[stable-4.14 0/2] 2 kvm fix for 4.14

[stable-4.14 0/2] 2 kvm fix for 4.14

[Jack Wang]

From: Jack Wang <jinpu.wang@profitbricks.com>

Hi Greg,

I noticed 2 fixes for kvm are missing in your queue-4.14, both are bugfix,
can be cherry pick cleanly.

The patch from Tianyu should close bug below, also included in 3.16
https://bugzilla.kernel.org/show_bug.cgi?id=198991

Eric Biggers (1):
  KVM/x86: remove WARN_ON() for when vm_munmap() fails

Tianyu Lan (1):
  KVM/x86: Fix wrong macro references of X86_CR0_PG_BIT and
    X86_CR4_PAE_BIT in kvm_valid_sregs()

 arch/x86/kvm/x86.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

-- 
2.7.4

[stable-4.14 1/2] KVM/x86: Fix wrong macro references of X86_CR0_PG_BIT and X86_CR4_PAE_BIT in kvm_valid_sregs()

[Jack Wang]

From: Tianyu Lan <lantianyu1986@gmail.com>

commit 37b95951c58fdf08dc10afa9d02066ed9f176fb5 upstream.

kvm_valid_sregs() should use X86_CR0_PG and X86_CR4_PAE to check bit
status rather than X86_CR0_PG_BIT and X86_CR4_PAE_BIT. This patch is
to fix it.

Fixes: f29810335965a(KVM/x86: Check input paging mode when cs.l is set)
Reported-by: Jeremi Piotrowski <jeremi.piotrowski@gmail.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Tianyu Lan <Tianyu.Lan@microsoft.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
[jwang: cherry pick to 4.14]
Signed-off-by: Jack Wang <jinpu.wang@profitbricks.com>
---
 arch/x86/kvm/x86.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 0dcd7bf..03a5d3b 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -7482,13 +7482,13 @@ EXPORT_SYMBOL_GPL(kvm_task_switch);
 
 int kvm_valid_sregs(struct kvm_vcpu *vcpu, struct kvm_sregs *sregs)
 {
-	if ((sregs->efer & EFER_LME) && (sregs->cr0 & X86_CR0_PG_BIT)) {
+	if ((sregs->efer & EFER_LME) && (sregs->cr0 & X86_CR0_PG)) {
 		/*
 		 * When EFER.LME and CR0.PG are set, the processor is in
 		 * 64-bit mode (though maybe in a 32-bit code segment).
 		 * CR4.PAE and EFER.LMA must be set.
 		 */
-		if (!(sregs->cr4 & X86_CR4_PAE_BIT)
+		if (!(sregs->cr4 & X86_CR4_PAE)
 		    || !(sregs->efer & EFER_LMA))
 			return -EINVAL;
 	} else {
-- 
2.7.4

[stable-4.14 2/2] KVM/x86: remove WARN_ON() for when vm_munmap() fails

[Jack Wang]

From: Eric Biggers <ebiggers@google.com>

commit 103c763c72dd2df3e8c91f2d7ec88f98ed391111 upstream.

On x86, special KVM memslots such as the TSS region have anonymous
memory mappings created on behalf of userspace, and these mappings are
removed when the VM is destroyed.

It is however possible for removing these mappings via vm_munmap() to
fail.  This can most easily happen if the thread receives SIGKILL while
it's waiting to acquire ->mmap_sem.   This triggers the 'WARN_ON(r < 0)'
in __x86_set_memory_region().  syzkaller was able to hit this, using
'exit()' to send the SIGKILL.  Note that while the vm_munmap() failure
results in the mapping not being removed immediately, it is not leaked
forever but rather will be freed when the process exits.

It's not really possible to handle this failure properly, so almost
every other caller of vm_munmap() doesn't check the return value.  It's
a limitation of having the kernel manage these mappings rather than
userspace.

So just remove the WARN_ON() so that users can't spam the kernel log
with this warning.

Fixes: f0d648bdf0a5 ("KVM: x86: map/unmap private slots in __x86_set_memory_region")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
[jwang: cherry pick to 4.14]
Signed-off-by: Jack Wang <jinpu.wang@profitbricks.com>
---
 arch/x86/kvm/x86.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 03a5d3b..b3e5cc3 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -8249,10 +8249,8 @@ int __x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size)
 			return r;
 	}
 
-	if (!size) {
-		r = vm_munmap(old.userspace_addr, old.npages * PAGE_SIZE);
-		WARN_ON(r < 0);
-	}
+	if (!size)
+		vm_munmap(old.userspace_addr, old.npages * PAGE_SIZE);
 
 	return 0;
 }
-- 
2.7.4

Re: [stable-4.14 0/2] 2 kvm fix for 4.14

[Greg KH]

On Wed, Mar 07, 2018 at 05:04:03PM +0100, Jack Wang wrote:
> From: Jack Wang <jinpu.wang@profitbricks.com>
> 
> Hi Greg,
> 
> I noticed 2 fixes for kvm are missing in your queue-4.14, both are bugfix,
> can be cherry pick cleanly.
> 
> The patch from Tianyu should close bug below, also included in 3.16
> https://bugzilla.kernel.org/show_bug.cgi?id=198991

Thanks for these, now queued up.

greg k-h

Re: [stable-4.14 0/2] 2 kvm fix for 4.14

[Jinpu Wang]

On Wed, Mar 7, 2018 at 6:17 PM, Greg KH <gregkh@linuxfoundation.org> wrote:
> On Wed, Mar 07, 2018 at 05:04:03PM +0100, Jack Wang wrote:
>> From: Jack Wang <jinpu.wang@profitbricks.com>
>>
>> Hi Greg,
>>
>> I noticed 2 fixes for kvm are missing in your queue-4.14, both are bugfix,
>> can be cherry pick cleanly.
>>
>> The patch from Tianyu should close bug below, also included in 3.16
>> https://bugzilla.kernel.org/show_bug.cgi?id=198991
>
> Thanks for these, now queued up.
>
> greg k-h

Thanks Greg.

-- 
Jack Wang
Linux Kernel Developer

ProfitBricks GmbH
Greifswalder Str. 207
D - 10405 Berlin

Tel:       +49 30 577 008  042
Fax:      +49 30 577 008 299
Email:    jinpu.wang@profitbricks.com
URL:      https://www.profitbricks.de

Sitz der Gesellschaft: Berlin
Registergericht: Amtsgericht Charlottenburg, HRB 125506 B
Geschäftsführer: Achim Weiss,  Matthias Steinberg