Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp1048034pxb; Tue, 1 Feb 2022 16:51:58 -0800 (PST) X-Google-Smtp-Source: ABdhPJz7WSxeoV992QdL4TY3eMC6PXd1Ha2k7VZIh1XaWYAtM2V+4NmK0PTjjr4VVt4IbHwS725H X-Received: by 2002:a17:906:dc91:: with SMTP id cs17mr22841010ejc.678.1643763118220; Tue, 01 Feb 2022 16:51:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643763118; cv=none; d=google.com; s=arc-20160816; b=Vd2d17DLCAlsC3HsW2qQGMc1fbXic+LnOvdAW1UKbzBF1d/J7rIl1GmkS8uDRTwzmi zHJyiiZbdode1p34vp+5N6IQpZUPnqys4uHVBX8JYiDZJKNkN0UERYvPAcUCSAMTENq9 b/+DmzIBhHghMer8uR+6RhKtFo0j1mIwI5BuAx0Qt+oMZiYcWIpTnYmRPnVZU0rqefM7 EdbuOZoDVRQz/XD63U+0JArwSk9tYeSN6CL0M6MjGicBtmrYOozTJNQE3Hb3FJ6EGY+h 5En1pNNbFLPLecRrALNdRJIJ/tZy0FlrT7T524IX0NDd7HKHwm0BBZ/WY1tTUpKSm1K9 czyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:references:mime-version :message-id:in-reply-to:date:reply-to:dkim-signature; bh=bL3FT8k/Xb3BcGI4WIfdGnBaIJMFJqmCvBuj1gJGH44=; b=NZFx2hAJsiy2uuluFvzM6PkfRkct4PwEZ+StwKdsSsIEFLhoXb3jAdpUVHE/OrwqXR egPAlTs+RP+ZO2jWUVjfz5/sVlE7dfJ8uA3QPWz8A1q1RfBtApgpZYHwrzcDxcqykHp1 EI2khbkAwWOW9AlhshN0NNrmr1kTzXOeXzSNhK1JX3PdstxnXzNe16orHz2iYRWJO2Vd cS9JmOj2r86GxEZGnLxSZBvL9TSGpAs1MBywwf+ASbQP134yzYfy6gIthfTkNAQoPmai +8zsSBsJTM2gvcWjE3Ilqup5JR5vfcS9yTy2yETKmKHrunQVRjvSj1bzz3gyorMu5M80 85Pw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=qfjP1xUS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id hj1si4601485ejc.934.2022.02.01.16.51.29; Tue, 01 Feb 2022 16:51:58 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=qfjP1xUS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231781AbiBABJI (ORCPT + 99 others); Mon, 31 Jan 2022 20:09:08 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43112 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231699AbiBABJE (ORCPT ); Mon, 31 Jan 2022 20:09:04 -0500 Received: from mail-pf1-x449.google.com (mail-pf1-x449.google.com [IPv6:2607:f8b0:4864:20::449]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EF0ABC06173E for ; Mon, 31 Jan 2022 17:09:03 -0800 (PST) Received: by mail-pf1-x449.google.com with SMTP id z20-20020aa791d4000000b004bd024eaf19so8234401pfa.16 for ; Mon, 31 Jan 2022 17:09:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=reply-to:date:in-reply-to:message-id:mime-version:references :subject:from:to:cc; bh=bL3FT8k/Xb3BcGI4WIfdGnBaIJMFJqmCvBuj1gJGH44=; b=qfjP1xUS1KlVS/IMykXefKvK1qQTncFnnytcKJMuNz7cZ6izT1HFdUafvswOgJug6w fUu2gRE/sPO/gMGaQJHy1cu/gikzlTFd+dwYsScIQ2aSEr19oNQfPZGlCSgrgT+A/ptb /BmWw9Q/5FLUgVtaJXFmF+ufSdVc0dVArOlkXmwriEDJ5vmsdUA1krlC7d3M4dgj/hAk ZH38ahZRKwAFuq+7rfQkwCiebPXcQlBJDlblbvkGBTV3eebX1oiryLzUoQsHW5mONR+9 1uIdR6azhY2x3J/pkEG8jDjFnokQdpdQEl+iLKEku7fanF+2DkTtHnGCKT2OvwN8+DmO kjOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:reply-to:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=bL3FT8k/Xb3BcGI4WIfdGnBaIJMFJqmCvBuj1gJGH44=; b=4yPGtJCK2JUnnkZINpIfBUBQdtQoSfQG+AhiszIAfVedUaglBVzUyVsxJrfUEhOVBY D2aWfW5iCjkd08nh6owij3pVUQGLeJf0BzNadRD9h+e2BOtpOJ0PvDqrVj41IYGNr518 EVgC05E86pDE4bwrz/H9WrDbUIDyRf5gu+4M1L2Ib0gdoaUFlZxAj1+a+4YBQTNDaVd3 0idTBnTLoLbCJI0QhELijL+k9mNAATBiGvLuX0zISY8Ev1MhCM+TifZGUtdWApGslBjJ In4POO6sm4lFwEO9zax4va9/fu1npP359X8NLr3A0LObiei4nQ3Cjygzab1n3nvc58vZ +I4w== X-Gm-Message-State: AOAM532HBiTq5mpZ0JYATxy7uzU6spC3HMebi52/3yUIPDLg2xP/r255 ztb6MVFp6BebXRzl7qpP2bz2oYLkpq0= X-Received: from seanjc.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:3e5]) (user=seanjc job=sendgmr) by 2002:a17:902:7784:: with SMTP id o4mr23247435pll.173.1643677743484; Mon, 31 Jan 2022 17:09:03 -0800 (PST) Reply-To: Sean Christopherson Date: Tue, 1 Feb 2022 01:08:38 +0000 In-Reply-To: <20220201010838.1494405-1-seanjc@google.com> Message-Id: <20220201010838.1494405-6-seanjc@google.com> Mime-Version: 1.0 References: <20220201010838.1494405-1-seanjc@google.com> X-Mailer: git-send-email 2.35.0.rc2.247.g8bbb082509-goog Subject: [PATCH 5/5] KVM: x86: Bail to userspace if emulation of atomic user access faults From: Sean Christopherson To: Paolo Bonzini , Nathan Chancellor , Nick Desaulniers Cc: Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm@vger.kernel.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org, Peter Zijlstra , syzbot+6cde2282daa792c49ab8@syzkaller.appspotmail.com Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Exit to userspace when emulating an atomic guest access if the CMPXCHG on the userspace address faults. Emulating the access as a write and thus likely treating it as emulated MMIO is wrong, as KVM has already confirmed there is a valid, writable memslot. Signed-off-by: Sean Christopherson --- arch/x86/kvm/x86.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 37064d565bbc..66c5410dd4c3 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -7217,7 +7217,7 @@ static int emulator_cmpxchg_emulated(struct x86_emulate_ctxt *ctxt, } if (r < 0) - goto emul_write; + return X86EMUL_UNHANDLEABLE; if (r) return X86EMUL_CMPXCHG_FAILED; -- 2.35.0.rc2.247.g8bbb082509-goog