| Message ID | 20221130230934.1014142-15-seanjc@google.com |
|---|---|
| State | Accepted |
| Headers | show
Return-Path:
<kvm-riscv-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
spf=none (no SPF record) smtp.mailfrom=lists.infradead.org
(client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;
envelope-from=kvm-riscv-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
dkim=pass (2048-bit key;
secure) header.d=lists.infradead.org header.i=@lists.infradead.org
header.a=rsa-sha256 header.s=bombadil.20210309 header.b=yaUNcHnG;
dkim=fail reason="signature verification failed" (2048-bit key;
unprotected) header.d=google.com header.i=@google.com header.a=rsa-sha256
header.s=20210112 header.b=Zp0X+tvq;
dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
[IPv6:2607:7c80:54:3::133])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
(No client certificate requested)
by legolas.ozlabs.org (Postfix) with ESMTPS id 4NMwT15wp7z23pC
for <incoming@patchwork.ozlabs.org>; Thu, 1 Dec 2022 10:31:33 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=lists.infradead.org; s=bombadil.20210309; h=Sender:
Content-Transfer-Encoding:Content-Type:Reply-To:List-Subscribe:List-Help:
List-Post:List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:Message-ID
:References:Mime-Version:In-Reply-To:Date:Content-ID:Content-Description:
Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
List-Owner; bh=HVpoxDzbCPlPpaKaHbLezjx1RS2BOeK68bmLluCrbec=; b=yaUNcHnG/BmMJY
YyKhhEFmZ8essKaLthH+CmfxF7PtbZW/k1qu05sbUdCglDVDA3DQ8+jX9LPFYW+z11eGnQZqunif1
M2XP2Cwx/vSXnjBopjbhQgqtfJKoMHRowZ9C/8y/01sqPNQW5XFGxDhgTD5W/mqxmveo2L+FIy2XK
6MpZ0mpn6I0Yw2U3kd4JHXQ27Nf2nMh4PV2jFONKVPkEPUx7EfRYj/T6YA/x9JAPejWwWcM5Gg6uQ
zz7XD3AmRt7R7+c4x8C8DYmNswgIYs1ze4on0+3fK8eipKGJ1C+pWV1JbjbdSEVp87qWjWqRrBRlK
Bgh9TIJeTBreOHcF2t1w==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
id 1p0WY5-003FSv-KE; Wed, 30 Nov 2022 23:31:29 +0000
Received: from mail-qk1-x749.google.com ([2607:f8b0:4864:20::749])
by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
id 1p0WKu-003A4K-He
for kvm-riscv@lists.infradead.org; Wed, 30 Nov 2022 23:17:54 +0000
Received: by mail-qk1-x749.google.com with SMTP id
o13-20020a05620a2a0d00b006cf9085682dso2347qkp.7
for <kvm-riscv@lists.infradead.org>;
Wed, 30 Nov 2022 15:17:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=20210112;
h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
:date:reply-to:from:to:cc:subject:date:message-id:reply-to;
bh=di4GPfaF6WKRfgW0XqJub+upfuRM26VzAsGaqEV4LGw=;
b=Zp0X+tvqlodbVDmXJAlHsgiG3eKVrrt9FqJ/G91Ka+FyaPGocW43mHdutS/PZpQE36
Iieu9/BWXmUBsCNeoXw2w6AGd8PrG42NkgB6lU08wcdcc8UwAyPwoD57C6YJX6W8d8L6
zT+J1YBLZIf8EiLqUI0I1OI8MzvM21Wx5gQBxNbTBtyOAXzto+GobOper+U00pyFgXJf
UdMZA+TjdcslZ9rB8fGS/EHatJp3upDo3FA+0llGAcT+1sttGOmsewFGvBZuTST5TDKg
atyPT5DCNi18z7jSv+tnMdXu5HV1aXplTTP+Szmkxtce4LN+raVvUsuQA85wOwn+8uqH
psnA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
:date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=di4GPfaF6WKRfgW0XqJub+upfuRM26VzAsGaqEV4LGw=;
b=rEXipmftz4wwZehT87e1kTyxQ7va4UwY9IT5tzT2Hydha3fkcYDr6gwpabSjuqO8XT
Pc1JVmuSCW5Tvkun80zEtuL/pSjACJsXR2MaRZqR7JAf3rHbNcnBnXb9Fc0QEyAR3hzk
