Re: [PATCH] KVM: x86: fix vcpu initialization with userspace lapic

From: Dmitry Vyukov <dvyukov@google.com>
To: "Radim Krčmář" <rkrcmar@redhat.com>
Cc: LKML <linux-kernel@vger.kernel.org>,
	KVM list <kvm@vger.kernel.org>,
	Paolo Bonzini <pbonzini@redhat.com>,
	stable <stable@vger.kernel.org>
Subject: Re: [PATCH] KVM: x86: fix vcpu initialization with userspace lapic
Date: Thu, 1 Mar 2018 15:27:28 +0100	[thread overview]
Message-ID: <CACT4Y+ad=y2pakP-v83vF3N27ohj4_KErCZ4TkDuw71qd93hmg@mail.gmail.com> (raw)
In-Reply-To: <20180301142425.18550-1-rkrcmar@redhat.com>

On Thu, Mar 1, 2018 at 3:24 PM, Radim Krčmář <rkrcmar@redhat.com> wrote:
> Moving the code around broke this rare configuration.
> Use this opportunity to finally call lapic reset from vcpu reset.
>
> Reported-by: Dmitry Vyukov <dvyukov@google.com>

This was reported by syzbot:
https://groups.google.com/d/msg/syzkaller-bugs/QrDXoM_mQRk/mT2cebykBQAJ

Please add the
Reported-by: syzbot+fb7a33a4b6c35007a72b@syzkaller.appspotmail.com
tag so that syzbot will know when it's fixed.

> Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
> Fixes: 0b2e9904c159 ("KVM: x86: move LAPIC initialization after VMCS creation")
> Cc: stable@vger.kernel.org
> Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
> ---
>  arch/x86/kvm/lapic.c | 10 ++++------
>  arch/x86/kvm/x86.c   |  3 ++-
>  2 files changed, 6 insertions(+), 7 deletions(-)
>
> diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
> index cc5fe7a50dde..391dda8d43b7 100644
> --- a/arch/x86/kvm/lapic.c
> +++ b/arch/x86/kvm/lapic.c
> @@ -2002,14 +2002,13 @@ void kvm_lapic_set_base(struct kvm_vcpu *vcpu, u64 value)
>
>  void kvm_lapic_reset(struct kvm_vcpu *vcpu, bool init_event)
>  {
> -       struct kvm_lapic *apic;
> +       struct kvm_lapic *apic = vcpu->arch.apic;
>         int i;
>
> -       apic_debug("%s\n", __func__);
> +       if (!apic)
> +               return;
>
> -       ASSERT(vcpu);
> -       apic = vcpu->arch.apic;
> -       ASSERT(apic != NULL);
> +       apic_debug("%s\n", __func__);
>
>         /* Stop the timer in case it's a reset to an active apic */
>         hrtimer_cancel(&apic->lapic_timer.timer);
> @@ -2568,7 +2567,6 @@ void kvm_apic_accept_events(struct kvm_vcpu *vcpu)
>
>         pe = xchg(&apic->pending_events, 0);
>         if (test_bit(KVM_APIC_INIT, &pe)) {
> -               kvm_lapic_reset(vcpu, true);
>                 kvm_vcpu_reset(vcpu, true);
>                 if (kvm_vcpu_is_bsp(apic->vcpu))
>                         vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE;
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index 1a3ed81031f1..3f96b51d0495 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -8123,7 +8123,6 @@ int kvm_arch_vcpu_setup(struct kvm_vcpu *vcpu)
>         kvm_vcpu_mtrr_init(vcpu);
>         vcpu_load(vcpu);
>         kvm_vcpu_reset(vcpu, false);
> -       kvm_lapic_reset(vcpu, false);
>         kvm_mmu_setup(vcpu);
>         vcpu_put(vcpu);
>         return 0;
> @@ -8166,6 +8165,8 @@ void kvm_arch_vcpu_destroy(struct kvm_vcpu *vcpu)
>
>  void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)
>  {
> +       kvm_lapic_reset(vcpu, init_event);
> +
>         vcpu->arch.hflags = 0;
>
>         vcpu->arch.smi_pending = 0;
> --
> 2.15.1
>