Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp1018816ybe; Wed, 4 Sep 2019 11:13:33 -0700 (PDT) X-Google-Smtp-Source: APXvYqyWgEyeswJFnU1srUkjc+gs2L0m0CfTzseunm1aSUKwCKuGrdUsmv0mcyvOO4YpNSUxUZrw X-Received: by 2002:a63:1507:: with SMTP id v7mr24725753pgl.397.1567620812930; Wed, 04 Sep 2019 11:13:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1567620812; cv=none; d=google.com; s=arc-20160816; b=GEjRg1I1wNMTHPXiZ/hYeXbk5X992oyS4CS5UBVG9Fpa1mUJrQjAPmYV4sqhVXueMQ pQ8gQbg2sud0QqzxFSx7FlnADd5mqW3aQ3ZELEobVqQTEuKdPw5F95/A3STTIQFaApn3 jmeRqlHe7PWQJ4TU9SGqp9/aitK4UEmbxGnwpU0K3yF1AyoHjZEnpdCM6Jj/GsLS5uAl ON3eEnRwDfnhJziY/V1I4xkmREcB7GENMuZB7Paj9vKpBwZeNG7MndDg6WZ2uQl0kzHT ZQaFzfBqRNsdr9Ycs0y5Tq4CMZKBeeFSuipUCEIvZaP99GOIKFyDTmYs9hV89Kin+nec BbQg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=1C6zq9VoopBP1aC4qtJSXaR1I31SQDoEe5mrNS4iwzk=; b=iUOc0CLS1x55vtSk4Ny2osNTJ0UULvIsBI8XOY/0cxzeCF4XvvVDCoO27HOwArNL2p AZ4Q9MxtfwHPJT5AsAtqpEO49i6UviHzf0vcM9GQE+ips6wJ1Qx1bnRZOEOy9MtPiZ4X aGxSjeMZbwFGHKaMz8simVIhedrMasvBK0snMFJbAqJb/9Jbo6QWo09mw1m2+7LFHY58 QBXPdr1cZ4zq6IDmfKfxjKZoV6ZeoeAH51WTneuOkYGrJklwblfvgzgck5Djji2T0Yjt aNfKOas4oBx232Ash9mDcWIrtIWExPhrc+/iNhvNbru+Ts0lHE8rMBNwVXxVP2CY7R+T yZcw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=XD9Pu69N; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z27si14133734pfk.81.2019.09.04.11.13.17; Wed, 04 Sep 2019 11:13:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=XD9Pu69N; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390413AbfIDSLw (ORCPT + 99 others); Wed, 4 Sep 2019 14:11:52 -0400 Received: from mail.kernel.org ([198.145.29.99]:56036 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389206AbfIDSLv (ORCPT ); Wed, 4 Sep 2019 14:11:51 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id D68992087E; Wed, 4 Sep 2019 18:11:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1567620710; bh=NGDQCyVycC9SA+WJSA2hJ2rHFe5sjCV3JCNMe92DowI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=XD9Pu69NpTj5ahsxklOSmf1ChdECvOJUvL3zPk3ES0JVdIf6Y6XirfGvO89+Nye/R ncV3PNGBRUudLMzrOHXnoL4hZK25/aMWMAhJo/hZwM/u7GzGLtnMHAcADRurPCxzqy L0AvMgWvkRPffZvz+3gpoGNO9QEr9vnDxqcTN1lY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Radim Krcmar , Bandan Das , Paolo Bonzini Subject: [PATCH 5.2 067/143] kvm: x86: skip populating logical dest map if apic is not sw enabled Date: Wed, 4 Sep 2019 19:53:30 +0200 Message-Id: <20190904175316.688032395@linuxfoundation.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20190904175314.206239922@linuxfoundation.org> References: <20190904175314.206239922@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Radim Krcmar commit b14c876b994f208b6b95c222056e1deb0a45de0e upstream. recalculate_apic_map does not santize ldr and it's possible that multiple bits are set. In that case, a previous valid entry can potentially be overwritten by an invalid one. This condition is hit when booting a 32 bit, >8 CPU, RHEL6 guest and then triggering a crash to boot a kdump kernel. This is the sequence of events: 1. Linux boots in bigsmp mode and enables PhysFlat, however, it still writes to the LDR which probably will never be used. 2. However, when booting into kdump, the stale LDR values remain as they are not cleared by the guest and there isn't a apic reset. 3. kdump boots with 1 cpu, and uses Logical Destination Mode but the logical map has been overwritten and points to an inactive vcpu. Signed-off-by: Radim Krcmar Signed-off-by: Bandan Das Signed-off-by: Paolo Bonzini Signed-off-by: Greg Kroah-Hartman --- arch/x86/kvm/lapic.c | 5 +++++ 1 file changed, 5 insertions(+) --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -212,6 +212,9 @@ static void recalculate_apic_map(struct if (!apic_x2apic_mode(apic) && !new->phys_map[xapic_id]) new->phys_map[xapic_id] = apic; + if (!kvm_apic_sw_enabled(apic)) + continue; + ldr = kvm_lapic_get_reg(apic, APIC_LDR); if (apic_x2apic_mode(apic)) { @@ -254,6 +257,8 @@ static inline void apic_set_spiv(struct static_key_slow_dec_deferred(&apic_sw_disabled); else static_key_slow_inc(&apic_sw_disabled.key); + + recalculate_apic_map(apic->vcpu->kvm); } }