 @@ static void vmx_flush_tlb(struct kvm_vcp
	__vmx_flush_tlb(vcpu, to_vmx(vcpu)->vpid, invalidate_gpa);
	}

	-static void vmx_flush_tlb_ept_only(struct kvm_vcpu *vcpu)
	-{
	- if (enable_ept)
	- vmx_flush_tlb(vcpu, true);
	-}
	-
	static void vmx_decache_cr0_guest_bits(struct kvm_vcpu *vcpu)
	{
	ulong cr0_guest_owned_bits = vcpu->arch.cr0_guest_owned_bits;
	@@ -9030,7 +9024,7 @@ static void vmx_set_virtual_x2apic_mode(
	} else {
	sec_exec_control &= ~SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE;
	sec_exec_control \|= SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES;
	- vmx_flush_tlb_ept_only(vcpu);
	+ vmx_flush_tlb(vcpu, true);
	}
	vmcs_write32(SECONDARY_VM_EXEC_CONTROL, sec_exec_control);

	@@ -9058,7 +9052,7 @@ static void vmx_set_apic_access_page_add
	!nested_cpu_has2(get_vmcs12(&vmx->vcpu),
	SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES)) {
	vmcs_write64(APIC_ACCESS_ADDR, hpa);
	- vmx_flush_tlb_ept_only(vcpu);
	+ vmx_flush_tlb(vcpu, true);
	}
	}

	@@ -10950,7 +10944,7 @@ static int prepare_vmcs02(struct kvm_vcp
	}
	} else if (nested_cpu_has2(vmcs12,
	SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES)) {
	- vmx_flush_tlb_ept_only(vcpu);
	+ vmx_flush_tlb(vcpu, true);
	}

	/*
	@@ -11777,7 +11771,7 @@ static void nested_vmx_vmexit(struct kvm
	} else if (!nested_cpu_has_ept(vmcs12) &&
	nested_cpu_has2(vmcs12,
	SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES)) {
	- vmx_flush_tlb_ept_only(vcpu);
	+ vmx_flush_tlb(vcpu, true);
	}

	/* This is needed for same reason as it was needed in prepare_vmcs02 */