Received: by 2002:ac0:de83:0:0:0:0:0 with SMTP id b3csp764658imk; Sun, 3 Jul 2022 08:18:44 -0700 (PDT) X-Google-Smtp-Source: AGRyM1swTZWfO3bAzBUznSf+dYgDVmmsr0sMXxsQMIXVfT05Fv0YDrELpfOb3/17yBpuWgNx6KFK X-Received: by 2002:a17:906:7482:b0:722:edf9:e72f with SMTP id e2-20020a170906748200b00722edf9e72fmr24397441ejl.92.1656861523852; Sun, 03 Jul 2022 08:18:43 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1656861523; cv=pass; d=google.com; s=arc-20160816; b=tHBENrawVdrCpr7xzPNOavIlri+nUFJgaY2fttSof8XLaXomHoHhlMFSfBze5kU7Dt Q8BzKmpgPBEaqanvH6ft0Hv5qIN6D2qMdIPwV4OHWA/nDxhdEQERQ3wVabZol7im1dv2 84PML1pqAFIbfVjAPJjB77DEImGCXTmPvM9c4yW12JK0O/O0fgzFtC90wbj8u0C04V0J n0xW+rgNWhsZM1go8y+YnF+4GyPIzT9zVrPNq+krXn6bPRKpg6bwJOZRbnF8KM9LgQvj MyPH7HVwMZ3KPY0lZ2FZxLuoRmXgg+od7NM5AChxYxcPcktB3EMJbxp7Jum/84G4aI43 9aRA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:importance:content-transfer-encoding :mime-version:subject:references:in-reply-to:message-id:cc:to:from :date:dkim-signature; bh=Edog80gYaGd/Lw8yk6Ccfabu2w+M4QAbtCIhsIad0kY=; b=c3aqPQlTIS2eIE9RB+QAeuenN4jKq5wyG7N1PWyeMC5RDam0JtD+mh1SAQubEKStly 0FRP1DeTX8ul2FahITeEvL0d1RTFjHJqbP+n/BFy+ZxN7iLJPhizzMBOGWwxetWPWs/0 /o5b3ugZdSxuIE+SN8OjNYjvEi5cF0LGbHS/9+4xhmyfVvvZAhlV6k6sKr4I/3JVN6b9 pER4Lyp5FCawuW1sQIyb62+qwUVrcX7gl/aCXGGt/LO//9LcqSceHH0hWUGjnJAYsxus mKfGPAHZqpRgSTFOtwK0MioITUZKkYhGFIfeLt3qzaHiFuKElceRPA8tt3tEXjPyRZLt /ssA== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@siddh.me header.s=zmail header.b=ZZe8E8CD; arc=pass (i=1 spf=pass spfdomain=siddh.me dkim=pass dkdomain=siddh.me dmarc=pass fromdomain=siddh.me>); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siddh.me Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g16-20020a056402321000b00439eafef712si4967135eda.72.2022.07.03.08.18.16; Sun, 03 Jul 2022 08:18:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@siddh.me header.s=zmail header.b=ZZe8E8CD; arc=pass (i=1 spf=pass spfdomain=siddh.me dkim=pass dkdomain=siddh.me dmarc=pass fromdomain=siddh.me>); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siddh.me Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232419AbiGCOo6 (ORCPT + 99 others); Sun, 3 Jul 2022 10:44:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48260 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229739AbiGCOo5 (ORCPT ); Sun, 3 Jul 2022 10:44:57 -0400 Received: from sender-of-o53.zoho.in (sender-of-o53.zoho.in [103.117.158.53]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 41D2C5FDD for ; Sun, 3 Jul 2022 07:44:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1656859448; cv=none; d=zohomail.in; s=zohoarc; b=JsgKEhVJt7J2/9hSIaZwMOKftZZnsqUY+93KNqLXjhfzypZVNlDbXqnCT3VhsvBvpd1e4UdY2Dnak+7XLNzYeQjsYgeiw6BJ5mq5Ws22S1xXe+elsazBoPUC5nBKFIGC+1cazZPnjbopw593wt5jpjhyptFgC/ET7H7m6Ws3z3g= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.in; s=zohoarc; t=1656859448; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=Edog80gYaGd/Lw8yk6Ccfabu2w+M4QAbtCIhsIad0kY=; b=HXGjvayjMoBfa3W1tXjkupNAghKoZm32vpmAUVjCiIBXzdnAbQbac/IC+goKuehXOf0I04vNoS94jvfPBFPfPp3ENTYysIDmzcCOIw21QDVddlXzfyNfBJl+52deanRb5mx5pcQ9XqXuvrSTU4Teee2Rd87UMVzqGkU/TFuv6lo= ARC-Authentication-Results: