Patch "KVM: X86: Fix SMRAM accessing even if VM is shutdown" has been added to the 4.14-stable tree
This is a note to let you know that I've just added the patch titled
KVM: X86: Fix SMRAM accessing even if VM is shutdown
to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git%3Ba=su...
The filename of the patch is: kvm-x86-fix-smram-accessing-even-if-vm-is-shutdown.patch and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree, please let stable@vger.kernel.org know about it.
From 95e057e25892eaa48cad1e2d637b80d0f1a4fac5 Mon Sep 17 00:00:00 2001
From: Wanpeng Li wanpengli@tencent.com Date: Thu, 8 Feb 2018 15:32:45 +0800 Subject: KVM: X86: Fix SMRAM accessing even if VM is shutdown MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit
From: Wanpeng Li wanpengli@tencent.com
commit 95e057e25892eaa48cad1e2d637b80d0f1a4fac5 upstream.
Reported by syzkaller:
WARNING: CPU: 6 PID: 2434 at arch/x86/kvm/vmx.c:6660 handle_ept_misconfig+0x54/0x1e0 [kvm_intel] CPU: 6 PID: 2434 Comm: repro_test Not tainted 4.15.0+ #4 RIP: 0010:handle_ept_misconfig+0x54/0x1e0 [kvm_intel] Call Trace: vmx_handle_exit+0xbd/0xe20 [kvm_intel] kvm_arch_vcpu_ioctl_run+0xdaf/0x1d50 [kvm] kvm_vcpu_ioctl+0x3e9/0x720 [kvm] do_vfs_ioctl+0xa4/0x6a0 SyS_ioctl+0x79/0x90 entry_SYSCALL_64_fastpath+0x25/0x9c
The testcase creates a first thread to issue KVM_SMI ioctl, and then creates a second thread to mmap and operate on the same vCPU. This triggers a race condition when running the testcase with multiple threads. Sometimes one thread exits with a triple fault while another thread mmaps and operates on the same vCPU. Because CS=0x3000/IP=0x8000 is not mapped, accessing the SMI handler results in an EPT misconfig. This patch fixes it by returning RET_PF_EMULATE in kvm_handle_bad_page(), which will go on to cause an emulation failure and an exit with KVM_EXIT_INTERNAL_ERROR.
Reported-by: syzbot+c1d9517cab094dae65e446c0c5b4de6c40f4dc58@syzkaller.appspotmail.com Cc: Paolo Bonzini pbonzini@redhat.com Cc: Radim Krčmář rkrcmar@redhat.com Cc: stable@vger.kernel.org Signed-off-by: Wanpeng Li wanpengli@tencent.com Signed-off-by: Paolo Bonzini pbonzini@redhat.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- arch/x86/kvm/mmu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/kvm/mmu.c +++ b/arch/x86/kvm/mmu.c @@ -3004,7 +3004,7 @@ static int kvm_handle_bad_page(struct kv return 0; }
- return -EFAULT; + return RET_PF_EMULATE; }
static void transparent_hugepage_adjust(struct kvm_vcpu *vcpu,
Patches currently in stable-queue which might be from wanpengli@tencent.com are
queue-4.14/kvm-x86-fix-smram-accessing-even-if-vm-is-shutdown.patch
Den 07-03-2018 kl. 05:54, skrev gregkh@linuxfoundation.org:
This is a note to let you know that I've just added the patch titled
KVM: X86: Fix SMRAM accessing even if VM is shutdown
This one breaks build on 4.14 (and earlier I presume) as RET_PF_EMULATE was introduced in v4.15-rc1~79^2~8.
To fix the build on 4.14 you would need:
From 9b8ebbdb74b5ad76b9dfd8b101af17839174b126 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini pbonzini@redhat.com Date: Thu, 17 Aug 2017 15:03:32 +0200 Subject: [PATCH] KVM: x86: extend usage of RET_MMIO_PF_* constants
I haven't tested it on older kernels...
-- Thomas
to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git%3Ba=su...
The filename of the patch is: kvm-x86-fix-smram-accessing-even-if-vm-is-shutdown.patch and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree, please let stable@vger.kernel.org know about it.
From 95e057e25892eaa48cad1e2d637b80d0f1a4fac5 Mon Sep 17 00:00:00 2001 From: Wanpeng Li wanpengli@tencent.com Date: Thu, 8 Feb 2018 15:32:45 +0800 Subject: KVM: X86: Fix SMRAM accessing even if VM is shutdown MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit
From: Wanpeng Li wanpengli@tencent.com
commit 95e057e25892eaa48cad1e2d637b80d0f1a4fac5 upstream.
