Patch "KVM: fix avic_set_running for preemptable kernels" has been added to the 5.15-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Sun, 05 Dec 2021 13:32:29 +0100

This is a note to let you know that I've just added the patch titled

    KVM: fix avic_set_running for preemptable kernels

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     kvm-fix-avic_set_running-for-preemptable-kernels.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 7cfc5c653b07782e7059527df8dc1e3143a7591e Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Date: Tue, 30 Nov 2021 03:46:07 -0500
Subject: KVM: fix avic_set_running for preemptable kernels

From: Paolo Bonzini <pbonzini@xxxxxxxxxx>

commit 7cfc5c653b07782e7059527df8dc1e3143a7591e upstream.

avic_set_running() passes the current CPU to avic_vcpu_load(), albeit
via vcpu->cpu rather than smp_processor_id().  If the thread is migrated
while avic_set_running runs, the call to avic_vcpu_load() can use a stale
value for the processor id.  Avoid this by blocking preemption over the
entire execution of avic_set_running().

Reported-by: Sean Christopherson <seanjc@xxxxxxxxxx>
Fixes: 8221c1370056 ("svm: Manage vcpu load/unload when enable AVIC")
Cc: stable@xxxxxxxxxxxxxxx
Reviewed-by: Maxim Levitsky <mlevitsk@xxxxxxxxxx>
Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 arch/x86/kvm/svm/avic.c |   16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

--- a/arch/x86/kvm/svm/avic.c
+++ b/arch/x86/kvm/svm/avic.c
@@ -988,16 +988,18 @@ void avic_vcpu_put(struct kvm_vcpu *vcpu
 static void avic_set_running(struct kvm_vcpu *vcpu, bool is_run)
 {
 	struct vcpu_svm *svm = to_svm(vcpu);
+	int cpu = get_cpu();
 
+	WARN_ON(cpu != vcpu->cpu);
 	svm->avic_is_running = is_run;
 
-	if (!kvm_vcpu_apicv_active(vcpu))
-		return;
-
-	if (is_run)
-		avic_vcpu_load(vcpu, vcpu->cpu);
-	else
-		avic_vcpu_put(vcpu);
+	if (kvm_vcpu_apicv_active(vcpu)) {
+		if (is_run)
+			avic_vcpu_load(vcpu, cpu);
+		else
+			avic_vcpu_put(vcpu);
+	}
+	put_cpu();
 }
 
 void svm_vcpu_blocking(struct kvm_vcpu *vcpu)


Patches currently in stable-queue which might be from pbonzini@xxxxxxxxxx are

queue-5.15/kvm-disallow-user-memslot-with-size-that-exceeds-unsigned-long.patch
queue-5.15/kvm-fix-avic_set_running-for-preemptable-kernels.patch






