| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 6 Jul 2016 19:55:10 +0800 From: Wanpeng Li <kernellwp@...il.com> To: Paolo Bonzini <pbonzini@...hat.com> Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, kvm <kvm@...r.kernel.org>, Wanpeng Li <wanpeng.li@...mail.com>, Radim Krčmář <rkrcmar@...hat.com>, Yunhong Jiang <yunhong.jiang@...el.com>, Jan Kiszka <jan.kiszka@...mens.com>, Haozhong Zhang <haozhong.zhang@...el.com> Subject: Re: [PATCH v2] KVM: nVMX: Fix preemption timer kernel NULL pointer dereference 2016-07-06 19:38 GMT+08:00 Wanpeng Li <kernellwp@...il.com>: > 2016-07-06 19:02 GMT+08:00 Paolo Bonzini <pbonzini@...hat.com>: >> >> >> On 06/07/2016 12:29, Wanpeng Li wrote: >>> BUG: unable to handle kernel NULL pointer dereference at (null) >>> IP: [< (null)>] (null) >>> PGD 0 >>> Oops: 0010 [#1] SMP >>> Call Trace: >>> ? kvm_lapic_expired_hv_timer+0x47/0x90 [kvm] >>> handle_preemption_timer+0xe/0x20 [kvm_intel] >>> vmx_handle_exit+0x169/0x15a0 [kvm_intel] >>> ? kvm_arch_vcpu_ioctl_run+0xd5d/0x19d0 [kvm] >>> kvm_arch_vcpu_ioctl_run+0xdee/0x19d0 [kvm] >>> ? kvm_arch_vcpu_ioctl_run+0xd5d/0x19d0 [kvm] >>> ? vcpu_load+0x1c/0x60 [kvm] >>> ? kvm_arch_vcpu_load+0x57/0x260 [kvm] >>> kvm_vcpu_ioctl+0x2d3/0x7c0 [kvm] >>> do_vfs_ioctl+0x96/0x6a0 >>> ? __fget_light+0x2a/0x90 >>> SyS_ioctl+0x79/0x90 >>> do_syscall_64+0x68/0x180 >>> entry_SYSCALL64_slow_path+0x25/0x25 >>> Code: Bad RIP value. >>> RIP [< (null)>] (null) >>> RSP <ffff8800b5263c48> >>> CR2: 0000000000000000 >>> ---[ end trace 9c70c48b1a2bc66e ]--- >> >> This is happening in L2, while the patch is for L1, right? So the commit >> title should be "KVM: nVMX: fix incorrect preemption timer vmexit in nested guest". > > Thanks. I will send out another version. :) > >> >> The patch looks correct, but I'm not sure how you get a preemption >> timer vmexit while vmcs02 is active: >> >> exec_control = vmcs12->pin_based_vm_exec_control; >> exec_control |= vmcs_config.pin_based_exec_ctrl; >> exec_control &= ~PIN_BASED_VMX_PREEMPTION_TIMER; >> >> In other words, don't you need something like > > After apply your patch, L0 calltrace. my patch + your patch, L0 calltrace. w/o my patch + your patch, L1 the same calltrace. Regards, Wanpeng Li
Powered by blists - more mailing lists