Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp1108594ybe; Wed, 11 Sep 2019 09:29:55 -0700 (PDT) X-Google-Smtp-Source: APXvYqzrPX90z5oCu1vZQc83/bww5KxpAdMhNLcBW9FiJN0GSdbprLYDhKqzL+ayX5kwgeUFMTrc X-Received: by 2002:a17:906:e01:: with SMTP id l1mr30806908eji.150.1568219395304; Wed, 11 Sep 2019 09:29:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568219395; cv=none; d=google.com; s=arc-20160816; b=OVKkGUE4z/00I3oocWPmFuK69O1OeT+XDkRI1JJ/glkK5LVEkuwsmJAKOhm0igKJM3 cmeLSCe2G/2VxyN/mJ3qs/nihMZ+ccSM7Mdy2XpjyEu6vN/OGSBp0AodG4bbPgoO+fCX I4JYFo9ai5o4GHCB1jkpvP/HqYpC/az6YCLCxPlfWIkJqBXZSCqM1FKj6ytNb3EvxT59 bcb5J8eTMn5s3+vMnUQYaEKh9n4EKk7ZyQVUatiPkAf+/qKhP7fqgp43X+6f/IQo8n9h la0/S+6pYqMB9xYi6GOCZKkWQEo6IxQF4DYfzRzGHFUijoGoauiV1HK0PcYlF9u09Jgt eC2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:openpgp:from:references:cc:to:subject; bh=eyaijbgIkayhX4PjBUU3nGz4VJDOHf43oHAeZt11sYU=; b=S/yvE2kq1LHj/egUFF5CTSrtC/beuV7vfLHI/BALe5IVJ22Ct5XFV+2MHaHA8XbgF7 OZvJuxegshjj6L8PohEprz4S5uKY07goxrL7hNO2ezmCTttDlVXnXAmU6KCSAIUCmyF+ haaQYMelrz6vQEjI5N/ctcMiIoDYSK7aoF4P8KQz93eHxiD/npATcZN71zX/OhdgewfS +u4KLPTchwDjSQbhy6Ei1GI1A3WuV5/Xa72Z47XR/O04hUEZ7YcNiFxoTGwAO7SGgDti gw8LyoQC/Re221gwpKFNHdijte2G7sMM2fFyTWcZZX4hgaJSt4/XrxOTOpCUQo8Qwk3u jsrg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h23si11854220ejq.346.2019.09.11.09.29.31; Wed, 11 Sep 2019 09:29:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729199AbfIKQ0V (ORCPT + 99 others); Wed, 11 Sep 2019 12:26:21 -0400 Received: from mx1.redhat.com ([209.132.183.28]:53120 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729028AbfIKQ0V (ORCPT ); Wed, 11 Sep 2019 12:26:21 -0400 Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A7717C049E36 for ; Wed, 11 Sep 2019 16:26:20 +0000 (UTC) Received: by mail-wm1-f69.google.com with SMTP id 124so1171654wmz.1 for ; Wed, 11 Sep 2019 09:26:20 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:openpgp:message-id :date:user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=eyaijbgIkayhX4PjBUU3nGz4VJDOHf43oHAeZt11sYU=; b=otTgJADkXRNhdzHOSojiRSM4UclRTaVV9s2g30bcQMLD6ieut7LNPVNdMa7E5DLbZV sUT499d7/pbsZ4X4u1xVw2Y3B01aqC7u01eYq9dic8OumUX/OqvdqvuwD5BqsL/apFl3 oDxJy56MMLEXerZdvRT/xN3lOqWZZNjxGTX6VIYrKn/75d1zy7S+3eDm4Pk1ok0ymU7O sxK6iNHUt9X7IhkEKwiDAQx+1sfeTwwJR50w0+RQAp54qBG/+xPZCVRa1HJl4OwkyYAv c63W/Q2NBe46rY9xisxT0YiVjnFvapn+p+34PV1S/ElhM2FJOh7joLAQQBAjeKLN9kFF hmjw== X-Gm-Message-State: APjAAAXEdg7U3ZTEM3P5QPl6Du7OymX3DHo9VCcU7u3XBZbz5wto4NZL 6iL49RaJiXLGsdL4ma6IQ1fzQaAfHj5OT8nt/4238UN7+prvHR6Uf/xT8GeDijg8vnRf+W5jQOF mhDl3ukF6JmjYayZgsLkFZYKD X-Received: by 2002:a7b:c764:: with SMTP id x4mr4315436wmk.134.1568219179296; Wed, 11 Sep 2019 09:26:19 -0700 (PDT) X-Received: by 2002:a7b:c764:: with SMTP id x4mr4315419wmk.134.1568219179035; Wed, 11 Sep 2019 09:26:19 -0700 (PDT) Received: from ?IPv6:2001:b07:6468:f312:102b:3795:6714:7df6? ([2001:b07:6468:f312:102b:3795:6714:7df6]) by smtp.gmail.com with ESMTPSA id 17sm16247400wrl.15.2019.09.11.09.26.18 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 11 Sep 2019 09:26:18 -0700 (PDT) Subject: Re: [PATCH v2 5/5] KVM: hyperv: Fix Direct Synthetic timers