Reported by syzkaller:
WARNING: CPU: 6 PID: 2434 at arch/x86/kvm/vmx.c:6660 handle_ept_misconfig+0x54/0x1e0 [kvm_intel] CPU: 6 PID: 2434 Comm: repro_test Not tainted 4.15.0+ #4 RIP: 0010:handle_ept_misconfig+0x54/0x1e0 [kvm_intel] Call Trace: vmx_handle_exit+0xbd/0xe20 [kvm_intel] kvm_arch_vcpu_ioctl_run+0xdaf/0x1d50 [kvm] kvm_vcpu_ioctl+0x3e9/0x720 [kvm] do_vfs_ioctl+0xa4/0x6a0 SyS_ioctl+0x79/0x90 entry_SYSCALL_64_fastpath+0x25/0x9cThe testcase creates a first thread to issue KVM_SMI ioctl, and then creates a second thread to mmap and operate on the same vCPU. This triggers a race condition when running the testcase with multiple threads. Sometimes one thread exits with a triple fault while another thread mmaps and operates on the same vCPU. Because CS=0x3000/IP=0x8000 is not mapped, accessing the SMI handler results in an EPT misconfig. This patch fixes it by returning RET_PF_EMULATE in kvm_handle_bad_page(), which will go on to cause an emulation failure and an exit with KVM_EXIT_INTERNAL_ERROR.
Reported-by: syzbot+c1d9517cab094dae65e446c0c5b4de6c40f4dc58@syzkaller.appspotmail.com Cc: Paolo Bonzini pbonzini@redhat.com Cc: Radim Krčmář rkrcmar@redhat.com Cc: stable@vger.kernel.org Signed-off-by: Wanpeng Li wanpengli@tencent.com Signed-off-by: Paolo Bonzini pbonzini@redhat.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
arch/x86/kvm/mmu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/kvm/mmu.c +++ b/arch/x86/kvm/mmu.c @@ -3004,7 +3004,7 @@ static int kvm_handle_bad_page(struct kv return 0; }
- return -EFAULT;
- return RET_PF_EMULATE; }
static void transparent_hugepage_adjust(struct kvm_vcpu *vcpu,
Patches currently in stable-queue which might be from wanpengli@tencent.com are
queue-4.14/kvm-x86-fix-smram-accessing-even-if-vm-is-shutdown.patch
On Wed, Mar 07, 2018 at 01:48:52PM +0200, Thomas Backlund wrote:
Den 07-03-2018 kl. 05:54, skrev gregkh@linuxfoundation.org:
This is a note to let you know that I've just added the patch titled
KVM: X86: Fix SMRAM accessing even if VM is shutdownThis one breaks build on 4.14 (and earlier I presume) as RET_PF_EMULATE was introduced in v4.15-rc1~79^2~8.
Yeah, I just found that out :(
To fix the build on 4.14 you would need:
From 9b8ebbdb74b5ad76b9dfd8b101af17839174b126 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini pbonzini@redhat.com Date: Thu, 17 Aug 2017 15:03:32 +0200 Subject: [PATCH] KVM: x86: extend usage of RET_MMIO_PF_* constants
I haven't tested it on older kernels...
It doesn't apply on older kernels, so I'm having to drop the original patch here from 4.4.y and 4.9.y. If someone wants them there, please provide working backports :)
thanks,
greg k-h
On 07/03/2018 16:02, Greg KH wrote:
On Wed, Mar 07, 2018 at 01:48:52PM +0200, Thomas Backlund wrote:
Den 07-03-2018 kl. 05:54, skrev gregkh@linuxfoundation.org:
This is a note to let you know that I've just added the patch titled
KVM: X86: Fix SMRAM accessing even if VM is shutdownThis one breaks build on 4.14 (and earlier I presume) as RET_PF_EMULATE was introduced in v4.15-rc1~79^2~8.
Yeah, I just found that out :(
To fix the build on 4.14 you would need:
From 9b8ebbdb74b5ad76b9dfd8b101af17839174b126 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini pbonzini@redhat.com Date: Thu, 17 Aug 2017 15:03:32 +0200 Subject: [PATCH] KVM: x86: extend usage of RET_MMIO_PF_* constants
I haven't tested it on older kernels...
It doesn't apply on older kernels, so I'm having to drop the original patch here from 4.4.y and 4.9.y. If someone wants them there, please provide working backports :)
Will do!
Paolo
linux-stable-mirror@lists.linaro.org
-
Greg KH -
gregkh@linuxfoundation.org
-
Paolo Bonzini -
Thomas Backlund