+++ /dev/null
-From 95e057e25892eaa48cad1e2d637b80d0f1a4fac5 Mon Sep 17 00:00:00 2001
-From: Wanpeng Li <wanpengli@tencent.com>
-Date: Thu, 8 Feb 2018 15:32:45 +0800
-Subject: KVM: X86: Fix SMRAM accessing even if VM is shutdown
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-From: Wanpeng Li <wanpengli@tencent.com>
-
-commit 95e057e25892eaa48cad1e2d637b80d0f1a4fac5 upstream.
-
-Reported by syzkaller:
-
- WARNING: CPU: 6 PID: 2434 at arch/x86/kvm/vmx.c:6660 handle_ept_misconfig+0x54/0x1e0 [kvm_intel]
- CPU: 6 PID: 2434 Comm: repro_test Not tainted 4.15.0+ #4
- RIP: 0010:handle_ept_misconfig+0x54/0x1e0 [kvm_intel]
- Call Trace:
- vmx_handle_exit+0xbd/0xe20 [kvm_intel]
- kvm_arch_vcpu_ioctl_run+0xdaf/0x1d50 [kvm]
- kvm_vcpu_ioctl+0x3e9/0x720 [kvm]
- do_vfs_ioctl+0xa4/0x6a0
- SyS_ioctl+0x79/0x90
- entry_SYSCALL_64_fastpath+0x25/0x9c
-
-The testcase creates a first thread to issue KVM_SMI ioctl, and then creates
-a second thread to mmap and operate on the same vCPU. This triggers a race
-condition when running the testcase with multiple threads. Sometimes one thread
-exits with a triple fault while another thread mmaps and operates on the same
-vCPU. Because CS=0x3000/IP=0x8000 is not mapped, accessing the SMI handler
-results in an EPT misconfig. This patch fixes it by returning RET_PF_EMULATE
-in kvm_handle_bad_page(), which will go on to cause an emulation failure and an
-exit with KVM_EXIT_INTERNAL_ERROR.
-
-Reported-by: syzbot+c1d9517cab094dae65e446c0c5b4de6c40f4dc58@syzkaller.appspotmail.com
-Cc: Paolo Bonzini <pbonzini@redhat.com>
-Cc: Radim Krčmář <rkrcmar@redhat.com>
-Cc: stable@vger.kernel.org
-Signed-off-by: Wanpeng Li <wanpengli@tencent.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- arch/x86/kvm/mmu.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/arch/x86/kvm/mmu.c
-+++ b/arch/x86/kvm/mmu.c
-@@ -2775,7 +2775,7 @@ static int kvm_handle_bad_page(struct kv
- return 0;
- }
-
-- return -EFAULT;
-+ return RET_PF_EMULATE;
- }
-
- static void transparent_hugepage_adjust(struct kvm_vcpu *vcpu,
media-m88ds3103-don-t-call-a-non-initalized-function.patch
nospec-allow-index-argument-to-have-const-qualified-type.patch
arm-mvebu-fix-broken-pl310_errata_753970-selects.patch
-kvm-x86-fix-smram-accessing-even-if-vm-is-shutdown.patch
kvm-mmu-fix-overlap-between-public-and-private-memslots.patch
+++ /dev/null
-From 95e057e25892eaa48cad1e2d637b80d0f1a4fac5 Mon Sep 17 00:00:00 2001
-From: Wanpeng Li <wanpengli@tencent.com>
-Date: Thu, 8 Feb 2018 15:32:45 +0800
-Subject: KVM: X86: Fix SMRAM accessing even if VM is shutdown
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-From: Wanpeng Li <wanpengli@tencent.com>
-
-commit 95e057e25892eaa48cad1e2d637b80d0f1a4fac5 upstream.
-
-Reported by syzkaller:
-
- WARNING: CPU: 6 PID: 2434 at arch/x86/kvm/vmx.c:6660 handle_ept_misconfig+0x54/0x1e0 [kvm_intel]
- CPU: 6 PID: 2434 Comm: repro_test Not tainted 4.15.0+ #4
- RIP: 0010:handle_ept_misconfig+0x54/0x1e0 [kvm_intel]
- Call Trace:
- vmx_handle_exit+0xbd/0xe20 [kvm_intel]
- kvm_arch_vcpu_ioctl_run+0xdaf/0x1d50 [kvm]
- kvm_vcpu_ioctl+0x3e9/0x720 [kvm]
- do_vfs_ioctl+0xa4/0x6a0
- SyS_ioctl+0x79/0x90
- entry_SYSCALL_64_fastpath+0x25/0x9c
-
-The testcase creates a first thread to issue KVM_SMI ioctl, and then creates
-a second thread to mmap and operate on the same vCPU. This triggers a race
-condition when running the testcase with multiple threads. Sometimes one thread
-exits with a triple fault while another thread mmaps and operates on the same
-vCPU. Because CS=0x3000/IP=0x8000 is not mapped, accessing the SMI handler
-results in an EPT misconfig. This patch fixes it by returning RET_PF_EMULATE
-in kvm_handle_bad_page(), which will go on to cause an emulation failure and an
-exit with KVM_EXIT_INTERNAL_ERROR.
-
-Reported-by: syzbot+c1d9517cab094dae65e446c0c5b4de6c40f4dc58@syzkaller.appspotmail.com
-Cc: Paolo Bonzini <pbonzini@redhat.com>
-Cc: Radim Krčmář <rkrcmar@redhat.com>
-Cc: stable@vger.kernel.org
-Signed-off-by: Wanpeng Li <wanpengli@tencent.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- arch/x86/kvm/mmu.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/arch/x86/kvm/mmu.c
-+++ b/arch/x86/kvm/mmu.c
-@@ -2808,7 +2808,7 @@ static int kvm_handle_bad_page(struct kv
- return 0;
- }
-
-- return -EFAULT;
-+ return RET_PF_EMULATE;
- }
-
- static void transparent_hugepage_adjust(struct kvm_vcpu *vcpu,
nospec-allow-index-argument-to-have-const-qualified-type.patch
arm-mvebu-fix-broken-pl310_errata_753970-selects.patch
arm-kvm-fix-building-with-gcc-8.patch
-kvm-x86-fix-smram-accessing-even-if-vm-is-shutdown.patch
kvm-mmu-fix-overlap-between-public-and-private-memslots.patch
kvm-x86-remove-indirect-msr-op-calls-from-spec_ctrl.patch
kvm-vmx-optimize-vmx_vcpu_run-and-svm_vcpu_run-by-marking-the-rdmsr-path-as-unlikely.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
