korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2025-01-16 02:44:26 +08:00
Code Issues Packages Projects Releases Wiki Activity
2f707d9798
linux/arch/x86
History
Wanpeng Li 2f707d9798 KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset 
Reported by syzkaller:

    WARNING: CPU: 1 PID: 27742 at arch/x86/kvm/vmx.c:11029
    nested_vmx_vmexit+0x5c35/0x74d0 arch/x86/kvm/vmx.c:11029
    CPU: 1 PID: 27742 Comm: a.out Not tainted 4.10.0+ #229
    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
    Call Trace:
     __dump_stack lib/dump_stack.c:15 [inline]
     dump_stack+0x2ee/0x3ef lib/dump_stack.c:51
     panic+0x1fb/0x412 kernel/panic.c:179
     __warn+0x1c4/0x1e0 kernel/panic.c:540
     warn_slowpath_null+0x2c/0x40 kernel/panic.c:583
     nested_vmx_vmexit+0x5c35/0x74d0 arch/x86/kvm/vmx.c:11029
     vmx_leave_nested arch/x86/kvm/vmx.c:11136 [inline]
     vmx_set_msr+0x1565/0x1910 arch/x86/kvm/vmx.c:3324
     kvm_set_msr+0xd4/0x170 arch/x86/kvm/x86.c:1099
     do_set_msr+0x11e/0x190 arch/x86/kvm/x86.c:1128
     __msr_io arch/x86/kvm/x86.c:2577 [inline]
     msr_io+0x24b/0x450 arch/x86/kvm/x86.c:2614
     kvm_arch_vcpu_ioctl+0x35b/0x46a0 arch/x86/kvm/x86.c:3497
     kvm_vcpu_ioctl+0x232/0x1120 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2721
     vfs_ioctl fs/ioctl.c:43 [inline]
     do_vfs_ioctl+0x1bf/0x1790 fs/ioctl.c:683
     SYSC_ioctl fs/ioctl.c:698 [inline]
     SyS_ioctl+0x8f/0xc0 fs/ioctl.c:689
     entry_SYSCALL_64_fastpath+0x1f/0xc2

The syzkaller folks reported a nested_run_pending warning during userspace
clear VMX capability which is exposed to L1 before.

The warning gets thrown while doing

(*(uint32_t*)0x20aecfe8 = (uint32_t)0x1);
(*(uint32_t*)0x20aecfec = (uint32_t)0x0);
(*(uint32_t*)0x20aecff0 = (uint32_t)0x3a);
(*(uint32_t*)0x20aecff4 = (uint32_t)0x0);
(*(uint64_t*)0x20aecff8 = (uint64_t)0x0);
r[29] = syscall(__NR_ioctl, r[4], 0x4008ae89ul,
		0x20aecfe8ul, 0, 0, 0, 0, 0, 0);

i.e. KVM_SET_MSR ioctl with

struct kvm_msrs {
	.nmsrs = 1,
		.pad = 0,
		.entries = {
			{.index = MSR_IA32_FEATURE_CONTROL,
			 .reserved = 0,
			 .data = 0}
		}
}

The VMLANCH/VMRESUME emulation should be stopped since the CPU is going to
reset here. This patch resets the nested_run_pending since the CPU is going
to be reset hence there should be nothing pending.

Reported-by: Dmitry Vyukov <dvyukov@google.com>
Suggested-by: Radim Krčmář <rkrcmar@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: David Hildenbrand <david@redhat.com>
Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
2017-03-07 15:41:12 +01:00
..
boot Merge branch 'x86-boot-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-02-20 14:04:37 -08:00
configs IOMMU Updates for Linux v4.9 2016-10-11 12:52:41 -07:00
crypto crypto: sha512-mb - Protect sha512 mb ctx mgr access 2017-02-11 17:50:41 +08:00
entry Merge branch 'rebased-statx' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-03-03 11:38:56 -08:00
events sched/headers: Prepare to remove the <linux/mm_types.h> dependency from <linux/sched.h> 2017-03-02 08:42:37 +01:00
hyperv drivers: hv: Turn off write permission on the hypercall page 2017-02-10 15:48:00 +01:00
ia32 sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task_stack.h> 2017-03-02 08:42:36 +01:00
include Second batch of KVM changes for 4.11 merge window 2017-03-04 11:36:19 -08:00
kernel Second batch of KVM changes for 4.11 merge window 2017-03-04 11:36:19 -08:00
kvm KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset 2017-03-07 15:41:12 +01:00
lguest clocksource: Use a plain u64 instead of cycle_t 2016-12-25 11:04:12 +01:00
lib x86/timer: Make delay() work during early bootup 2017-01-22 10:03:12 +01:00
math-emu Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
mm sched/headers: Prepare to move 'init_task' and 'init_thread_union' from <linux/sched.h> to <linux/sched/task.h> 2017-03-02 08:42:38 +01:00
net bpf: fix unlocking of jited image when module ronx not set 2017-02-21 13:30:14 -05:00
oprofile x86/oprofile/nmi: Convert to hotplug state machine 2016-11-22 23:34:43 +01:00
pci This is a tree wide change and has been kept separate for that reason. 2017-02-25 13:45:43 -08:00
platform sched/headers: Prepare for new header dependencies before moving code to <linux/sched/debug.h> 2017-03-02 08:42:34 +01:00
power Merge branch 'x86-timers-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-12-18 13:59:10 -08:00
purgatory x86/kexec: add -fno-PIE 2016-11-09 22:28:09 +01:00
ras x86/ras/amd/inj: Change dependency 2017-01-24 09:14:55 +01:00
realmode x86/build: Don't use $(LINUXINCLUDE) twice 2016-11-28 07:49:17 +01:00
tools x86/tools: Fix gcc-7 warning in relocs.c 2016-12-19 11:50:24 +01:00
um sched/headers: Prepare to remove the <linux/mm_types.h> dependency from <linux/sched.h> 2017-03-02 08:42:37 +01:00
video
xen sched/headers: Prepare to remove the <linux/mm_types.h> dependency from <linux/sched.h> 2017-03-02 08:42:37 +01:00
.gitignore
Kbuild Drivers: hv vmbus: Move Hypercall page setup out of common code 2017-01-19 11:42:07 +01:00
Kconfig The usual collection of new drivers, non-critical fixes, and updates 2017-02-25 14:28:06 -08:00
Kconfig.cpu
Kconfig.debug mm: add arch-independent testcases for RODATA 2017-02-27 18:43:48 -08:00
Makefile lib/raid6: Add AVX512 optimized gen_syndrome functions 2016-09-21 09:09:44 -07:00
Makefile_32.cpu
Makefile.um