leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2f707d9798
linux/arch/x86/kvm
History
Wanpeng Li 2f707d9798 KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset 
Reported by syzkaller:

    WARNING: CPU: 1 PID: 27742 at arch/x86/kvm/vmx.c:11029
    nested_vmx_vmexit+0x5c35/0x74d0 arch/x86/kvm/vmx.c:11029
    CPU: 1 PID: 27742 Comm: a.out Not tainted 4.10.0+ #229
    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
    Call Trace:
     __dump_stack lib/dump_stack.c:15 [inline]
     dump_stack+0x2ee/0x3ef lib/dump_stack.c:51
     panic+0x1fb/0x412 kernel/panic.c:179
     __warn+0x1c4/0x1e0 kernel/panic.c:540
     warn_slowpath_null+0x2c/0x40 kernel/panic.c:583
     nested_vmx_vmexit+0x5c35/0x74d0 arch/x86/kvm/vmx.c:11029
     vmx_leave_nested arch/x86/kvm/vmx.c:11136 [inline]
     vmx_set_msr+0x1565/0x1910 arch/x86/kvm/vmx.c:3324
     kvm_set_msr+0xd4/0x170 arch/x86/kvm/x86.c:1099
     do_set_msr+0x11e/0x190 arch/x86/kvm/x86.c:1128
     __msr_io arch/x86/kvm/x86.c:2577 [inline]
     msr_io+0x24b/0x450 arch/x86/kvm/x86.c:2614
     kvm_arch_vcpu_ioctl+0x35b/0x46a0 arch/x86/kvm/x86.c:3497
     kvm_vcpu_ioctl+0x232/0x1120 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2721
     vfs_ioctl fs/ioctl.c:43 [inline]
     do_vfs_ioctl+0x1bf/0x1790 fs/ioctl.c:683
     SYSC_ioctl fs/ioctl.c:698 [inline]
     SyS_ioctl+0x8f/0xc0 fs/ioctl.c:689
     entry_SYSCALL_64_fastpath+0x1f/0xc2

The syzkaller folks reported a nested_run_pending warning during userspace
clear VMX capability which is exposed to L1 before.

The warning gets thrown while doing

(*(uint32_t*)0x20aecfe8 = (uint32_t)0x1);
(*(uint32_t*)0x20aecfec = (uint32_t)0x0);
(*(uint32_t*)0x20aecff0 = (uint32_t)0x3a);
(*(uint32_t*)0x20aecff4 = (uint32_t)0x0);
(*(uint64_t*)0x20aecff8 = (uint64_t)0x0);
r[29] = syscall(__NR_ioctl, r[4], 0x4008ae89ul,
		0x20aecfe8ul, 0, 0, 0, 0, 0, 0);

i.e. KVM_SET_MSR ioctl with

struct kvm_msrs {
	.nmsrs = 1,
		.pad = 0,
		.entries = {
			{.index = MSR_IA32_FEATURE_CONTROL,
			 .reserved = 0,
			 .data = 0}
		}
}

The VMLANCH/VMRESUME emulation should be stopped since the CPU is going to
reset here. This patch resets the nested_run_pending since the CPU is going
to be reset hence there should be nothing pending.

Reported-by: Dmitry Vyukov <dvyukov@google.com>
Suggested-by: Radim Krčmář <rkrcmar@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: David Hildenbrand <david@redhat.com>
Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
2017-03-07 15:41:12 +01:00
..
assigned-dev.c
assigned-dev.h
cpuid.c sched/headers: Prepare to move sched_info_on() and force_schedstat_enabled() from <linux/sched.h> to <linux/sched/stat.h> 2017-03-02 08:42:39 +01:00
cpuid.h Revert "KVM: x86: add pcommit support" 2016-07-23 11:04:23 -07:00
debugfs.c kvm: x86: export TSC information to user-space 2016-09-16 16:57:48 +02:00
emulate.c Merge branch 'x86/cpufeature' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip into next 2017-01-17 17:53:01 +01:00
hyperv.c sched/headers: Prepare to move cputime functionality from <linux/sched.h> into <linux/sched/cputime.h> 2017-03-02 08:42:39 +01:00
hyperv.h KVM: x86: Hyper-V tsc page setup 2016-09-20 09:26:20 +02:00
i8254.c KVM: x86: Handle the kthread worker using the new API 2016-12-08 15:31:11 +01:00
i8254.h KVM: x86: Handle the kthread worker using the new API 2016-12-08 15:31:11 +01:00
i8259.c KVM: x86: make pic setup code look like ioapic setup 2017-01-09 14:45:28 +01:00
ioapic.c KVM: x86: fix out-of-bounds accesses of rtc_eoi map 2016-11-24 18:37:19 +01:00
ioapic.h KVM: x86: fix out-of-bounds accesses of rtc_eoi map 2016-11-24 18:37:19 +01:00
iommu.c - ARM: GICv3 ITS emulation and various fixes. Removal of the old 2016-08-02 16:11:27 -04:00
irq_comm.c sched/headers: Prepare to use <linux/rcuupdate.h> instead of <linux/rculist.h> in <linux/sched.h> 2017-03-02 08:42:38 +01:00
irq.c x86/kvm: Audit and remove any unnecessary uses of module.h 2016-07-14 15:07:00 +02:00
irq.h KVM: x86: make pic setup code look like ioapic setup 2017-01-09 14:45:28 +01:00
Kconfig KVM: remove kvm_vcpu_compatible 2016-06-16 00:05:00 +02:00
kvm_cache_regs.h KVM, pkeys: add pkeys support for permission_fault 2016-03-22 16:23:37 +01:00
lapic.c KVM: Support vCPU-based gfn->hva cache 2017-02-16 18:42:46 +01:00
lapic.h KVM: x86: preparatory changes for APICv cleanups 2017-02-15 14:54:34 +01:00
Makefile kvm: add stubs for arch specific debugfs support 2016-09-16 16:57:47 +02:00
mmu_audit.c
mmu.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/signal.h> 2017-03-02 08:42:29 +01:00
mmu.h kvm: mmu: remove is_present_gpte() 2016-07-14 09:02:47 +02:00
mmutrace.h
mtrr.c KVM: MTRR: fix kvm_mtrr_check_gfn_range_consistency page fault 2016-07-05 16:14:43 +02:00
page_track.c sched/headers: Prepare to use <linux/rcuupdate.h> instead of <linux/rculist.h> in <linux/sched.h> 2017-03-02 08:42:38 +01:00
paging_tmpl.h kvm: mmu: track read permission explicitly for shadow EPT page tables 2016-07-14 09:03:50 +02:00
pmu_amd.c perf/x86/amd: Make HW_CACHE_REFERENCES and HW_CACHE_MISSES measure L2 2016-09-16 16:19:49 +02:00
pmu_intel.c KVM: x86: Fix typos 2016-06-14 11:16:28 +02:00
pmu.c KVM: x86: never specify a sample period for virtualized in_tx_cp counters 2017-03-01 14:19:46 +01:00
pmu.h
svm.c KVM: x86: remove code for lazy FPU handling 2017-02-17 12:28:01 +01:00
trace.h KVM: x86: support using the vmx preemption timer for tsc deadline timer 2016-06-16 10:07:48 +02:00
tss.h
vmx.c KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset 2017-03-07 15:41:12 +01:00
x86.c sched/headers: Prepare to move sched_info_on() and force_schedstat_enabled() from <linux/sched.h> to <linux/sched/stat.h> 2017-03-02 08:42:39 +01:00
x86.h KVM: x86: introduce get_kvmclock_ns 2016-09-20 09:26:15 +02:00