The patch below does not apply to the 5.11-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to stable@vger.kernel.org.

thanks,

greg k-h

------------------ original commit in Linus's tree ------------------

From a1fa4cbd53d9bc7bb0eaa7bcf7c8a5904372a4ec Mon Sep 17 00:00:00 2001

From: Wanpeng Li wanpengli@tencent.com Date: Fri, 9 Apr 2021 12:18:31 +0800 Subject: [PATCH] KVM: X86: Do not yield to self

If the target is self we do not need to yield, we can avoid malicious guest to play this.

Signed-off-by: Wanpeng Li wanpengli@tencent.com Message-Id: 1617941911-5338-3-git-send-email-wanpengli@tencent.com Cc: stable@vger.kernel.org Signed-off-by: Paolo Bonzini pbonzini@redhat.com

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 05a4bce181d7..66d2ab074a5f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -8228,6 +8228,10 @@ static void kvm_sched_yield(struct kvm_vcpu *vcpu, unsigned long dest_id) if (!target || !READ_ONCE(target->ready)) goto no_yield;

+ /* Ignore requests to yield to self */ + if (vcpu == target) + goto no_yield; + if (kvm_vcpu_yield_to(target) <= 0) goto no_yield;