From: Greg Kroah-Hartman Date: Wed, 7 Mar 2018 15:03:17 +0000 (-0800) Subject: drop broken kvm patch X-Git-Tag: v4.14.25~29 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c8a4da13780a8e49be3663dbc2453118232c0e02;p=thirdparty%2Fkernel%2Fstable-queue.git drop broken kvm patch --- diff --git a/queue-4.4/kvm-x86-fix-smram-accessing-even-if-vm-is-shutdown.patch b/queue-4.4/kvm-x86-fix-smram-accessing-even-if-vm-is-shutdown.patch deleted file mode 100644 index 10a94cb4f9c..00000000000 --- a/queue-4.4/kvm-x86-fix-smram-accessing-even-if-vm-is-shutdown.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 95e057e25892eaa48cad1e2d637b80d0f1a4fac5 Mon Sep 17 00:00:00 2001 -From: Wanpeng Li -Date: Thu, 8 Feb 2018 15:32:45 +0800 -Subject: KVM: X86: Fix SMRAM accessing even if VM is shutdown -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -From: Wanpeng Li - -commit 95e057e25892eaa48cad1e2d637b80d0f1a4fac5 upstream. - -Reported by syzkaller: - - WARNING: CPU: 6 PID: 2434 at arch/x86/kvm/vmx.c:6660 handle_ept_misconfig+0x54/0x1e0 [kvm_intel] - CPU: 6 PID: 2434 Comm: repro_test Not tainted 4.15.0+ #4 - RIP: 0010:handle_ept_misconfig+0x54/0x1e0 [kvm_intel] - Call Trace: - vmx_handle_exit+0xbd/0xe20 [kvm_intel] - kvm_arch_vcpu_ioctl_run+0xdaf/0x1d50 [kvm] - kvm_vcpu_ioctl+0x3e9/0x720 [kvm] - do_vfs_ioctl+0xa4/0x6a0 - SyS_ioctl+0x79/0x90 - entry_SYSCALL_64_fastpath+0x25/0x9c - -The testcase creates a first thread to issue KVM_SMI ioctl, and then creates -a second thread to mmap and operate on the same vCPU. This triggers a race -condition when running the testcase with multiple threads. Sometimes one thread -exits with a triple fault while another thread mmaps and operates on the same -vCPU. Because CS=0x3000/IP=0x8000 is not mapped, accessing the SMI handler -results in an EPT misconfig. This patch fixes it by returning RET_PF_EMULATE -in kvm_handle_bad_page(), which will go on to cause an emulation failure and an -exit with KVM_EXIT_INTERNAL_ERROR. - -Reported-by: syzbot+c1d9517cab094dae65e446c0c5b4de6c40f4dc58@syzkaller.appspotmail.com -Cc: Paolo Bonzini -Cc: Radim Krčmář -Cc: stable@vger.kernel.org -Signed-off-by: Wanpeng Li -Signed-off-by: Paolo Bonzini -Signed-off-by: Greg Kroah-Hartman - ---- - arch/x86/kvm/mmu.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/arch/x86/kvm/mmu.c -+++ b/arch/x86/kvm/mmu.c -@@ -2775,7 +2775,7 @@ static int kvm_handle_bad_page(struct kv - return 0; - } - -- return -EFAULT; -+ return RET_PF_EMULATE; - } - - static void transparent_hugepage_adjust(struct kvm_vcpu *vcpu, diff --git a/queue-4.4/series b/queue-4.4/series index 19e1d0096ea..ae6bbc8d1a8 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -7,5 +7,4 @@ cpufreq-s3c24xx-fix-broken-s3c_cpufreq_init.patch media-m88ds3103-don-t-call-a-non-initalized-function.patch nospec-allow-index-argument-to-have-const-qualified-type.patch arm-mvebu-fix-broken-pl310_errata_753970-selects.patch -kvm-x86-fix-smram-accessing-even-if-vm-is-shutdown.patch kvm-mmu-fix-overlap-between-public-and-private-memslots.patch diff --git a/queue-4.9/kvm-x86-fix-smram-accessing-even-if-vm-is-shutdown.patch b/queue-4.9/kvm-x86-fix-smram-accessing-even-if-vm-is-shutdown.patch deleted file mode 100644 index cf51c28a9f6..00000000000 --- a/queue-4.9/kvm-x86-fix-smram-accessing-even-if-vm-is-shutdown.