assert an interrupt w/o lapic_in_kernel To: Wanpeng Li , linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel References: <1567733404-7759-1-git-send-email-wanpengli@tencent.com> <1567733404-7759-5-git-send-email-wanpengli@tencent.com> From: Paolo Bonzini Openpgp: preference=signencrypt Message-ID: <9d244f84-93d3-5e1b-7222-aebb270f3f29@redhat.com> Date: Wed, 11 Sep 2019 18:26:16 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <1567733404-7759-5-git-send-email-wanpengli@tencent.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 06/09/19 03:30, Wanpeng Li wrote: > From: Wanpeng Li > > Reported by syzkaller: > > kasan: GPF could be caused by NULL-ptr deref or user memory access > general protection fault: 0000 [#1] PREEMPT SMP KASAN > RIP: 0010:__apic_accept_irq+0x46/0x740 arch/x86/kvm/lapic.c:1029 > Call Trace: > kvm_apic_set_irq+0xb4/0x140 arch/x86/kvm/lapic.c:558 > stimer_notify_direct arch/x86/kvm/hyperv.c:648 [inline] > stimer_expiration arch/x86/kvm/hyperv.c:659 [inline] > kvm_hv_process_stimers+0x594/0x1650 arch/x86/kvm/hyperv.c:686 > vcpu_enter_guest+0x2b2a/0x54b0 arch/x86/kvm/x86.c:7896 > vcpu_run+0x393/0xd40 arch/x86/kvm/x86.c:8152 > kvm_arch_vcpu_ioctl_run+0x636/0x900 arch/x86/kvm/x86.c:8360 > kvm_vcpu_ioctl+0x6cf/0xaf0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2765 > > The testcase programs HV_X64_MSR_STIMERn_CONFIG/HV_X64_MSR_STIMERn_COUNT, > in addition, there is no lapic in the kernel, the counters value are small > enough in order that kvm_hv_process_stimers() inject this already-expired > timer interrupt into the guest through lapic in the kernel which triggers > the NULL deferencing. This patch fixes it by don't advertise direct mode > synthetic timers and discarding the inject when lapic is not in kernel. > > Reported-by: syzbot+dff25ee91f0c7d5c1695@syzkaller.appspotmail.com > Cc: Paolo Bonzini > Cc: Radim Krčmář > Cc: Vitaly Kuznetsov > Signed-off-by: Wanpeng Li > --- > v1 -> v2: > * don't advertise direct mode synthetic timers when lapic is not in kernel > > arch/x86/kvm/hyperv.c | 12 ++++++++++-- > 1 file changed, 10 insertions(+), 2 deletions(-) > > diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c > index c10a8b1..069e655 100644 > --- a/arch/x86/kvm/hyperv.c > +++ b/arch/x86/kvm/hyperv.c > @@ -645,7 +645,9 @@ static int stimer_notify_direct(struct kvm_vcpu_hv_stimer *stimer) > .vector = stimer->config.apic_vector > }; > > - return !kvm_apic_set_irq(vcpu, &irq, NULL); > + if (lapic_in_kernel(vcpu)) > + return !kvm_apic_set_irq(vcpu, &irq, NULL); > + return 0; > } > > static void stimer_expiration(struct kvm_vcpu_hv_stimer *stimer) > @@ -1849,7 +1851,13 @@ int kvm_vcpu_ioctl_get_hv_cpuid(struct kvm_vcpu *vcpu, struct kvm_cpuid2 *cpuid, > > ent->edx |= HV_FEATURE_FREQUENCY_MSRS_AVAILABLE; > ent->edx |= HV_FEATURE_GUEST_CRASH_MSR_AVAILABLE; > - ent->edx |= HV_STIMER_DIRECT_MODE_AVAILABLE; > + > + /* > + * Direct Synthetic timers only make sense with in-kernel > + * LAPIC > + */ > + if (lapic_in_kernel(vcpu)) > + ent->edx |= HV_STIMER_DIRECT_MODE_AVAILABLE; > > break; > > See replies to the previous version of the individual patches. Paolo