e1RPYZQgFgXPD5jqyA4F1C3CJJx1plyTY9wgiRIDGV8jkXiH+UE6VaWqZRSe+a7vq29k
6nW7df4Cdxw6OX8gNs14fJRDR2q7904sQ/sN18Lw4JleysxGT9V+QkxttPH1R25F0vA0
JWavsADAVaaTm5KHoULv20ZEjoBbl0eedZd/J1U36s1/V/uiG6TJ9DYWdPrPx8Jp086m
Ah+A==
X-Gm-Message-State: ANoB5pmqY+HexPhFV1BDpN1sdb98s82zPta0yVh9Y1SzXVs8TtV++Vmy
Z0fqo0Dl4e1XGnylKztvo5BehCFIC3Y=
X-Google-Smtp-Source:
AA0mqf4OklfcBkfFMEfVjeAO6z8Tg9xRFY+PEerZY3OMpeOrjrDiJtxtxuLC1x65bjbuGkZn4Pd66WRIuco=
X-Received: from zagreus.c.googlers.com
([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
(user=seanjc job=sendgmr) by 2002:a05:6a00:1409:b0:56b:e1d8:e7a1 with SMTP id
l9-20020a056a00140900b0056be1d8e7a1mr44197245pfu.28.1669849801157; Wed, 30
Nov 2022 15:10:01 -0800 (PST)
Date: Wed, 30 Nov 2022 23:08:58 +0000
In-Reply-To: <20221130230934.1014142-1-seanjc@google.com>
Mime-Version: 1.0
References: <20221130230934.1014142-1-seanjc@google.com>
X-Mailer: git-send-email 2.38.1.584.g0f3c55d4c2-goog
Message-ID: <20221130230934.1014142-15-seanjc@google.com>
Subject: [PATCH v2 14/50] KVM: VMX: Do _all_ initialization before exposing
/dev/kvm to userspace
From: Sean Christopherson <seanjc@google.com>
To: Paolo Bonzini <pbonzini@redhat.com>, Marc Zyngier <maz@kernel.org>,
Huacai Chen <chenhuacai@kernel.org>,
Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>,
Anup Patel <anup@brainfault.org>,
Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Albert Ou <aou@eecs.berkeley.edu>,
Christian Borntraeger <borntraeger@linux.ibm.com>,
Janosch Frank <frankja@linux.ibm.com>,
Claudio Imbrenda <imbrenda@linux.ibm.com>,
Matthew Rosato <mjrosato@linux.ibm.com>, Eric Farman <farman@linux.ibm.com>,
Sean Christopherson <seanjc@google.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
David Woodhouse <dwmw2@infradead.org>, Paul Durrant <paul@xen.org>
Cc: James Morse <james.morse@arm.com>,
Alexandru Elisei <alexandru.elisei@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Oliver Upton <oliver.upton@linux.dev>, Atish Patra <atishp@atishpatra.org>,
David Hildenbrand <david@redhat.com>, kvm@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev,
kvmarm@lists.cs.columbia.edu, linux-mips@vger.kernel.org,
linuxppc-dev@lists.ozlabs.org, kvm-riscv@lists.infradead.org,
linux-riscv@lists.infradead.org, linux-s390@vger.kernel.org,
linux-kernel@vger.kernel.org, Yuan Yao <yuan.yao@intel.com>,
Cornelia Huck <cohuck@redhat.com>,
Isaku Yamahata <isaku.yamahata@intel.com>, " =?utf-8?q?Philippe_Mathieu-Da?=
=?utf-8?q?ud=C3=A9?= " <philmd@linaro.org>,
Fabiano Rosas <farosas@linux.ibm.com>,
Michael Ellerman <mpe@ellerman.id.au>, Kai Huang <kai.huang@intel.com>,
Chao Gao <chao.gao@intel.com>, Thomas Gleixner <tglx@linutronix.de>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3
X-CRM114-CacheID: sfid-20221130_151752_646895_BECB054E
X-CRM114-Status: GOOD ( 14.56 )
X-Spam-Score: -7.7 (-------)
X-Spam-Report: Spam detection software,
running on the system "bombadil.infradead.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Call kvm_init() only after _all_ setup is complete,
as kvm_init()
exposes /dev/kvm to userspace and thus allows userspace to create VMs (and
call other ioctls). E.g. KVM will encounter a NULL pointer [...]
