Patch "KVM: VMX: Drop explicit 'nested' check from vmx_set_cr4()" has been added to the 5.10-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Mon, 15 Aug 2022 02:18:45 -0400

This is a note to let you know that I've just added the patch titled

    KVM: VMX: Drop explicit 'nested' check from vmx_set_cr4()

to the 5.10-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     kvm-vmx-drop-explicit-nested-check-from-vmx_set_cr4.patch
and it can be found in the queue-5.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit ce4efc4739490eef5363b1266e3b68a0405670b7
Author: Sean Christopherson <seanjc@xxxxxxxxxx>
Date:   Tue Oct 6 18:44:13 2020 -0700

    KVM: VMX: Drop explicit 'nested' check from vmx_set_cr4()
    
    [ Upstream commit a447e38a7fadb2e554c3942dda183e55cccd5df0 ]
    
    Drop vmx_set_cr4()'s explicit check on the 'nested' module param now
    that common x86 handles the check by incorporating VMXE into the CR4
    reserved bits, via kvm_cpu_caps.  X86_FEATURE_VMX is set in kvm_cpu_caps
    (by vmx_set_cpu_caps()), if and only if 'nested' is true.
    
    No functional change intended.
    
    Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
    Message-Id: <20201007014417.29276-3-sean.j.christopherson@xxxxxxxxx>
    Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 1b75847d8a49..154ec5d8cdf5 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -3211,18 +3211,13 @@ int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
 		}
 	}
 
-	if (cr4 & X86_CR4_VMXE) {
-		/*
-		 * To use VMXON (and later other VMX instructions), a guest
-		 * must first be able to turn on cr4.VMXE (see handle_vmon()).
-		 * So basically the check on whether to allow nested VMX
-		 * is here.  We operate under the default treatment of SMM,
-		 * so VMX cannot be enabled under SMM.  Note, guest CPUID is
-		 * intentionally ignored, it's handled by cr4_guest_rsvd_bits.
-		 */
-		if (!nested || is_smm(vcpu))
-			return 1;
-	}
+	/*
+	 * We operate under the default treatment of SMM, so VMX cannot be
+	 * enabled under SMM.  Note, whether or not VMXE is allowed at all is
+	 * handled by kvm_valid_cr4().
+	 */
+	if ((cr4 & X86_CR4_VMXE) && is_smm(vcpu))
+		return 1;
 
 	if (vmx->nested.vmxon && !nested_cr4_valid(vcpu, cr4))
 		return 1;






