From: "Radim Krčmář" <rkrcmar@redhat.com>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: pbonzini@redhat.com, Wanpeng Li <wanpeng.li@hotmail.com>,
kvm@vger.kernel.org, syzkaller@googlegroups.com
Subject: Re: [PATCH] KVM: x86: fix fixing of hypercalls
Date: Fri, 20 Jan 2017 18:26:23 +0100 [thread overview]
Message-ID: <20170120172623.GB6291@potion> (raw)
In-Reply-To: <20170117135104.145739-1-dvyukov@google.com>
2017-01-17 14:51+0100, Dmitry Vyukov:
> emulator_fix_hypercall() replaces hypercall with vmcall instruction,
> but it does not handle GP exception properly when writes the new instruction.
> It can return X86EMUL_PROPAGATE_FAULT without setting exception information.
> This leads to incorrect emulation and triggers
> WARN_ON(ctxt->exception.vector > 0x1f) in x86_emulate_insn()
> as discovered by syzkaller fuzzer:
>
> WARNING: CPU: 2 PID: 18646 at arch/x86/kvm/emulate.c:5558
> Call Trace:
> warn_slowpath_null+0x2c/0x40 kernel/panic.c:582
> x86_emulate_insn+0x16a5/0x4090 arch/x86/kvm/emulate.c:5572
> x86_emulate_instruction+0x403/0x1cc0 arch/x86/kvm/x86.c:5618
> emulate_instruction arch/x86/include/asm/kvm_host.h:1127 [inline]
> handle_exception+0x594/0xfd0 arch/x86/kvm/vmx.c:5762
> vmx_handle_exit+0x2b7/0x38b0 arch/x86/kvm/vmx.c:8625
> vcpu_enter_guest arch/x86/kvm/x86.c:6888 [inline]
> vcpu_run arch/x86/kvm/x86.c:6947 [inline]
>
> Set exception information when write in emulator_fix_hypercall() fails.
>
> Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: Radim Krčmář <rkrcmar@redhat.com>
> Cc: Wanpeng Li <wanpeng.li@hotmail.com>
> Cc: kvm@vger.kernel.org
> Cc: syzkaller@googlegroups.com
> ---
Applied to kvm/master, thanks.
prev parent reply other threads:[~2017-01-20 17:26 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-17 13:51 [PATCH] KVM: x86: fix fixing of hypercalls Dmitry Vyukov
2017-01-20 17:26 ` Radim Krčmář [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170120172623.GB6291@potion \
--to=rkrcmar@redhat.com \
--cc=dvyukov@google.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=syzkaller@googlegroups.com \
--cc=wanpeng.li@hotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).