leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
55123e3c86
linux/arch/x86/kvm
History
Wanpeng Li 55123e3c86 KVM: nVMX: avoid incorrect preemption timer vmexit in nested guest 
The preemption timer for nested VMX is emulated by hrtimer which is started on L2
entry, stopped on L2 exit and evaluated via the check_nested_events hook. However,
nested_vmx_exit_handled is always returning true for preemption timer vmexit.  Then,
the L1 preemption timer vmexit is captured and be treated as a L2 preemption
timer vmexit, causing NULL pointer dereferences or worse in the L1 guest's
vmexit handler:

    BUG: unable to handle kernel NULL pointer dereference at           (null)
    IP: [<          (null)>]           (null)
    PGD 0
    Oops: 0010 [#1] SMP
    Call Trace:
     ? kvm_lapic_expired_hv_timer+0x47/0x90 [kvm]
     handle_preemption_timer+0xe/0x20 [kvm_intel]
     vmx_handle_exit+0x169/0x15a0 [kvm_intel]
     ? kvm_arch_vcpu_ioctl_run+0xd5d/0x19d0 [kvm]
     kvm_arch_vcpu_ioctl_run+0xdee/0x19d0 [kvm]
     ? kvm_arch_vcpu_ioctl_run+0xd5d/0x19d0 [kvm]
     ? vcpu_load+0x1c/0x60 [kvm]
     ? kvm_arch_vcpu_load+0x57/0x260 [kvm]
     kvm_vcpu_ioctl+0x2d3/0x7c0 [kvm]
     do_vfs_ioctl+0x96/0x6a0
     ? __fget_light+0x2a/0x90
     SyS_ioctl+0x79/0x90
     do_syscall_64+0x68/0x180
     entry_SYSCALL64_slow_path+0x25/0x25
    Code:  Bad RIP value.
    RIP  [<          (null)>]           (null)
     RSP <ffff8800b5263c48>
    CR2: 0000000000000000
    ---[ end trace 9c70c48b1a2bc66e ]---

This can be reproduced readily by preemption timer enabled on L0 and disabled
on L1.

Return false since preemption timer vmexits must never be reflected to L2.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: Yunhong Jiang <yunhong.jiang@intel.com>
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Cc: Haozhong Zhang <haozhong.zhang@intel.com>
Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-07-11 09:49:26 +02:00
..
assigned-dev.c KVM: x86: use list_for_each_entry* 2016-02-23 15:40:54 +01:00
assigned-dev.h KVM: x86: move device assignment out of kvm_host.h 2014-11-24 16:53:50 +01:00
cpuid.c KVM: x86: avoid vmalloc(0) in the KVM_SET_CPUID 2016-06-02 17:38:50 +02:00
cpuid.h KVM, pkeys: expose CPUID/CR4 to guest 2016-03-22 16:38:17 +01:00
emulate.c x86/kvm: Add stack frame dependency to fastop() inline asm 2016-05-10 18:16:50 +02:00
hyperv.c KVM: Hyper-V: do not do hypercall userspace exits if SynIC is disabled 2016-04-01 12:10:09 +02:00
hyperv.h kvm/x86: Hyper-V SynIC timers 2015-12-16 18:49:45 +01:00
i8254.c KVM: x86: protect KVM_CREATE_PIT/KVM_CREATE_PIT2 with kvm->lock 2016-06-03 15:28:19 +02:00
i8254.h KVM: i8254: turn kvm_kpit_state.reinject into atomic_t 2016-03-04 09:30:25 +01:00
i8259.c KVM: x86: clean/fix memory barriers in irqchip_in_kernel 2015-07-30 16:02:56 +02:00
ioapic.c KVM: x86: Rename kvm_apic_get_reg to kvm_lapic_get_reg 2016-05-18 18:04:25 +02:00
ioapic.h kvm: x86: Track irq vectors in ioapic->rtc_status.dest_map 2016-03-03 14:36:18 +01:00
iommu.c kvm/x86: remove unnecessary header file inclusion 2016-06-03 15:28:19 +02:00
irq_comm.c KVM: add missing memory barrier in kvm_{make,check}_request 2016-04-20 15:29:17 +02:00
irq.c KVM: x86: consolidate "has lapic" checks into irq.c 2016-02-09 16:57:39 +01:00
irq.h KVM: x86: consolidate different ways to test for in-kernel LAPIC 2016-02-09 16:57:45 +01:00
Kconfig KVM: remove kvm_vcpu_compatible 2016-06-16 00:05:00 +02:00
kvm_cache_regs.h KVM, pkeys: add pkeys support for permission_fault 2016-03-22 16:23:37 +01:00
lapic.c KVM: vmx: fix missed cancellation of TSC deadline timer 2016-07-01 11:03:42 +02:00
lapic.h KVM: x86: support using the vmx preemption timer for tsc deadline timer 2016-06-16 10:07:48 +02:00
Makefile KVM: page track: add the framework of guest page tracking 2016-03-03 14:36:20 +01:00
mmu_audit.c kvm: rename pfn_t to kvm_pfn_t 2016-01-15 17:56:32 -08:00
mmu.c KVM: x86: Fix typos 2016-06-14 11:16:28 +02:00
mmu.h KVM: MMU: fix permission_fault() 2016-04-10 21:53:49 +02:00
mmutrace.h tracing: Rename ftrace_event.h to trace_events.h 2015-05-13 14:05:12 -04:00
mtrr.c KVM: MTRR: remove MSR 0x2f8 2016-05-18 18:04:32 +02:00
page_track.c KVM: page_track: fix access to NULL slot 2016-03-22 17:27:28 +01:00
paging_tmpl.h KVM: MMU: fix permission_fault() 2016-04-10 21:53:49 +02:00
pmu_amd.c KVM: x86/vPMU: Fix unnecessary signed extension for AMD PERFCTRn 2015-08-11 15:19:41 +02:00
pmu_intel.c KVM: x86: Fix typos 2016-06-14 11:16:28 +02:00
pmu.c KVM: x86: consolidate different ways to test for in-kernel LAPIC 2016-02-09 16:57:45 +01:00
pmu.h KVM: x86/vPMU: Define kvm_pmu_ops to support vPMU function dispatch 2015-06-23 14:12:14 +02:00
svm.c KVM: x86: use guest_exit_irqoff 2016-07-01 11:03:38 +02:00
trace.h KVM: x86: support using the vmx preemption timer for tsc deadline timer 2016-06-16 10:07:48 +02:00
tss.h
vmx.c KVM: nVMX: avoid incorrect preemption timer vmexit in nested guest 2016-07-11 09:49:26 +02:00
x86.c KVM: x86: use guest_exit_irqoff 2016-07-01 11:03:38 +02:00
x86.h KVM, pkeys: add pkeys support for xsave state 2016-03-22 16:21:05 +01:00