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 95e057e25892eaa48cad1e2d637b80d0f1a4fac5 Mon Sep 17 00:00:00 2001 -From: Wanpeng Li -Date: Thu, 8 Feb 2018 15:32:45 +0800 -Subject: KVM: X86: Fix SMRAM accessing even if VM is shutdown -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -From: Wanpeng Li - -commit 95e057e25892eaa48cad1e2d637b80d0f1a4fac5 upstream. - -Reported by syzkaller: - - WARNING: CPU: 6 PID: 2434 at arch/x86/kvm/vmx.c:6660 handle_ept_misconfig+0x54/0x1e0 [kvm_intel] - CPU: 6 PID: 2434 Comm: repro_test Not tainted 4.15.0+ #4 - RIP: 0010:handle_ept_misconfig+0x54/0x1e0 [kvm_intel] - Call Trace: - vmx_handle_exit+0xbd/0xe20 [kvm_intel] - kvm_arch_vcpu_ioctl_run+0xdaf/0x1d50 [kvm] - kvm_vcpu_ioctl+0x3e9/0x720 [kvm] - do_vfs_ioctl+0xa4/0x6a0 - SyS_ioctl+0x79/0x90 - entry_SYSCALL_64_fastpath+0x25/0x9c - -The testcase creates a first thread to issue KVM_SMI ioctl, and then creates -a second thread to mmap and operate on the same vCPU. This triggers a race -condition when running the testcase with multiple threads. Sometimes one thread -exits with a triple fault while another thread mmaps and operates on the same -vCPU. Because CS=0x3000/IP=0x8000 is not mapped, accessing the SMI handler -results in an EPT misconfig. This patch fixes it by returning RET_PF_EMULATE -in kvm_handle_bad_page(), which will go on to cause an emulation failure and an -exit with KVM_EXIT_INTERNAL_ERROR. - -Reported-by: syzbot+c1d9517cab094dae65e446c0c5b4de6c40f4dc58@syzkaller.appspotmail.com -Cc: Paolo Bonzini -Cc: Radim Krčmář -Cc: stable@vger.kernel.org -Signed-off-by: Wanpeng Li -Signed-off-by: Paolo Bonzini -Signed-off-by: Greg Kroah-Hartman - ---- - arch/x86/kvm/mmu.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/arch/x86/kvm/mmu.c -+++ b/arch/x86/kvm/mmu.c -@@ -2808,7 +2808,7 @@ static int kvm_handle_bad_page(struct kv - return 0; - } - -- return -EFAULT; -+ return RET_PF_EMULATE; - } - - static void transparent_hugepage_adjust(struct kvm_vcpu *vcpu, diff --git a/queue-4.9/series b/queue-4.9/series index c8f8f2d03f3..cb4640c3ac4 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -18,7 +18,6 @@ media-m88ds3103-don-t-call-a-non-initalized-function.patch nospec-allow-index-argument-to-have-const-qualified-type.patch arm-mvebu-fix-broken-pl310_errata_753970-selects.patch arm-kvm-fix-building-with-gcc-8.patch -kvm-x86-fix-smram-accessing-even-if-vm-is-shutdown.patch kvm-mmu-fix-overlap-between-public-and-private-memslots.patch kvm-x86-remove-indirect-msr-op-calls-from-spec_ctrl.patch kvm-vmx-optimize-vmx_vcpu_run-and-svm_vcpu_run-by-marking-the-rdmsr-path-as-unlikely.patch