lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: 
 <174304589224.1549280.1623157194395422949.git-patchwork-notify@kernel.org>
Date: Thu, 27 Mar 2025 03:24:52 +0000
From: patchwork-bot+linux-riscv@...nel.org
To: Sean Christopherson <seanjc@...gle.com>
Cc: linux-riscv@...ts.infradead.org, maz@...nel.org, oliver.upton@...ux.dev,
 zhaotianrui@...ngson.cn, maobibo@...ngson.cn, chenhuacai@...nel.org,
 maddy@...ux.ibm.com, anup@...infault.org, paul.walmsley@...ive.com,
 palmer@...belt.com, aou@...s.berkeley.edu, borntraeger@...ux.ibm.com,
 frankja@...ux.ibm.com, imbrenda@...ux.ibm.com, pbonzini@...hat.com,
 linux-arm-kernel@...ts.infradead.org, kvmarm@...ts.linux.dev,
 kvm@...r.kernel.org, loongarch@...ts.linux.dev, linux-mips@...r.kernel.org,
 linuxppc-dev@...ts.ozlabs.org, kvm-riscv@...ts.infradead.org,
 linux-kernel@...r.kernel.org, aaronlewis@...gle.com, jmattson@...gle.com,
 yan.y.zhao@...el.com, rick.p.edgecombe@...el.com, kai.huang@...el.com,
 isaku.yamahata@...el.com
Subject: Re: [PATCH 0/7] KVM: x86: nVMX IRQ fix and VM teardown cleanups

Hello:

This series was applied to riscv/linux.git (for-next)
by Paolo Bonzini <pbonzini@...hat.com>:

On Mon, 24 Feb 2025 15:55:35 -0800 you wrote:
> This was _supposed_ to be a tiny one-off patch to fix a nVMX bug where KVM
> fails to detect that, after nested VM-Exit, L1 has a pending IRQ (or NMI).
> But because x86's nested teardown flows are garbage (KVM simply forces a
> nested VM-Exit to put the vCPU back into L1), that simple fix snowballed.
> 
> The immediate issue is that checking for a pending interrupt accesses the
> legacy PIC, and x86's kvm_arch_destroy_vm() currently frees the PIC before
> destroying vCPUs, i.e. checking for IRQs during the forced nested VM-Exit
> results in a NULL pointer deref (or use-after-free if KVM didn't nullify
> the PIC pointer).  That's patch 1.
> 
> [...]

Here is the summary with links:
  - [1/7] KVM: x86: Free vCPUs before freeing VM state
    https://git.kernel.org/riscv/c/17bcd7144263
  - [2/7] KVM: nVMX: Process events on nested VM-Exit if injectable IRQ or NMI is pending
    https://git.kernel.org/riscv/c/982caaa11504
  - [3/7] KVM: Assert that a destroyed/freed vCPU is no longer visible
    (no matching commit)
  - [4/7] KVM: x86: Don't load/put vCPU when unloading its MMU during teardown
    (no matching commit)
  - [5/7] KVM: x86: Unload MMUs during vCPU destruction, not before
    (no matching commit)
  - [6/7] KVM: x86: Fold guts of kvm_arch_sync_events() into kvm_arch_pre_destroy_vm()
    (no matching commit)
  - [7/7] KVM: Drop kvm_arch_sync_events() now that all implementations are nops
    (no matching commit)

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