| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <753178ee-b9bb-4f17-a92c-a15d5b110ba8@redhat.com>
Date: Fri, 4 Nov 2016 10:38:45 +0100
From: Paolo Bonzini <pbonzini@...hat.com>
To: Radim Krčmář <rkrcmar@...hat.com>
Cc: linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
yang.zhang.wz@...il.com, feng.wu@...el.com, mst@...hat.com
Subject: Re: [PATCH 2/5] KVM: x86: do not scan IRR twice on APICv vmentry
On 03/11/2016 21:16, Radim Krčmář wrote:
> > + if (!pi_test_on(&vmx->pi_desc))
>
> We don't call vmx_hwapic_irr_update() when returning early.
This might be a good start, but it's on purpose: IRR is not changing and
the invariant _should_ be that RVI=highest-bit(IRR):
- IRR cleared by processor: see SDM 29.2.2 Virtual-interrupt delivery
- IRR set by processor: see SDM 29.6 Posted-interrupt processing
- IRR set by KVM: ON=1 so it doesn't exit here
- IRR cleared by KVM: might indeed be buggy here, but the next patch
does add a
+ kvm_x86_ops->hwapic_irr_update(vcpu,
+ apic_find_highest_irr(apic));
to apic_clear_irr, which doesn't fix the bug (and doesn't fix it also if
backported here).
So we're missing a place where IRR has changed but RVI is not being
updated. It should be related to vmx_check_nested_events and
kvm_cpu_has_interrupt as you said, but I cannot really see it.
Paolo
>> > + return;
>> > +
>> > + pi_clear_on(&vmx->pi_desc);
>> > + max_irr = kvm_apic_update_irr(vcpu, vmx->pi_desc.pir);
>> > + vmx_hwapic_irr_update(vcpu, max_irr);
>> > +}
Powered by blists - more mailing lists