| Message ID | 20190426020109.32319-1-sean.j.christopherson@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | KVM: lapic: Check for in-kernel LAPIC before deferencing apic pointer | expand |
On Thu, Apr 25, 2019 at 07:01:09PM -0700, Sean Christopherson wrote: > ...to avoid dereferencing a null pointer when querying the per-vCPU > timer advance. > > Fixes: 39497d7660d98 ("KVM: lapic: Track lapic timer advance per vCPU") > Reported-by: syzbot+f7e65445a40d3e0e4ebf@syzkaller.appspotmail.com Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> > Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> > --- > arch/x86/kvm/lapic.c | 3 --- > arch/x86/kvm/x86.c | 3 ++- > 2 files changed, 2 insertions(+), 4 deletions(-) > > diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c > index 7decd58c9cea..35b8ac8f04fe 100644 > --- a/arch/x86/kvm/lapic.c > +++ b/arch/x86/kvm/lapic.c > @@ -1487,9 +1487,6 @@ void wait_lapic_expire(struct kvm_vcpu *vcpu) > u32 timer_advance_ns = apic->lapic_timer.timer_advance_ns; > u64 guest_tsc, tsc_deadline, ns; > > - if (!lapic_in_kernel(vcpu)) > - return; > - > if (apic->lapic_timer.expired_tscdeadline == 0) > return; > > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > index aa26a3cfc765..21cb34d8ae01 100644 > --- a/arch/x86/kvm/x86.c > +++ b/arch/x86/kvm/x86.c > @@ -7872,7 +7872,8 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu) > } > > trace_kvm_entry(vcpu->vcpu_id); > - if (vcpu->arch.apic->lapic_timer.timer_advance_ns) > + if (lapic_in_kernel(vcpu) && > + vcpu->arch.apic->lapic_timer.timer_advance_ns) > wait_lapic_expire(vcpu); > guest_enter_irqoff(); > > -- > 2.21.0 >
On 26/04/19 05:15, Konrad Rzeszutek Wilk wrote:
> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Queued, thanks.
Paolo
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 7decd58c9cea..35b8ac8f04fe 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -1487,9 +1487,6 @@ void wait_lapic_expire(struct kvm_vcpu *vcpu) u32 timer_advance_ns = apic->lapic_timer.timer_advance_ns; u64 guest_tsc, tsc_deadline, ns; - if (!lapic_in_kernel(vcpu)) - return; - if (apic->lapic_timer.expired_tscdeadline == 0) return; diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index aa26a3cfc765..21cb34d8ae01 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -7872,7 +7872,8 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu) } trace_kvm_entry(vcpu->vcpu_id); - if (vcpu->arch.apic->lapic_timer.timer_advance_ns) + if (lapic_in_kernel(vcpu) && + vcpu->arch.apic->lapic_timer.timer_advance_ns) wait_lapic_expire(vcpu); guest_enter_irqoff();
...to avoid dereferencing a null pointer when querying the per-vCPU timer advance. Fixes: 39497d7660d98 ("KVM: lapic: Track lapic timer advance per vCPU") Reported-by: syzbot+f7e65445a40d3e0e4ebf@syzkaller.appspotmail.com Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> --- arch/x86/kvm/lapic.c | 3 --- arch/x86/kvm/x86.c | 3 ++- 2 files changed, 2 insertions(+), 4 deletions(-)