Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-12-18 09:02:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
38ab012f10
linux/arch
History
Wanpeng Li 38ab012f10 KVM: LAPIC: Fix pv ipis use-before-initialization 
Reported by syzkaller:

 BUG: unable to handle kernel NULL pointer dereference at 0000000000000014
 PGD 800000040410c067 P4D 800000040410c067 PUD 40410d067 PMD 0
 Oops: 0000 [#1] PREEMPT SMP PTI
 CPU: 3 PID: 2567 Comm: poc Tainted: G           OE     4.19.0-rc5 #16
 RIP: 0010:kvm_pv_send_ipi+0x94/0x350 [kvm]
 Call Trace:
  kvm_emulate_hypercall+0x3cc/0x700 [kvm]
  handle_vmcall+0xe/0x10 [kvm_intel]
  vmx_handle_exit+0xc1/0x11b0 [kvm_intel]
  vcpu_enter_guest+0x9fb/0x1910 [kvm]
  kvm_arch_vcpu_ioctl_run+0x35c/0x610 [kvm]
  kvm_vcpu_ioctl+0x3e9/0x6d0 [kvm]
  do_vfs_ioctl+0xa5/0x690
  ksys_ioctl+0x6d/0x80
  __x64_sys_ioctl+0x1a/0x20
  do_syscall_64+0x83/0x6e0
  entry_SYSCALL_64_after_hwframe+0x49/0xbe

The reason is that the apic map has not yet been initialized, the testcase
triggers pv_send_ipi interface by vmcall which results in kvm->arch.apic_map
is dereferenced. This patch fixes it by checking whether or not apic map is
NULL and bailing out immediately if that is the case.

Fixes: 4180bf1b65 (KVM: X86: Implement "send IPI" hypercall)
Reported-by: Wei Wu <ww9210@gmail.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: Wei Wu <ww9210@gmail.com>
Signed-off-by: Wanpeng Li <wanpengli@tencent.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-11-27 12:48:56 +01:00
..
alpha TTY/Serial fixes for 4.20-rc2 2018-11-10 13:32:14 -06:00
arc mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
arm Merge branch 'spectre' of git://git.armlinux.org.uk/~rmk/linux-arm 2018-11-18 10:45:09 -08:00
arm64 efi/arm: Defer persistent reservations until after paging_init() 2018-11-15 10:04:46 +01:00
c6x c6x changes for 4.20 2018-10-31 15:39:25 -07:00
csky csky: dtb Kbuild fixup patches for linux-4.20-rc1 2018-11-01 09:04:30 -07:00
h8300 mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
hexagon mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
ia64 memblock: stop using implicit alignment to SMP_CACHE_BYTES 2018-10-31 08:54:16 -07:00
m68k s390 updates for 4.20-rc2 2018-11-09 06:30:44 -06:00
microblaze s390 updates for 4.20-rc2 2018-11-09 06:30:44 -06:00
mips MIPS: Fix `dma_alloc_coherent' returning a non-coherent allocation 2018-11-05 10:08:13 -08:00
nds32 s390 updates for 4.20-rc2 2018-11-09 06:30:44 -06:00
nios2 mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
openrisc mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
parisc Merge branch 'parisc-4.20-3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux 2018-11-14 13:42:41 -06:00
powerpc PPC KVM fixes for 4.20 2018-11-25 18:56:32 +01:00
riscv RISC-V: Silence some module warnings on 32-bit 2018-11-12 18:12:24 -08:00
s390 s390 updates for 4.20-rc2 2018-11-09 06:30:44 -06:00
sh mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
sparc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc 2018-11-01 09:07:04 -07:00
um for-linus-20181109 2018-11-09 16:31:51 -06:00
unicore32 memblock: stop using implicit alignment to SMP_CACHE_BYTES 2018-10-31 08:54:16 -07:00
x86 KVM: LAPIC: Fix pv ipis use-before-initialization 2018-11-27 12:48:56 +01:00
xtensa Xtensa fixes for v4.20-rc3 2018-11-16 10:10:27 -06:00
.gitignore
Kconfig New gcc plugin: stackleak 2018-11-01 11:46:27 -07:00