[RFC PATCH 0/5] KVM: nSVM: Fix RIP usage in the control area after restore

[Yosry Ahmed]

Fix a few bugs in using L2's RIP to construct fields in vmcb02 after
save+restore. The main problem is that the vmcb12_rip (and
vmcb12_cs_base) values passed to nested_vmcb02_prepare_control() in the
restore path are broken.

The series fixes that by using the correct RIP (and CS) values to
construct the relevant fields, whether nested state is restored before
or after regs/sregs.

It also fixes another bug where using vmcb12_rip is incorrect, even if
it was restored correctly (patch 1).

The series is an RFC mainly because I am not sure if the approach taken
in patch 4 is the correct way to do this, but otherwise it should be
good to go (I just jinxed it didn't I).

Patch 5 is a reproducer, not intended for merging. It modifies
svm_nested_soft_inject_test to reproduce the bug. Patch 2 makes the
reproducer passes, but if the ordering of vcpu_regs_set() and
vcpu_nested_state_set() is switched, then it only passes after patch 4.

Yosry Ahmed (5):
  KVM: nSVM: Do not use L2's RIP for vmcb02's NextRIP after first L2
    VMRUN
  KVM: nSVM: Use the correct RIP when restoring vmcb02's control area
  KVM: nSVM: Move updating NextRIP and soft IRQ RIPs into a helper
  KVM: SVM: Recalculate nested RIPs after restoring REGS/SREGS
  DO NOT MERGE: KVM: selftests: Reproduce nested RIP restore bug

 arch/x86/include/asm/kvm-x86-ops.h            |  1 +
 arch/x86/include/asm/kvm_host.h               |  1 +
 arch/x86/kvm/svm/nested.c                     | 64 ++++++++++------
 arch/x86/kvm/svm/svm.c                        | 21 ++++++
 arch/x86/kvm/svm/svm.h                        |  2 +
 arch/x86/kvm/x86.c                            |  2 +
 .../testing/selftests/kvm/lib/x86/processor.c |  3 +
 .../kvm/x86/svm_nested_soft_inject_test.c     | 74 +++++++++++++++----
 8 files changed, 129 insertions(+), 39 deletions(-)


base-commit: 183bb0ce8c77b0fd1fb25874112bc8751a461e49
-- 
2.53.0.273.g2a3d683680-goog