• WANG Chao's avatar
    x86/kvm: move kvm_load/put_guest_xcr0 into atomic context · 1811d979
    WANG Chao authored
    guest xcr0 could leak into host when MCE happens in guest mode. Because
    do_machine_check() could schedule out at a few places.
    
    For example:
    
    kvm_load_guest_xcr0
    ...
    kvm_x86_ops->run(vcpu) {
      vmx_vcpu_run
        vmx_complete_atomic_exit
          kvm_machine_check
            do_machine_check
              do_memory_failure
                memory_failure
                  lock_page
    
    In this case, host_xcr0 is 0x2ff, guest vcpu xcr0 is 0xff. After schedule
    out, host cpu has guest xcr0 loaded (0xff).
    
    In __switch_to {
         switch_fpu_finish
           copy_kernel_to_fpregs
             XRSTORS
    
    If any bit i in XSTATE_BV[i] == 1 and xcr0[i] == 0, XRSTORS will
    generate #GP (In this case, bit 9). Then ex_handler_fprestore kicks in
    and tries to reinitialize fpu by restoring init fpu state. Same story as
    last #GP, except we get DOUBLE FAULT this time.
    
    Cc: stable@vger.kernel.org
    Signed-off-by: default avatarWANG Chao <chao.wang@ucloud.cn>
    Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
    1811d979
vmx.c 213 KB