Content analysis details: (-7.7 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
no trust
[2607:f8b0:4864:20:0:0:0:749 listed in]
[list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
-7.5 USER_IN_DEF_DKIM_WL From: address is in the default DKIM
white-list
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK
signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily
valid
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.0 DKIMWL_WL_MED DKIMwl.org - Medium trust sender
X-BeenThere: kvm-riscv@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <kvm-riscv.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/kvm-riscv>,
<mailto:kvm-riscv-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/kvm-riscv/>
List-Post: <mailto:kvm-riscv@lists.infradead.org>
List-Help: <mailto:kvm-riscv-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/kvm-riscv>,
<mailto:kvm-riscv-request@lists.infradead.org?subject=subscribe>
Reply-To: Sean Christopherson <seanjc@google.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "kvm-riscv" <kvm-riscv-bounces@lists.infradead.org>
Errors-To: kvm-riscv-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
|
| Series |
KVM: Rework kvm_init() and hardware enabling
|
expand
|
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 8e81cd94407d..76185a7a7ded 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -8521,19 +8521,23 @@ static void vmx_cleanup_l1d_flush(void) l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_AUTO; } -static void vmx_exit(void) +static void __vmx_exit(void) { + allow_smaller_maxphyaddr = false; + #ifdef CONFIG_KEXEC_CORE RCU_INIT_POINTER(crash_vmclear_loaded_vmcss, NULL); synchronize_rcu(); #endif - - kvm_exit(); - kvm_x86_vendor_exit(); - vmx_cleanup_l1d_flush(); +} - allow_smaller_maxphyaddr = false; +static void vmx_exit(void) +{ + kvm_exit(); + kvm_x86_vendor_exit(); + + __vmx_exit(); } module_exit(vmx_exit); @@ -8551,11 +8555,6 @@ static int __init vmx_init(void) if (r) return r; - r = kvm_init(&vmx_init_ops, sizeof(struct vcpu_vmx), - __alignof__(struct vcpu_vmx), THIS_MODULE); - if (r) - goto err_kvm_init; - /* * Must be called after common x86 init so enable_ept is properly set * up. Hand the parameter mitigation value in which was stored in @@ -8589,11 +8588,20 @@ static int __init vmx_init(void) if (!enable_ept) allow_smaller_maxphyaddr = true; + /* + * Common KVM initialization _must_ come last, after this, /dev/kvm is + * exposed to userspace! + */ + r = kvm_init(&vmx_init_ops, sizeof(struct vcpu_vmx), + __alignof__(struct vcpu_vmx), THIS_MODULE); + if (r) + goto err_kvm_init; + return 0; -err_l1d_flush: - vmx_exit(); err_kvm_init: + __vmx_exit(); +err_l1d_flush: kvm_x86_vendor_exit(); return r; }
Call kvm_init() only after _all_ setup is complete, as kvm_init() exposes /dev/kvm to userspace and thus allows userspace to create VMs (and call other ioctls). E.g. KVM will encounter a NULL pointer when attempting to add a vCPU to the per-CPU loaded_vmcss_on_cpu list if userspace is able to create a VM before vmx_init() configures said list. BUG: kernel NULL pointer dereference, address: 0000000000000008 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 0 P4D 0 Oops: 0002 [#1] SMP CPU: 6 PID: 1143 Comm: stable Not tainted 6.0.0-rc7+ #988 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:vmx_vcpu_load_vmcs+0x68/0x230 [kvm_intel] <TASK> vmx_vcpu_load+0x16/0x60 [kvm_intel] kvm_arch_vcpu_load+0x32/0x1f0 [kvm] vcpu_load+0x2f/0x40 [kvm] kvm_arch_vcpu_create+0x231/0x310 [kvm] kvm_vm_ioctl+0x79f/0xe10 [kvm] ? handle_mm_fault+0xb1/0x220 __x64_sys_ioctl+0x80/0xb0 do_syscall_64+0x2b/0x50 entry_SYSCALL_64_after_hwframe+0x46/0xb0 RIP: 0033:0x7f5a6b05743b </TASK> Modules linked in: vhost_net vhost vhost_iotlb tap kvm_intel(+) kvm irqbypass Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson <seanjc@google.com> --- arch/x86/kvm/vmx/vmx.c | 34 +++++++++++++++++++++------------- 1 file changed, 21 insertions(+), 13 deletions(-)