From: "Levin, Alexander (Sasha Levin)" <alexander.levin@verizon.com>
To: "stable@vger.kernel.org" <stable@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Cc: "Dmitry Vyukov" <dvyukov@google.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Radim Krčmář" <rkrcmar@redhat.com>,
"Wanpeng Li" <wanpeng.li@hotmail.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"syzkaller@googlegroups.com" <syzkaller@googlegroups.com>,
"Levin, Alexander (Sasha Levin)" <alexander.levin@verizon.com>
Subject: [PATCH for v4.9 LTS 14/86] KVM: x86: fix fixing of hypercalls
Date: Sat, 17 Jun 2017 22:24:31 +0000 [thread overview]
Message-ID: <20170617222420.19316-14-alexander.levin@verizon.com> (raw)
In-Reply-To: <20170617222420.19316-1-alexander.levin@verizon.com>
From: Dmitry Vyukov <dvyukov@google.com>
[ Upstream commit ce2e852ecc9a42e4b8dabb46025cfef63209234a ]
emulator_fix_hypercall() replaces hypercall with vmcall instruction,
but it does not handle GP exception properly when writes the new instruction.
It can return X86EMUL_PROPAGATE_FAULT without setting exception information.
This leads to incorrect emulation and triggers
WARN_ON(ctxt->exception.vector > 0x1f) in x86_emulate_insn()
as discovered by syzkaller fuzzer:
WARNING: CPU: 2 PID: 18646 at arch/x86/kvm/emulate.c:5558
Call Trace:
warn_slowpath_null+0x2c/0x40 kernel/panic.c:582
x86_emulate_insn+0x16a5/0x4090 arch/x86/kvm/emulate.c:5572
x86_emulate_instruction+0x403/0x1cc0 arch/x86/kvm/x86.c:5618
emulate_instruction arch/x86/include/asm/kvm_host.h:1127 [inline]
handle_exception+0x594/0xfd0 arch/x86/kvm/vmx.c:5762
vmx_handle_exit+0x2b7/0x38b0 arch/x86/kvm/vmx.c:8625
vcpu_enter_guest arch/x86/kvm/x86.c:6888 [inline]
vcpu_run arch/x86/kvm/x86.c:6947 [inline]
Set exception information when write in emulator_fix_hypercall() fails.
Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: Wanpeng Li <wanpeng.li@hotmail.com>
Cc: kvm@vger.kernel.org
Cc: syzkaller@googlegroups.com
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
---
arch/x86/kvm/x86.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 62cde4f67c72..ab3f00399cbb 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -6111,7 +6111,8 @@ static int emulator_fix_hypercall(struct x86_emulate_ctxt *ctxt)
kvm_x86_ops->patch_hypercall(vcpu, instruction);
- return emulator_write_emulated(ctxt, rip, instruction, 3, NULL);
+ return emulator_write_emulated(ctxt, rip, instruction, 3,
+ &ctxt->exception);
}
static int dm_request_for_irq_injection(struct kvm_vcpu *vcpu)
--
2.11.0
next prev parent reply other threads:[~2017-06-17 22:40 UTC|newest]
Thread overview: 90+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-17 22:24 [PATCH for v4.9 LTS 01/86] sparc64: Handle PIO & MEM non-resumable errors Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 02/86] sparc64: Zero pages on allocation for mondo and error queues Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 04/86] net: phy: add an option to disable EEE advertisement Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 03/86] net: ethtool: add support for 2500BaseT and 5000BaseT link modes Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 06/86] net: phy: fix sign type error in genphy_config_eee_advert Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 05/86] dt-bindings: net: add EEE capability constants Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 09/86] ARM64: dts: amlogic: Add Meson GX dtsi from GXBB Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 08/86] dt: bindings: net: use boolean dt properties for eee broken modes Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 07/86] net: phy: " Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 12/86] perf/x86/intel: Handle exclusive threadid correctly on CPU hotplug Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 11/86] ARM64: dts: meson-gxbb-odroidc2: fix GbE tx link breakage Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 10/86] ARM64: dts: meson-gx: Add firmware reserved memory zones Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` Levin, Alexander (Sasha Levin) [this message]
2017-06-17 22:24 ` [PATCH for v4.9 LTS 13/86] ubifs: allow encryption ioctls in compat mode Levin, Alexander (Sasha Levin)
2017-06-19 17:02 ` Eric Biggers
2017-06-19 19:21 ` Richard Weinberger
2017-06-19 19:41 ` Levin, Alexander (Sasha Levin)
2017-06-19 20:09 ` Richard Weinberger
2017-06-17 22:24 ` [PATCH for v4.9 LTS 16/86] stmmac: add missing of_node_put Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 15/86] scsi: sd: Fix wrong DPOFUA disable in sd_read_cache_type Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 17/86] scsi: lpfc: Set elsiocb contexts to NULL after freeing it Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 19/86] qla2xxx: Fix erroneous invalid handle message Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 18/86] qla2xxx: Terminate exchange if corrupted Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 22/86] net: phy: dp83848: add DP83620 PHY support Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 21/86] drm/amdgpu: add support for new hainan variants Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 20/86] drm/amdgpu: fix program vce instance logic error Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 24/86] net: ethtool: Initialize buffer when querying device channel settings Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 23/86] powerpc/eeh: Enable IO path on permanent error Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 25/86] xen-netback: fix memory leaks on XenBus disconnect Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 27/86] bnxt_en: Fix "uninitialized variable" bug in TPA code path Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 26/86] xen-netback: protect resource cleaning on XenBus disconnect Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 29/86] objtool: Fix IRET's opcode Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 30/86] gianfar: Do not reuse pages from emergency reserve Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 28/86] bpf: don't trigger OOM killer under pressure with map alloc Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 32/86] Btrfs: fix truncate down when no_holes feature is enabled Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 33/86] virtio_console: fix a crash in config_work_handler Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 31/86] Btrfs: Fix deadlock between direct IO and fast