linux_dsm_epyc7002/arch/x86
Wanpeng Li 95e057e258 KVM: X86: Fix SMRAM accessing even if VM is shutdown
Reported by syzkaller:

   WARNING: CPU: 6 PID: 2434 at arch/x86/kvm/vmx.c:6660 handle_ept_misconfig+0x54/0x1e0 [kvm_intel]
   CPU: 6 PID: 2434 Comm: repro_test Not tainted 4.15.0+ #4
   RIP: 0010:handle_ept_misconfig+0x54/0x1e0 [kvm_intel]
   Call Trace:
    vmx_handle_exit+0xbd/0xe20 [kvm_intel]
    kvm_arch_vcpu_ioctl_run+0xdaf/0x1d50 [kvm]
    kvm_vcpu_ioctl+0x3e9/0x720 [kvm]
    do_vfs_ioctl+0xa4/0x6a0
    SyS_ioctl+0x79/0x90
    entry_SYSCALL_64_fastpath+0x25/0x9c

The testcase creates a first thread to issue KVM_SMI ioctl, and then creates
a second thread to mmap and operate on the same vCPU.  This triggers a race
condition when running the testcase with multiple threads. Sometimes one thread
exits with a triple fault while another thread mmaps and operates on the same
vCPU.  Because CS=0x3000/IP=0x8000 is not mapped, accessing the SMI handler
results in an EPT misconfig. This patch fixes it by returning RET_PF_EMULATE
in kvm_handle_bad_page(), which will go on to cause an emulation failure and an
exit with KVM_EXIT_INTERNAL_ERROR.

Reported-by: syzbot+c1d9517cab094dae65e446c0c5b4de6c40f4dc58@syzkaller.appspotmail.com
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Wanpeng Li <wanpengli@tencent.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-24 01:43:37 +01:00
..
boot Merge branch 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2018-01-31 13:12:31 -08:00
configs
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2018-01-31 14:22:45 -08:00
entry KVM changes for 4.16 2018-02-10 13:16:35 -08:00
events x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS 2018-02-05 13:48:44 -03:00
hyperv KVM changes for 4.16 2018-02-10 13:16:35 -08:00
ia32
include KVM changes for 4.16 2018-02-10 13:16:35 -08:00
kernel vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
kvm KVM: X86: Fix SMRAM accessing even if VM is shutdown 2018-02-24 01:43:37 +01:00
lib Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-02-04 11:45:55 -08:00
math-emu
mm KVM changes for 4.16 2018-02-10 13:16:35 -08:00
net bpf, x86_64: remove obsolete exception handling from div/mod 2018-01-26 16:42:06 -08:00
oprofile Modules updates for v4.15 2017-11-15 13:46:33 -08:00
pci pci-v4.16-changes 2018-02-06 09:59:40 -08:00
platform drm/graphics pull request for v4.16-rc1 2018-02-01 17:48:47 -08:00
power x86: hibernate: fix swsusp_arch_resume() prototype 2018-02-07 12:18:23 +01:00
purgatory
ras
realmode
tools x86/tools: Standardize output format of insn_decode_test 2017-12-12 13:27:47 +01:00
um Merge commit 'upstream-x86-entry' into WIP.x86/mm 2017-12-17 12:58:53 +01:00
video
xen xen: fixes for 4.16 rc1 2018-02-09 10:07:39 -08:00
.gitignore
Kbuild
Kconfig Merge branch 'akpm' (patches from Andrew) 2018-02-06 22:15:42 -08:00
Kconfig.cpu
Kconfig.debug Merge branch 'x86-cleanups-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-01-30 13:01:09 -08:00
Makefile Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-01-14 15:30:02 -08:00
Makefile_32.cpu
Makefile.um