Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp4149148pxb; Mon, 27 Sep 2021 10:23:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy1sgA9Q44ptO5hVSUt4xyMN87djJnRR+6k8gNiPzyctp6eO0eXMdTGsKYBNRI7o32qx9wE X-Received: by 2002:a17:90a:e7d2:: with SMTP id kb18mr236455pjb.23.1632763399129; Mon, 27 Sep 2021 10:23:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1632763399; cv=none; d=google.com; s=arc-20160816; b=HvfSQeAXk9ZcgbkWFsNQ2gKfPYZd42aEyAgHpPVArgNZMN/ZoArFBHZ1ht40H8G5BA e3ewDxH/ItIYLTbZybw5hghwkX5ZH+LsxJZl8SyCD7V8ga3Mly8EZupEy+O5eiv0StJc Et+TSdG9KXTrs2y7PTmxyG+TZsC5w+J3s6XKxpqNR8qVrsBbZsxXVnmKw15i50OLqCK6 h7G0jv0LjvETZ+ojywQbgwyc9XwPwspVKEr1Y2BQ76Rv62wq6tLHl8r9LgJzFhULOg19 YsSlSKnmNt8WIberGSpbUF6WSELzcs7oUiZxiTDjTvZgMh4ebISJCWTpJ0E+Bs+wTUgn Lu4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=T1OrvXD1JH9Cf9gZjQ1a/Xb0vIg+Wa5wO/h92GI1RVw=; b=0zSsZQnIyGd50bRTKMuUxoya0q5T9pBmFOFTt9k6YEAiD1q2me/Ko9Q8Af4tjecc7x GDs6ciOZBllMRw+6AakjfD+XehvTjnFFvDy4eCx2dFztsYOq6MWKdsuJj2HPDEP8zfRN oDw33dmCqRToL9zdCfwWlwHzJkx7lqfrOIc71Gs+y/nZ+Bja1xhI6dmUSb7zr+PMLDca QICyCa4vmRPhjf9lrxPISfVXHrMnkyZvqYvQ9ssKXJKIJTbJWYK5bXGHG+LsW1Kybr8z Zlym7SslZSh2puVi1Md7EGCvu+Wt2Lno34ytsCMMSfBHmoAAW/8rLJH4tFSqz43P1+mr /yKA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=PzYHV7pn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z7si7081536pla.308.2021.09.27.10.23.06; Mon, 27 Sep 2021 10:23:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=PzYHV7pn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236823AbhI0RV5 (ORCPT + 99 others); Mon, 27 Sep 2021 13:21:57 -0400 Received: from mail.kernel.org ([198.145.29.99]:56622 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237199AbhI0RSF (ORCPT ); Mon, 27 Sep 2021 13:18:05 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 12F1E613A0; Mon, 27 Sep 2021 17:12:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1632762736; bh=mo4FzKUD72v5yHZxfAwoAs+npnMDjLAsMUBd4+LruVk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=PzYHV7pnKl+Wm8HoWqsZvVURi1QYjs9xP43CkH4dxPMLhDXXh62bMUwttIQflP5uT 3wSOC8ux7lWmTIrhnpuGbRepqSTtQ5p//3hIH7ndp7LMPHFdVZ6eU4CCdEsda8RsOk PYJe34J0e7K8IfmLlU7ybfLEYBtH1BUuIFtrxm34= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Peter Foley , Mathieu Desnoyers , Shakeel Butt , Thomas Gleixner , Sean Christopherson , Paolo Bonzini , Doug Evans Subject: [PATCH 5.14 033/162] KVM: rseq: Update rseq when processing NOTIFY_RESUME on xfer to KVM guest Date: Mon, 27 Sep 2021 19:01:19 +0200 Message-Id: <20210927170234.621422016@linuxfoundation.org> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20210927170233.453060397@linuxfoundation.org> References: <20210927170233.453060397@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sean Christopherson commit 8646e53633f314e4d746a988240d3b951a92f94a upstream. Invoke rseq's NOTIFY_RESUME handler when processing the flag prior to transferring to a KVM guest, which is roughly equivalent to an exit to userspace and processes many of the same pending actions. While the task cannot be in an rseq critical section as the KVM path is reachable only by via ioctl(KVM_RUN), the side effects that apply to rseq outside of a critical section still apply, e.g. the current CPU needs to be updated if the task is migrated. Clearing TIF_NOTIFY_RESUME without informing rseq can lead to segfaults and other badness in userspace VMMs that use rseq in combination with KVM, e.g. due to the CPU ID being stale after task migration. Fixes: 72c3c0fe54a3 ("x86/kvm: Use generic xfer to guest work function") Reported-by: Peter Foley Bisected-by: Doug Evans Acked-by: Mathieu Desnoyers Cc: Shakeel Butt Cc: Thomas Gleixner Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson Message-Id: <20210901203030.1292304-2-seanjc@google.com> Signed-off-by: Paolo Bonzini Signed-off-by: Greg Kroah-Hartman --- kernel/entry/kvm.c | 4 +++- kernel/rseq.c | 14 +++++++++++--- 2 files changed, 14 insertions(+), 4 deletions(-) --- a/kernel/entry/kvm.c +++ b/kernel/entry/kvm.c @@ -19,8 +19,10 @@ static int xfer_to_guest_mode_work(struc if (ti_work & _TIF_NEED_RESCHED) schedule(); - if (ti_work & _TIF_NOTIFY_RESUME) + if (ti_work & _TIF_NOTIFY_RESUME) { tracehook_notify_resume(NULL); + rseq_handle_notify_resume(NULL, NULL); + } ret = arch_xfer_to_guest_mode_handle_work(vcpu, ti_work); if (ret) --- a/kernel/rseq.c +++ b/kernel/rseq.c @@ -282,9 +282,17 @@ void __rseq_handle_notify_resume(struct if (unlikely(t->flags & PF_EXITING)) return; - ret = rseq_ip_fixup(regs); - if (unlikely(ret < 0)) - goto error; + + /* + * regs is NULL if and only if the caller is in a syscall path. Skip + * fixup and leave rseq_cs as is so that rseq_sycall() will detect and + * kill a misbehaving userspace on debug kernels. + */ + if (regs) { + ret = rseq_ip_fixup(regs); + if (unlikely(ret < 0)) + goto error; + } if (unlikely(rseq_update_cpu_id(t))) goto error; return;