1. 10 6月, 2016 36 次提交
  2. 03 6月, 2016 4 次提交
    • K
      kvm/x86: remove unnecessary header file inclusion · dca4d728
      Kai Huang 提交于
      arch/x86/kvm/iommu.c includes <linux/intel-iommu.h> and <linux/dmar.h>, which
      both are unnecessary, in fact incorrect to be here as they are intel specific.
      
      Building kvm on x86 passed after removing above inclusion.
      Signed-off-by: NKai Huang <kai.huang@linux.intel.com>
      Signed-off-by: NRadim Krčmář <rkrcmar@redhat.com>
      dca4d728
    • P
      KVM: x86: protect KVM_CREATE_PIT/KVM_CREATE_PIT2 with kvm->lock · 250715a6
      Paolo Bonzini 提交于
      The syzkaller folks reported a NULL pointer dereference that seems
      to be cause by a race between KVM_CREATE_IRQCHIP and KVM_CREATE_PIT2.
      The former takes kvm->lock (except when registering the devices,
      which needs kvm->slots_lock); the latter takes kvm->slots_lock only.
      Change KVM_CREATE_PIT2 to follow the same model as KVM_CREATE_IRQCHIP.
      
      Testcase:
      
          #include <pthread.h>
          #include <linux/kvm.h>
          #include <fcntl.h>
          #include <sys/ioctl.h>
          #include <stdint.h>
          #include <string.h>
          #include <stdlib.h>
          #include <sys/syscall.h>
          #include <unistd.h>
      
          long r[23];
      
          void* thr1(void* arg)
          {
              struct kvm_pit_config pitcfg = { .flags = 4 };
              switch ((long)arg) {
              case 0: r[2]  = open("/dev/kvm", O_RDONLY|O_ASYNC);    break;
              case 1: r[3]  = ioctl(r[2], KVM_CREATE_VM, 0);         break;
              case 2: r[4]  = ioctl(r[3], KVM_CREATE_IRQCHIP, 0);    break;
              case 3: r[22] = ioctl(r[3], KVM_CREATE_PIT2, &pitcfg); break;
              }
              return 0;
          }
      
          int main(int argc, char **argv)
          {
              long i;
              pthread_t th[4];
      
              memset(r, -1, sizeof(r));
              for (i = 0; i < 4; i++) {
                  pthread_create(&th[i], 0, thr, (void*)i);
                  if (argc > 1 && rand()%2) usleep(rand()%1000);
              }
              usleep(20000);
              return 0;
          }
      Reported-by: NDmitry Vyukov <dvyukov@google.com>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      Signed-off-by: NRadim Krčmář <rkrcmar@redhat.com>
      250715a6
    • P
      KVM: x86: rename process_smi to enter_smm, process_smi_request to process_smi · ee2cd4b7
      Paolo Bonzini 提交于
      Make the function names more similar between KVM_REQ_NMI and KVM_REQ_SMI.
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      Signed-off-by: NRadim Krčmář <rkrcmar@redhat.com>
      ee2cd4b7
    • P
      KVM: x86: avoid simultaneous queueing of both IRQ and SMI · c43203ca
      Paolo Bonzini 提交于
      If the processor exits to KVM while delivering an interrupt,
      the hypervisor then requeues the interrupt for the next vmentry.
      Trying to enter SMM in this same window causes to enter non-root
      mode in emulated SMM (i.e. with IF=0) and with a request to
      inject an IRQ (i.e. with a valid VM-entry interrupt info field).
      This is invalid guest state (SDM 26.3.1.4 "Check on Guest RIP
      and RFLAGS") and the processor fails vmentry.
      
      The fix is to defer the injection from KVM_REQ_SMI to KVM_REQ_EVENT,
      like we already do for e.g. NMIs.  This patch doesn't change the
      name of the process_smi function so that it can be applied to
      stable releases.  The next patch will modify the names so that
      process_nmi and process_smi handle respectively KVM_REQ_NMI and
      KVM_REQ_SMI.
      
      This is especially common with Windows, probably due to the
      self-IPI trick that it uses to deliver deferred procedure
      calls (DPCs).
      Reported-by: NLaszlo Ersek <lersek@redhat.com>
      Reported-by: NMichał Zegan <webczat_200@poczta.onet.pl>
      Fixes: 64d60670
      Cc: stable@vger.kernel.org
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      Signed-off-by: NRadim Krčmář <rkrcmar@redhat.com>
      c43203ca