MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2026-01-27 12:47:24 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
0aa1b76fe1
linux-yocto/arch/arm64/kvm
History
Oliver Upton 0aa1b76fe1 KVM: arm64: Prevent access to vCPU events before init 
Another day, another syzkaller bug. KVM erroneously allows userspace to
pend vCPU events for a vCPU that hasn't been initialized yet, leading to
KVM interpreting a bunch of uninitialized garbage for routing /
injecting the exception.

In one case the injection code and the hyp disagree on whether the vCPU
has a 32bit EL1 and put the vCPU into an illegal mode for AArch64,
tripping the BUG() in exception_target_el() during the next injection:

  kernel BUG at arch/arm64/kvm/inject_fault.c:40!
  Internal error: Oops - BUG: 00000000f2000800 [#1]  SMP
  CPU: 3 UID: 0 PID: 318 Comm: repro Not tainted 6.17.0-rc4-00104-g10fd0285305d #6 PREEMPT
  Hardware name: linux,dummy-virt (DT)
  pstate: 21402009 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
  pc : exception_target_el+0x88/0x8c
  lr : pend_serror_exception+0x18/0x13c
  sp : ffff800082f03a10
  x29: ffff800082f03a10 x28: ffff0000cb132280 x27: 0000000000000000
  x26: 0000000000000000 x25: ffff0000c2a99c20 x24: 0000000000000000
  x23: 0000000000008000 x22: 0000000000000002 x21: 0000000000000004
  x20: 0000000000008000 x19: ffff0000c2a99c20 x18: 0000000000000000
  x17: 0000000000000000 x16: 0000000000000000 x15: 00000000200000c0
  x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000
  x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000
  x8 : ffff800082f03af8 x7 : 0000000000000000 x6 : 0000000000000000
  x5 : ffff800080f621f0 x4 : 0000000000000000 x3 : 0000000000000000
  x2 : 000000000040009b x1 : 0000000000000003 x0 : ffff0000c2a99c20
  Call trace:
   exception_target_el+0x88/0x8c (P)
   kvm_inject_serror_esr+0x40/0x3b4
   __kvm_arm_vcpu_set_events+0xf0/0x100
   kvm_arch_vcpu_ioctl+0x180/0x9d4
   kvm_vcpu_ioctl+0x60c/0x9f4
   __arm64_sys_ioctl+0xac/0x104
   invoke_syscall+0x48/0x110
   el0_svc_common.constprop.0+0x40/0xe0
   do_el0_svc+0x1c/0x28
   el0_svc+0x34/0xf0
   el0t_64_sync_handler+0xa0/0xe4
   el0t_64_sync+0x198/0x19c
  Code: f946bc01 b4fffe61 9101e020 17fffff2 (d4210000)

Reject the ioctls outright as no sane VMM would call these before
KVM_ARM_VCPU_INIT anyway. Even if it did the exception would've been
thrown away by the eventual reset of the vCPU's state.

Cc: stable@vger.kernel.org # 6.17
Fixes: b7b27facc7 ("arm/arm64: KVM: Add KVM_GET/SET_VCPU_EVENTS")
Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
Signed-off-by: Marc Zyngier <maz@kernel.org>
2025-10-13 14:17:03 +01:00
..
hyp KVM/arm64 updates for 6.18 2025-09-30 13:23:28 -04:00
vgic KVM/arm64 updates for 6.18 2025-09-30 13:23:28 -04:00
.gitignore
arch_timer.c KVM: arm64: Add helper to identify a nested context 2025-07-08 10:40:30 -07:00
arm.c KVM: arm64: Prevent access to vCPU events before init 2025-10-13 14:17:03 +01:00
at.c KVM: arm64: Use the in-context stage-1 in __kvm_find_s1_desc_level() 2025-10-13 14:17:03 +01:00
config.c KVM: arm64: Convert MDCR_EL2 RES0 handling to compute_reg_res0_bits() 2025-09-19 13:45:36 +01:00
debug.c KVM/arm64 updates for 6.18 2025-09-30 13:23:28 -04:00
emulate-nested.c Merge branch kvm-arm64/misc-6.18 into kvmarm-master/next 2025-09-20 12:26:29 +01:00
fpsimd.c KVM: arm64: Remove kvm_arch_vcpu_run_map_fp() 2025-07-03 10:39:24 +01:00
guest.c KVM: arm64: Commit exceptions from KVM_SET_VCPU_EVENTS immediately 2025-07-15 20:12:03 -07:00
handle_exit.c guest_memfd: 2025-10-04 08:52:16 -07:00
hypercalls.c arm64: kvm, smccc: Introduce and use API for getting hypervisor UUID 2025-05-23 16:30:55 +00:00
inject_fault.c KVM: arm64: Populate level on S1PTW SEA injection 2025-09-20 11:05:14 +01:00
Kconfig hyperv-next for v6.18 2025-10-07 08:40:15 -07:00
Makefile KVM: arm64: gic-v5: Probe for GICv5 2025-07-08 14:41:06 -07:00
mmio.c KVM: arm64: Don't retire MMIO instruction w/ pending (emulated) SError 2025-07-08 11:36:36 -07:00
mmu.c KVM/arm64 updates for 6.18 2025-09-30 13:23:28 -04:00
nested.c KVM/arm64 updates for 6.18 2025-09-30 13:23:28 -04:00
pauth.c
pkvm.c KVM/arm64 updates for 6.18 2025-09-30 13:23:28 -04:00
pmu-emul.c KVM: arm64: Add RMW specific sysreg accessor 2025-06-05 14:18:01 +01:00
pmu.c KVM: arm64: Use a cpucap to determine if system supports FEAT_PMUv3 2025-03-11 12:54:23 -07:00
psci.c
ptdump.c KVM: arm64: ptdump: Don't test PTE_VALID alongside other attributes 2025-09-08 20:01:21 +01:00
pvtime.c
reset.c KVM: arm64: nv: Add pseudo-TLB backing VNCR_EL2 2025-05-19 07:59:46 +01:00
stacktrace.c
sys_regs.c KVM: arm64: nv: Don't advance PC when pending an SVE exception 2025-10-13 14:17:03 +01:00
sys_regs.h arm64: kvm: sys_regs: use string choices helper 2025-07-23 23:36:37 -07:00
trace_arm.h KVM: arm64: Replace ternary flags with str_on_off() helper 2025-05-06 09:38:37 +01:00
trace_handle_exit.h arm64: kvm: trace_handle_exit: use string choices helper 2025-07-23 23:36:55 -07:00
trace.h
trng.c
va_layout.c
vgic-sys-reg-v3.c KVM: arm64: Enforce the sorting of the GICv3 system register table 2025-07-26 08:36:58 -07:00
vmid.c KVM: arm64: Ensure a VMID is allocated before programming VTTBR_EL2 2025-02-20 16:29:28 +00:00