From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Michal Luczaj <mhal@rbox.co>
Subject: [PATCH v3 0/3] KVM: x86: Out-of-bounds access in kvm_recalculate_phys_map()
Date: Fri, 2 Jun 2023 16:32:47 -0700 [thread overview]
Message-ID: <20230602233250.1014316-1-seanjc@google.com> (raw)
In Michal's words...
kvm_recalculate_apic_map() creates the APIC map iterating over the list of
vCPUs twice. First to find the max APIC ID and allocate a max-sized buffer,
then again, calling kvm_recalculate_phys_map() for each vCPU. This opens a
race window: value of max APIC ID can increase _after_ the buffer was
allocated.
v3:
- s/race/test for the new test file
- Use kvm_vm_free() instead of kvm_vm_release() in the test
- Fix a few typos in the test
v2: https://lore.kernel.org/all/20230526235048.2842761-1-seanjc@google.com
v1: https://lore.kernel.org/all/20230525183347.2562472-1-mhal@rbox.co
Michal Luczaj (1):
KVM: selftests: Add test for race in kvm_recalculate_apic_map()
Sean Christopherson (2):
KVM: x86: Bail from kvm_recalculate_phys_map() if x2APIC ID is
out-of-bounds
KVM: x86: Retry APIC optimized map recalc if vCPU is added/enabled
arch/x86/kvm/lapic.c | 49 ++++++++++--
tools/testing/selftests/kvm/Makefile | 1 +
.../kvm/x86_64/recalc_apic_map_test.c | 74 +++++++++++++++++++
3 files changed, 118 insertions(+), 6 deletions(-)
create mode 100644 tools/testing/selftests/kvm/x86_64/recalc_apic_map_test.c
base-commit: 39428f6ea9eace95011681628717062ff7f5eb5f
--
2.41.0.rc2.161.g9c6817b8e7-goog
next reply other threads:[~2023-06-02 23:33 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-02 23:32 Sean Christopherson [this message]
2023-06-02 23:32 ` [PATCH v3 1/3] KVM: x86: Bail from kvm_recalculate_phys_map() if x2APIC ID is out-of-bounds Sean Christopherson
2023-06-03 0:19 ` Sean Christopherson
2023-06-02 23:32 ` [PATCH v3 2/3] KVM: x86: Retry APIC optimized map recalc if vCPU is added/enabled Sean Christopherson
2023-06-04 0:29 ` Michal Luczaj
2023-06-02 23:32 ` [PATCH v3 3/3] KVM: selftests: Add test for race in kvm_recalculate_apic_map() Sean Christopherson
2023-06-03 0:52 ` [PATCH v3 0/3] KVM: x86: Out-of-bounds access in kvm_recalculate_phys_map() Sean Christopherson
2023-08-03 0:04 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230602233250.1014316-1-seanjc@google.com \
--to=seanjc@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mhal@rbox.co \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.