i=1; mx.zohomail.in; dkim=pass header.i=siddh.me; spf=pass smtp.mailfrom=code@siddh.me; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1656859448; s=zmail; d=siddh.me; i=code@siddh.me; h=Date:Date:From:From:To:To:Cc:Cc:Message-ID:In-Reply-To:References:Subject:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-Id:Reply-To; bh=Edog80gYaGd/Lw8yk6Ccfabu2w+M4QAbtCIhsIad0kY=; b=ZZe8E8CDeVBX4MSJmFO+SevdvjZywKwzqIFMsDIUdPTqkF1CcXJ7cILYxEOlznZh aMAmM6TsN8rE+QMx7C5ZhdSFgPOiNvs4Cl3mxeRma+6CZCIkfBfdJ8S7ZW5yWzbXCVE 1iCBZfgFIPwWUbFws3x6hq/IBlkTc80l+p8DJn5s= Received: from mail.zoho.in by mx.zoho.in with SMTP id 1656859437645771.6899342493789; Sun, 3 Jul 2022 20:13:57 +0530 (IST) Date: Sun, 03 Jul 2022 20:13:57 +0530 From: Siddh Raman Pant To: "Jue Wang" Cc: "Paolo Bonzini" , "Sean Christopherson" , "Jim Mattson" , "Xiaoyao Li" , "Vitaly Kuznetsov" , "Wanpeng Li" , "Joerg Roedel" , "David Matlack" , "Tony Luck" , "kvm" , "Jiaqi Yan" , "linux-kernel" Message-ID: <181c484aa33.6db8a9c7835812.4939150843849434525@siddh.me> In-Reply-To: <20220701165045.4074471-2-juew@google.com> References: <20220701165045.4074471-1-juew@google.com> <20220701165045.4074471-2-juew@google.com> Subject: Re: [PATCH 2/2] KVM: x86: Fix access to vcpu->arch.apic when the irqchip is not in kernel MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit Importance: Medium User-Agent: Zoho Mail X-Mailer: Zoho Mail X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_RED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 01 Jul 2022 22:20:45 +0530 Jue Wang wrote > Fix an access to vcpu->arch.apic when KVM_X86_SETUP_MCE is called > without KVM_CREATE_IRQCHIP called or KVM_CAP_SPLIT_IRQCHIP is > enabled. > > Fixes: 4b903561ec49 ("KVM: x86: Add Corrected Machine Check Interrupt (CMCI) emulation to lapic.") > Signed-off-by: Jue Wang > --- > arch/x86/kvm/x86.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > index 4322a1365f74..d81020dd0fea 100644 > --- a/arch/x86/kvm/x86.c > +++ b/arch/x86/kvm/x86.c > @@ -4820,8 +4820,9 @@ static int kvm_vcpu_ioctl_x86_setup_mce(struct kvm_vcpu *vcpu, > if (mcg_cap & MCG_CMCI_P) > vcpu->arch.mci_ctl2_banks[bank] = 0; > } > - vcpu->arch.apic->nr_lvt_entries = > - KVM_APIC_MAX_NR_LVT_ENTRIES - !(mcg_cap & MCG_CMCI_P); > + if (vcpu->arch.apic) > + vcpu->arch.apic->nr_lvt_entries = > + KVM_APIC_MAX_NR_LVT_ENTRIES - !(mcg_cap & MCG_CMCI_P); > > static_call(kvm_x86_setup_mce)(vcpu); > out: > -- > 2.37.0.rc0.161.g10f37bed90-goog > > Hello Jue, There is a syzkaller bug regarding null ptr dereference which is caused by vcpu->arch.apic being NULL, first reported on 27th June. You might want to add it's reported-by line so that it can be marked as fixed. Link: https://syzkaller.appspot.com/bug?id=10b9b238e087a6c9bef2cc48bee2375f58fabbfc I was looking at this bug too and fixed it (i.e. reproducer won't crash) using lapic_in_kernel(vcpu) as a condition instead of null ptr check on vcpu->arch.apic, as it makes more sense to the code reader (the lapic is not there since during kvm_arch_vcpu_create(), it isn't created due to irqchip_in_kernel() check being false). May I suggest that lapic_in_kernel(vcpu) be used instead of the null ptr check? Thanks, Siddh