44 lines
1.6 KiB
Diff
44 lines
1.6 KiB
Diff
From d74cb6c8b70d9b5ad8482f4821679b83bad9de63 Mon Sep 17 00:00:00 2001
|
|
From: Chao Gao <chao.gao@intel.com>
|
|
Date: Mon, 24 Mar 2025 22:08:48 +0800
|
|
Subject: KVM: VMX: Flush shadow VMCS on emergency reboot
|
|
|
|
Ensure the shadow VMCS cache is evicted during an emergency reboot to
|
|
prevent potential memory corruption if the cache is evicted after reboot.
|
|
|
|
This issue was identified through code inspection, as __loaded_vmcs_clear()
|
|
flushes both the normal VMCS and the shadow VMCS.
|
|
|
|
Avoid checking the "launched" state during an emergency reboot, unlike the
|
|
behavior in __loaded_vmcs_clear(). This is important because reboot NMIs
|
|
can interfere with operations like copy_shadow_to_vmcs12(), where shadow
|
|
VMCSes are loaded directly using VMPTRLD. In such cases, if NMIs occur
|
|
right after the VMCS load, the shadow VMCSes will be active but the
|
|
"launched" state may not be set.
|
|
|
|
Fixes: 16f5b9034b69 ("KVM: nVMX: Copy processor-specific shadow-vmcs to VMCS12")
|
|
Cc: stable@vger.kernel.org
|
|
Signed-off-by: Chao Gao <chao.gao@intel.com>
|
|
Reviewed-by: Kai Huang <kai.huang@intel.com>
|
|
Link: https://lore.kernel.org/r/20250324140849.2099723-1-chao.gao@intel.com
|
|
Signed-off-by: Sean Christopherson <seanjc@google.com>
|
|
---
|
|
arch/x86/kvm/vmx/vmx.c | 5 ++++-
|
|
1 file changed, 4 insertions(+), 1 deletion(-)
|
|
|
|
--- a/arch/x86/kvm/vmx/vmx.c
|
|
+++ b/arch/x86/kvm/vmx/vmx.c
|
|
@@ -769,8 +769,11 @@ void vmx_emergency_disable_virtualizatio
|
|
return;
|
|
|
|
list_for_each_entry(v, &per_cpu(loaded_vmcss_on_cpu, cpu),
|
|
- loaded_vmcss_on_cpu_link)
|
|
+ loaded_vmcss_on_cpu_link) {
|
|
vmcs_clear(v->vmcs);
|
|
+ if (v->shadow_vmcs)
|
|
+ vmcs_clear(v->shadow_vmcs);
|
|
+ }
|
|
|
|
kvm_cpu_vmxoff();
|
|
}
|