Re: [PATCH] KVM: x86: Fix a 4.14 backport regression related to userspace/guest FPU

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Jan 28, 2019 at 12:51:02PM -0800, Sean Christopherson wrote:
> Upstream commit:
> 
>     f775b13eedee ("x86,kvm: move qemu/guest FPU switching out to vcpu_run")
> 
> introduced a bug, which was later fixed by upstream commit:
> 
>     5663d8f9bbe4 ("kvm: x86: fix WARN due to uninitialized guest FPU state")
> 
> For reasons unknown, both commits were initially passed-over for
> inclusion in the 4.14 stable branch despite being tagged for stable.
> Eventually, someone noticed that the fixup, commit 5663d8f9bbe4, was
> missing from stable[1], and so it was queued up for 4.14 and included in
> release v4.14.79.
> 
> Even later, the original buggy patch, commit f775b13eedee, was also
> applied to the 4.14 stable branch.  Through an unlucky coincidence, the
> incorrect ordering did not generate a conflict between the two patches,
> and led to v4.14.94 and later releases containing a spurious call to
> kvm_load_guest_fpu() in kvm_arch_vcpu_ioctl_run().  As a result, KVM may
> reload stale guest FPU state, e.g. after accepting in INIT event.  This
> can manifest as crashes during boot, segfaults, failed checksums and so
> on and so forth.
> 
> Remove the unwanted kvm_{load,put}_guest_fpu() calls, i.e. make
> kvm_arch_vcpu_ioctl_run() look like commit 5663d8f9bbe4 was backported
> after commit f775b13eedee.
> 
> [1] https://www.spinics.net/lists/stable/msg263931.html
> 
> Fixes: 4124a4cff344 ("x86,kvm: move qemu/guest FPU switching out to vcpu_run")
> Cc: stable@xxxxxxxxxxxxxxx
> Cc: Sasha Levin <sashal@xxxxxxxxxx>
> Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
> Cc: Peter Xu <peterx@xxxxxxxxxx>
> Cc: Rik van Riel <riel@xxxxxxxxxx>
> Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
> Cc: Radim Krčmář <rkrcmar@xxxxxxxxxx>
> Reported-by: Roman Mamedov
> Reported-by: Thomas Lindroth <thomas.lindroth@xxxxxxxxx>
> Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
> ---
>  arch/x86/kvm/x86.c | 6 +-----
>  1 file changed, 1 insertion(+), 5 deletions(-)

Thanks so much for this, sorry for the mis-merge, nice catch!

Now queued up.

greg k-h
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux