From: Vitaly Kuznetsov <vkuznets@redhat.com>
To: stable@vger.kernel.org
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Radim Krčmář" <rkrcmar@redhat.com>
Subject: [PATCH stable-4.19 2/2] KVM: nVMX: Clear pending KVM_REQ_GET_VMCS12_PAGES when leaving nested
Date: Thu, 25 Jul 2019 12:46:45 +0200 [thread overview]
Message-ID: <20190725104645.30642-3-vkuznets@redhat.com> (raw)
In-Reply-To: <20190725104645.30642-1-vkuznets@redhat.com>
From: Jan Kiszka <jan.kiszka@siemens.com>
[ Upstream commit cf64527bb33f6cec2ed50f89182fc4688d0056b6 ]
Letting this pend may cause nested_get_vmcs12_pages to run against an
invalid state, corrupting the effective vmcs of L1.
This was triggerable in QEMU after a guest corruption in L2, followed by
a L1 reset.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Liran Alon <liran.alon@oracle.com>
Cc: stable@vger.kernel.org
Fixes: 7f7f1ba33cf2 ("KVM: x86: do not load vmcs12 pages while still in SMM")
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
arch/x86/kvm/vmx.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 880bc36a0d5d..4cf16378dffe 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -8490,6 +8490,8 @@ static void free_nested(struct vcpu_vmx *vmx)
if (!vmx->nested.vmxon && !vmx->nested.smm.vmxon)
return;
+ kvm_clear_request(KVM_REQ_GET_VMCS12_PAGES, &vmx->vcpu);
+
hrtimer_cancel(&vmx->nested.preemption_timer);
vmx->nested.vmxon = false;
vmx->nested.smm.vmxon = false;
--
2.20.1
next prev parent reply other threads:[~2019-07-25 10:47 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-25 10:46 [PATCH stable-4.19 0/2] KVM: nVMX: guest reset fixes Vitaly Kuznetsov
2019-07-25 10:46 ` [PATCH stable-4.19 1/2] KVM: nVMX: do not use dangling shadow VMCS after guest reset Vitaly Kuznetsov
2019-07-29 8:58 ` Jack Wang
2019-07-29 9:10 ` Paolo Bonzini
2019-07-29 9:29 ` Jack Wang
2019-07-29 9:30 ` Paolo Bonzini
2019-07-29 15:31 ` Greg Kroah-Hartman
2019-07-25 10:46 ` Vitaly Kuznetsov [this message]
2019-07-25 11:24 ` [PATCH stable-4.19 0/2] KVM: nVMX: guest reset fixes Paolo Bonzini
2019-07-26 13:48 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190725104645.30642-3-vkuznets@redhat.com \
--to=vkuznets@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=rkrcmar@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.