fsync Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 35/86] net: sctp: fix array overrun read on sctp_timer_tbl Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 36/86] xen-netfront: Fix Rx stall during network stress and OOM Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 34/86] swiotlb-xen: update dev_addr after swapping pages Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 37/86] scsi: virtio_scsi: Reject commands when virtqueue is broken Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 39/86] platform/x86: ideapad-laptop: handle ACPI event 1 Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 38/86] iwlwifi: fix kernel crash when unregistering thermal zone Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 41/86] net: dsa: Check return value of phy_connect_direct() Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 40/86] amd-xgbe: Check xgbe_init() return code Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 42/86] drm/amdgpu: check ring being ready before using Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 44/86] mlxsw: spectrum_router: Correctly reallocate adjacency entries Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 43/86] vfio/spapr: fail tce_iommu_attach_group() when iommu_data is null Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 45/86] virtio_net: fix PAGE_SIZE > 64k Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 46/86] ip6_tunnel: must reload ipv6h in ip6ip6_tnl_xmit() Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 47/86] vxlan: do not age static remote mac entries Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 50/86] Documentation: devicetree: change the mediatek ethernet compatible string Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 48/86] ibmveth: Add a proper check for the availability of the checksum features Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 49/86] kernel/panic.c: add missing \n Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 52/86] perf/x86/intel/uncore: Fix hardcoded socket 0 assumption in the Haswell init code Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 51/86] drm/etnaviv: trick drm_mm into giving out a low IOVA Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 53/86] pinctrl: intel: Set pin direction properly Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 54/86] net: phy: marvell: fix Marvell 88E1512 used in SGMII mode Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 55/86] mac80211: recalculate min channel width on VHT opmode changes Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 57/86] HID: i2c-hid: Add sleep between POWER ON and RESET Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 58/86] scsi: lpfc: avoid double free of resource identifiers Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 56/86] perf/x86/intel: Use ULL constant to prevent undefined shift behaviour Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 60/86] usb: dwc3: exynos fix axius clock error path to do cleanup Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 59/86] usb: gadget: composite: Fix function used to free memory Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 61/86] spi: davinci: use dma_mapping_error() Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 62/86] arm64: assembler: make adr_l work in modules under KASLR Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 64/86] drm/radeon/si: load special ucode for certain MC configs Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 63/86] net: thunderx: acpi: fix LMAC initialization Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 66/86] drm/amd/powerplay: refine vce dpm update code on Cz Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 65/86] drm/amd/powerplay: fix vce cg logic error on CZ/St Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 67/86] pmem: return EIO on read_pmem() failure Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 68/86] mac80211: initialize SMPS field in HT capabilities Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 69/86] KVM: arm64: Access CNTHCTL_EL2 bit fields correctly on VHE systems Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 70/86] x86/tsc: Add the Intel Denverton Processor to native_calibrate_tsc() Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 72/86] perf/core: Fix sys_perf_event_open() vs. hotplug Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 71/86] x86/mpx: Use compatible types in comparison to fix sparse error Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 73/86] perf/x86: Reject non sampling events with precise_ip Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 74/86] aio: fix lock dep warning Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 76/86] swiotlb: ensure that page-sized mappings are page-aligned Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 75/86] coredump: Ensure proper size of sparse core files Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 77/86] s390/ctl_reg: make __ctl_load a full memory barrier Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 79/86] be2net: fix status check in be_cmd_pmac_add() Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 80/86] be2net: don't delete MAC on close on unprivileged BE3 VFs Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 78/86] usb: dwc2: gadget: Fix GUSBCFG.USBTRDTIM value Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 83/86] net: phy: dp83867: allow RGMII_TXID/RGMII_RXID interface types Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 81/86] be2net: fix MAC addr setting on privileged BE3 VFs Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 82/86] perf probe: Fix to show correct locations for events on modules Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 84/86] tipc: allocate user memory with GFP_KERNEL flag Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 85/86] perf probe: Fix to probe on gcc generated functions in modules Levin, Alexander (Sasha Levin)
2017-06-17 22:24 ` [PATCH for v4.9 LTS 86/86] net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV Levin, Alexander (Sasha Levin)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170617222420.19316-14-alexander.levin@verizon.com \
--to=alexander.levin@verizon.com \
--cc=dvyukov@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=rkrcmar@redhat.com \
--cc=stable@vger.kernel.org \
--cc=syzkaller@googlegroups.com \
--cc=wanpeng.li@hotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.