Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp423285ybi; Fri, 26 Jul 2019 12:05:01 -0700 (PDT) X-Google-Smtp-Source: APXvYqy/ZOLGrTcUeZEvin+Z/HrvWMqi/8CQkCVJARK/gNzPblI0AzjBXFq3sXiQeOr0dAIRSp7E X-Received: by 2002:a63:1723:: with SMTP id x35mr91518040pgl.233.1564167901023; Fri, 26 Jul 2019 12:05:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564167901; cv=none; d=google.com; s=arc-20160816; b=Oilrj90FDDsvBjhB/MEBqRq2aa6WeneX2vDuVTH5YookEjL8LvIW2NKh0lcLj13hUz SF/llU34GLOfHKQ0QTY0zg8TvQ6lIfrRhsY3iWK/X3SwS8rEr/gGwWCAWnAQWk5l4+kw CIUEJ2SSKpdOOWsAYY80aqTc07i8IbmsFjKrBs4yj6kkLMVHFydY9bc7d8y0ma3wEKnm I/a6fA0kB28OMpnUBpbf/dxFNcobAqaqn5AZyxNvSUzAmtYQMAapeWsGd5yeQLvDE591 IkU/c2YKzeYR2mIVIRuLHRiMh7THYEJ2DvQbaA9CrJQexjiWJQH1/Z5qvRGKzTu4T2yF LIxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=gRR1h7uKIfUZA+Q8VDPjLfol2ehG91qmQkA8dKtEbqU=; b=fnr8E7F08hyyaKnPWcfaccOMiuM2H2+ZlU8fNZqaEZx32n4WKfgm+lPD+CdWubdqSx TLKHQO1fNuu/6lGTjtQjiOij7J5+hOZ13QUxciGvWeJ54nm8bZVmaAAQZv6vPkE4ppUx 4Hi3bduROJkXfd27J1MlFpdIAh/Xb/SGq5nplJJq4+MrJece9JzC3ANcXGZs3x//pvDO IPSNorT5PfiAhRqdb4E4TTcTW6olVehXpJFM/GcJQtJFXzqm20mG57551SmnM+5wc7fM ymAoDeVfZKjjzYbAL2ORTPTaW5brdy/zQtxgsFsrUBE3Nivmc9rOLE638D0oASA5o4Jr zz1w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=F0cqRbTk; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q10si19470861pgf.529.2019.07.26.12.04.45; Fri, 26 Jul 2019 12:05:00 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=F0cqRbTk; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389765AbfGZPd6 (ORCPT + 99 others); Fri, 26 Jul 2019 11:33:58 -0400 Received: from mail.kernel.org ([198.145.29.99]:49462 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389755AbfGZPd5 (ORCPT ); Fri, 26 Jul 2019 11:33:57 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id ADF62205F4; Fri, 26 Jul 2019 15:33:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1564155237; bh=T1Jxpb4wbUn3ZOVq1UmI4f/S3ZJAQaQftHqki6Lqt2Q=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=F0cqRbTkqmXdHHPG2OWtfEsy5U1I25o6xjhPk4L2WxJ+YRrvlb5ShLTDUs7UnNk8e 6gVaDKGNySvFdDzb+Ay/rMuo9bKIT6X0uIa0hGRBHIuSLk65mwDDmA3HrEKkEz9wW9 WoBhfgwYgcYGHtRqILCSJqZna2lh4Sf7uOmfoz7M= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jan Kiszka , Liran Alon , Paolo Bonzini Subject: [PATCH 4.19 48/50] KVM: nVMX: do not use dangling shadow VMCS after guest reset Date: Fri, 26 Jul 2019 17:25:23 +0200 Message-Id: <20190726152305.813155612@linuxfoundation.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190726152300.760439618@linuxfoundation.org> References: <20190726152300.760439618@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Paolo Bonzini commit 88dddc11a8d6b09201b4db9d255b3394d9bc9e57 upstream. If a KVM guest is reset while running a nested guest, free_nested will disable the shadow VMCS execution control in the vmcs01. However, on the next KVM_RUN vmx_vcpu_run would nevertheless try to sync the VMCS12 to the shadow VMCS which has since been freed. This causes a vmptrld of a NULL pointer on my machime, but Jan reports the host to hang altogether. Let's see how much this trivial patch fixes. Reported-by: Jan Kiszka Cc: Liran Alon Cc: stable@vger.kernel.org Signed-off-by: Paolo Bonzini Signed-off-by: Greg Kroah-Hartman --- arch/x86/kvm/vmx.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -8457,6 +8457,7 @@ static void vmx_disable_shadow_vmcs(stru { vmcs_clear_bits(SECONDARY_VM_EXEC_CONTROL, SECONDARY_EXEC_SHADOW_VMCS); vmcs_write64(VMCS_LINK_POINTER, -1ull); + vmx->nested.sync_shadow_vmcs = false; } static inline void nested_release_vmcs12(struct vcpu_vmx *vmx) @@ -8468,7 +8469,6 @@ static inline void nested_release_vmcs12 /* copy to memory all shadowed fields in case they were modified */ copy_shadow_to_vmcs12(vmx); - vmx->nested.sync_shadow_vmcs = false; vmx_disable_shadow_vmcs(vmx); } vmx->nested.posted_intr_nv = -1; @@ -8668,6 +8668,9 @@ static void copy_shadow_to_vmcs12(struct u64 field_value; struct vmcs *shadow_vmcs = vmx->vmcs01.shadow_vmcs; + if (WARN_ON(!shadow_vmcs)) + return; + preempt_disable(); vmcs_load(shadow_vmcs); @@ -8706,6 +8709,9 @@ static void copy_vmcs12_to_shadow(struct u64 field_value = 0; struct vmcs *shadow_vmcs = vmx->vmcs01.shadow_vmcs; + if (WARN_ON(!shadow_vmcs)) + return; + vmcs_load(shadow_vmcs); for (q = 0; q < ARRAY_SIZE(fields); q++) {