lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250212221217.161222-1-jthoughton@google.com>
Date: Wed, 12 Feb 2025 22:12:17 +0000
From: James Houghton <jthoughton@...gle.com>
To: syzbot+ac0bc3a70282b4d586cc@...kaller.appspotmail.com, seanjc@...gle.com
Cc: bp@...en8.de, dave.hansen@...ux.intel.com, hpa@...or.com, 
	kvm@...r.kernel.org, linux-kernel@...r.kernel.org, mingo@...hat.com, 
	pbonzini@...hat.com, syzkaller-bugs@...glegroups.com, tglx@...utronix.de, 
	x86@...nel.org
Subject: Re: [syzbot] [kvm?] WARNING in vmx_handle_exit (2)

Here's what I think is going on (with the C repro anyway):

1. KVM_RUN a nested VM, and eventually we end up with
   nested_run_pending=1.
2. Exit KVM_RUN with EINTR (or any reason really, but I see EINTR in
   repro attempts).
3. KVM_SET_REGS to set rflags to 0x1ac585, which has X86_EFLAGS_VM,
   flipping it and setting vmx->emulation_required = true.
3. KVM_RUN again. vmx->emulation_required will stop KVM from clearing
   nested_run_pending, and then we hit the
   KVM_BUG_ON(nested_run_pending) in __vmx_handle_exit().

So I guess the KVM_BUG_ON() is a little bit too conservative, but this
is nonsensical VMM behavior. So I'm not really sure what the best
solution is. Sean, any thoughts?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