Re: [PATCH] KVM: nSVM: Snapshot vmcb12 save.rip to prevent TOCTOU race

[Yosry Ahmed]

> > Add rip, rsp, and rax to struct vmcb_save_area_cached, snapshot them
> > in __nested_copy_vmcb_save_to_cache(), and replace all direct reads
> > of vmcb12->save.{rip,rsp,rax} with reads from the cached copy. This
> > ensures all consumers within a single nested VMRUN see consistent
> > register values.
>
> What is actually visibliy problematic?
>
> Assuming the worst case scenario is a WARN, then I'm very strongly inclined to
> either (a) not apply this patch at all and instead wait for Yosry's full series,
> or (b) have Yosry slot in the most minimal fix (e.g. for just RIP) in a stable@
> friendly location in his series.
>
> There are many, many nSVM issues that need to be fixed, many of which are functional
> problems for well-behaved setups.  For me, those are by far the priority.  I also
> want to fix the a guest-triggerable WARN_ON_ONCE(), but it's not urgent, and not
> something I want to spend a lot of effort on with respect to providing an LTS-friendly
> commit (though if we can get one cheaply, that'd be great).

I agree with Sean here, it's probably not worth fixing in LTS kernels.
The series has been in kvm-x86/next for a while and I don't think any
of us want to change that, it took a bit of work to get all the nSVM
patches there in good shape to begin with (and there's more pending
patches that depend on current kvm-x86/next).

That being said, I personally do not object to LTS-specific patches
(e.g. like the one attached), if Sean and Paolo think it's worth it. I
don't really have time to do that, but I can help with reviews
(although I will be OOO for the next 2 weeks). As Paolo said, be
careful that some older LTS trees do not even have the cached save
area, so they are broken in a much bigger way.