lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CANRm+Cx7GTGHY8D4yGkQ0PWdh6+9Le3qgcUB1ZTO+vz5kka5Pw@mail.gmail.com>
Date:	Wed, 6 Jul 2016 19:55:10 +0800
From:	Wanpeng Li <kernellwp@...il.com>
To:	Paolo Bonzini <pbonzini@...hat.com>
Cc:	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	kvm <kvm@...r.kernel.org>, Wanpeng Li <wanpeng.li@...mail.com>,
	Radim Krčmář <rkrcmar@...hat.com>,
	Yunhong Jiang <yunhong.jiang@...el.com>,
	Jan Kiszka <jan.kiszka@...mens.com>,
	Haozhong Zhang <haozhong.zhang@...el.com>
Subject: Re: [PATCH v2] KVM: nVMX: Fix preemption timer kernel NULL pointer dereference

2016-07-06 19:38 GMT+08:00 Wanpeng Li <kernellwp@...il.com>:
> 2016-07-06 19:02 GMT+08:00 Paolo Bonzini <pbonzini@...hat.com>:
>>
>>
>> On 06/07/2016 12:29, Wanpeng Li wrote:
>>> BUG: unable to handle kernel NULL pointer dereference at           (null)
>>> IP: [<          (null)>]           (null)
>>> PGD 0
>>> Oops: 0010 [#1] SMP
>>> Call Trace:
>>>  ? kvm_lapic_expired_hv_timer+0x47/0x90 [kvm]
>>>  handle_preemption_timer+0xe/0x20 [kvm_intel]
>>>  vmx_handle_exit+0x169/0x15a0 [kvm_intel]
>>>  ? kvm_arch_vcpu_ioctl_run+0xd5d/0x19d0 [kvm]
>>>  kvm_arch_vcpu_ioctl_run+0xdee/0x19d0 [kvm]
>>>  ? kvm_arch_vcpu_ioctl_run+0xd5d/0x19d0 [kvm]
>>>  ? vcpu_load+0x1c/0x60 [kvm]
>>>  ? kvm_arch_vcpu_load+0x57/0x260 [kvm]
>>>  kvm_vcpu_ioctl+0x2d3/0x7c0 [kvm]
>>>  do_vfs_ioctl+0x96/0x6a0
>>>  ? __fget_light+0x2a/0x90
>>>  SyS_ioctl+0x79/0x90
>>>  do_syscall_64+0x68/0x180
>>>  entry_SYSCALL64_slow_path+0x25/0x25
>>> Code:  Bad RIP value.
>>> RIP  [<          (null)>]           (null)
>>>  RSP <ffff8800b5263c48>
>>> CR2: 0000000000000000
>>> ---[ end trace 9c70c48b1a2bc66e ]---
>>
>> This is happening in L2, while the patch is for L1, right?  So the commit
>> title should be "KVM: nVMX: fix incorrect preemption timer vmexit in nested guest".
>
> Thanks. I will send out another version. :)
>
>>
>> The patch looks correct, but I'm not sure how you get a preemption
>> timer vmexit while vmcs02 is active:
>>
>>         exec_control = vmcs12->pin_based_vm_exec_control;
>>         exec_control |= vmcs_config.pin_based_exec_ctrl;
>>         exec_control &= ~PIN_BASED_VMX_PREEMPTION_TIMER;
>>
>> In other words, don't you need something like
>
> After apply your patch, L0 calltrace.

my patch + your patch, L0 calltrace.
w/o my patch + your patch, L1 the same calltrace.

Regards,
Wanpeng Li

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