From: Kishen Maloor <kishen.maloor@intel.com>
To: kvm@vger.kernel.org, seanjc@google.com, pbonzini@redhat.com,
mlevitsk@redhat.com, zheyuma97@gmail.com
Cc: Kishen Maloor <kishen.maloor@intel.com>
Subject: [PATCH v3 0/2] Address syzkaller warnings in nested VM-Exit after RSM
Date: Wed, 1 May 2024 16:29:32 -0400 [thread overview]
Message-ID: <20240501202934.1365061-1-kishen.maloor@intel.com> (raw)
This series aims to close the loop on a prior conversation on this matter.
I have picked this up from Michal Wilczynski who had proposed different
fixes (v1 and v2).
v2: https://lore.kernel.org/all/20240123001555.4168188-1-michal.wilczynski@intel.com/
v1: https://lore.kernel.org/all/20231222164543.918037-1-michal.wilczynski@intel.com/
The issue was initially reported here:
https://lore.kernel.org/all/CAMhUBjmXMYsEoVYw_M8hSZjBMHh24i88QYm-RY6HDta5YZ7Wgw@mail.gmail.com/
It is caused by setting nested_run_pending in the vendor-specific leave_smm()
callback from the RSM emulation. The syzkaller test produced a triple fault in
rsm_load_state_64() resulting in a nested VM-Exit with nested_run_pending being
set and triggered the warnings. The commit message for patch 2 has a detailed
description of the flow.
The patches do the following:
a) Move nested_run_pending out of vendor structs and into the x86 kvm_vcpu_arch
so it can be accessed by common x86 code (e.g., the SMM emulation).
The usage and semantics of this flag are common between SVM and VMX.
b) Set nested_run_pending only after a successful RSM emulation.
This evidently resolves the issue, but I would appreciate feedback
(if the patches are acceptable) and/or suggestions.
Kishen Maloor (2):
KVM: x86: nSVM/nVMX: Move nested_run_pending to kvm_vcpu_arch
KVM: x86: nSVM/nVMX: Fix RSM logic leading to L2 VM-Entries
arch/x86/include/asm/kvm_host.h | 1 +
arch/x86/kvm/smm.c | 12 ++++++++--
arch/x86/kvm/svm/nested.c | 14 +++++------
arch/x86/kvm/svm/svm.c | 12 ++++------
arch/x86/kvm/svm/svm.h | 4 ----
arch/x86/kvm/vmx/nested.c | 42 ++++++++++++++++-----------------
arch/x86/kvm/vmx/vmx.c | 13 +++++-----
arch/x86/kvm/vmx/vmx.h | 3 ---
8 files changed, 50 insertions(+), 51 deletions(-)
--
2.31.1
next reply other threads:[~2024-05-01 20:29 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-01 20:29 Kishen Maloor [this message]
2024-05-01 20:29 ` [PATCH v3 1/2] KVM: x86: nSVM/nVMX: Move nested_run_pending to kvm_vcpu_arch Kishen Maloor
2024-05-01 20:29 ` [PATCH v3 2/2] KVM: x86: nSVM/nVMX: Fix RSM logic leading to L2 VM-Entries Kishen Maloor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240501202934.1365061-1-kishen.maloor@intel.com \
--to=kishen.maloor@intel.com \
--cc=kvm@vger.kernel.org \
--cc=mlevitsk@redhat.com \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=zheyuma97@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).