[thirdparty/kernel/stable-queue.git] / releases / 5.0.14 / kvm-lapic-check-for-in-kernel-lapic-before-deferencing-apic-pointer.patch

From b904cb8dff824b79233e82c078837627ebd52717 Mon Sep 17 00:00:00 2001
From: Sean Christopherson <sean.j.christopherson@intel.com>
Date: Thu, 25 Apr 2019 19:01:09 -0700
Subject: KVM: lapic: Check for in-kernel LAPIC before deferencing apic pointer

From: Sean Christopherson <sean.j.christopherson@intel.com>

commit b904cb8dff824b79233e82c078837627ebd52717 upstream.

...to avoid dereferencing a null pointer when querying the per-vCPU
timer advance.

Fixes: 39497d7660d98 ("KVM: lapic: Track lapic timer advance per vCPU")
Reported-by: syzbot+f7e65445a40d3e0e4ebf@syzkaller.appspotmail.com
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/kvm/lapic.c |    3 ---
 arch/x86/kvm/x86.c   |    3 ++-
 2 files changed, 2 insertions(+), 4 deletions(-)

--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -1504,9 +1504,6 @@ void wait_lapic_expire(struct kvm_vcpu *
 	u32 timer_advance_ns = apic->lapic_timer.timer_advance_ns;
 	u64 guest_tsc, tsc_deadline, ns;
 
-	if (!lapic_in_kernel(vcpu))
-		return;
-
 	if (apic->lapic_timer.expired_tscdeadline == 0)
 		return;
 
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -7886,7 +7886,8 @@ static int vcpu_enter_guest(struct kvm_v
 	}
 
 	trace_kvm_entry(vcpu->vcpu_id);
-	if (vcpu->arch.apic->lapic_timer.timer_advance_ns)
+	if (lapic_in_kernel(vcpu) &&
+	    vcpu->arch.apic->lapic_timer.timer_advance_ns)
 		wait_lapic_expire(vcpu);
 	guest_enter_irqoff();
Commit	Line	Data
28e9872b GKH	1	From b904cb8dff824b79233e82c078837627ebd52717 Mon Sep 17 00:00:00 2001
	2	From: Sean Christopherson <sean.j.christopherson@intel.com>
	3	Date: Thu, 25 Apr 2019 19:01:09 -0700
	4	Subject: KVM: lapic: Check for in-kernel LAPIC before deferencing apic pointer
	5
	6	From: Sean Christopherson <sean.j.christopherson@intel.com>
	7
	8	commit b904cb8dff824b79233e82c078837627ebd52717 upstream.
	9
	10	...to avoid dereferencing a null pointer when querying the per-vCPU
	11	timer advance.
	12
	13	Fixes: 39497d7660d98 ("KVM: lapic: Track lapic timer advance per vCPU")
	14	Reported-by: syzbot+f7e65445a40d3e0e4ebf@syzkaller.appspotmail.com
	15	Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
	16	Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
	17	Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
	18	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	19
	20	---
	21	arch/x86/kvm/lapic.c \| 3 ---
	22	arch/x86/kvm/x86.c \| 3 ++-
	23	2 files changed, 2 insertions(+), 4 deletions(-)
	24
	25	--- a/arch/x86/kvm/lapic.c
	26	+++ b/arch/x86/kvm/lapic.c
	27	@@ -1504,9 +1504,6 @@ void wait_lapic_expire(struct kvm_vcpu *
	28	u32 timer_advance_ns = apic->lapic_timer.timer_advance_ns;
	29	u64 guest_tsc, tsc_deadline, ns;
	30
	31	- if (!lapic_in_kernel(vcpu))
	32	- return;
	33	-
	34	if (apic->lapic_timer.expired_tscdeadline == 0)
	35	return;
	36
	37	--- a/arch/x86/kvm/x86.c
	38	+++ b/arch/x86/kvm/x86.c
	39	@@ -7886,7 +7886,8 @@ static int vcpu_enter_guest(struct kvm_v
	40	}
	41
	42	trace_kvm_entry(vcpu->vcpu_id);
	43	- if (vcpu->arch.apic->lapic_timer.timer_advance_ns)
	44	+ if (lapic_in_kernel(vcpu) &&
	45	+ vcpu->arch.apic->lapic_timer.timer_advance_ns)
	46	wait_lapic_expire(vcpu);
	47	guest_enter_irqoff();
	48