Patchwork kvm: x86: Fix initial kvm_has_msr_star

login
register
mail settings
Submitter Jan Kiszka
Date Dec. 6, 2009, 2:51 p.m.
Message ID <4B1BC4EC.90704@web.de>
Download mbox | patch
Permalink /patch/40424/
State New
Headers show

Comments

Jan Kiszka - Dec. 6, 2009, 2:51 p.m.
KVM_GET_MSR_INDEX_LIST returns -E2BIG when the provided space is too
small for all MSRs. But this is precisely the error we trigger with the
initial request in order to obtain that size. Do not fail in that case.

This caused a subtle corruption of the guest state as MSR_STAR was not
properly saved/restored. The corruption became visible with latest kvm
optimizing the MSR updates.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---

 target-i386/kvm.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)
Jan Kiszka - Dec. 6, 2009, 2:54 p.m.
Sorry, this is of course a critical fix for all branches that have KVM
support.

Jan

Jan Kiszka wrote:
> KVM_GET_MSR_INDEX_LIST returns -E2BIG when the provided space is too
> small for all MSRs. But this is precisely the error we trigger with the
> initial request in order to obtain that size. Do not fail in that case.
> 
> This caused a subtle corruption of the guest state as MSR_STAR was not
> properly saved/restored. The corruption became visible with latest kvm
> optimizing the MSR updates.
> 
> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
> ---
> 
>  target-i386/kvm.c |    4 ++--
>  1 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/target-i386/kvm.c b/target-i386/kvm.c
> index 3b61a7f..88b504c 100644
> --- a/target-i386/kvm.c
> +++ b/target-i386/kvm.c
> @@ -244,9 +244,9 @@ static int kvm_has_msr_star(CPUState *env)
>           * save/restore */
>          msr_list.nmsrs = 0;
>          ret = kvm_ioctl(env->kvm_state, KVM_GET_MSR_INDEX_LIST, &msr_list);
> -        if (ret < 0)
> +        if (ret < 0 && ret != -E2BIG) {
>              return 0;
> -
> +        }
>          /* Old kernel modules had a bug and could write beyond the provided
>             memory. Allocate at least a safe amount of 1K. */
>          kvm_msr_list = qemu_mallocz(MAX(1024, sizeof(msr_list) +
>
Avi Kivity - Dec. 6, 2009, 3:12 p.m.
On 12/06/2009 04:51 PM, Jan Kiszka wrote:
> KVM_GET_MSR_INDEX_LIST returns -E2BIG when the provided space is too
> small for all MSRs. But this is precisely the error we trigger with the
> initial request in order to obtain that size. Do not fail in that case.
>
> This caused a subtle corruption of the guest state as MSR_STAR was not
> properly saved/restored. The corruption became visible with latest kvm
> optimizing the MSR updates.
>    

Strong ack.  Anthony, please apply ASAP.  This is worthy of a 0.11.2, IMO.
Avi Kivity - Dec. 7, 2009, 8:12 a.m.
On 12/06/2009 04:51 PM, Jan Kiszka wrote:
> KVM_GET_MSR_INDEX_LIST returns -E2BIG when the provided space is too
> small for all MSRs. But this is precisely the error we trigger with the
> initial request in order to obtain that size. Do not fail in that case.
>
> This caused a subtle corruption of the guest state as MSR_STAR was not
> properly saved/restored. The corruption became visible with latest kvm
> optimizing the MSR updates.
>    

I applied this to qemu-kvm since it missed 0.12-rc1.
Jan Kiszka - Dec. 7, 2009, 8:24 a.m.
Avi Kivity wrote:
> On 12/06/2009 04:51 PM, Jan Kiszka wrote:
>> KVM_GET_MSR_INDEX_LIST returns -E2BIG when the provided space is too
>> small for all MSRs. But this is precisely the error we trigger with the
>> initial request in order to obtain that size. Do not fail in that case.
>>
>> This caused a subtle corruption of the guest state as MSR_STAR was not
>> properly saved/restored. The corruption became visible with latest kvm
>> optimizing the MSR updates.
>>    
> 
> I applied this to qemu-kvm since it missed 0.12-rc1.
> 

OK, but this part is unused in qemu-kvm as we use our own (unaffected)
implementation there so far.

Jan
Avi Kivity - Dec. 7, 2009, 8:42 a.m.
On 12/07/2009 10:24 AM, Jan Kiszka wrote:
>
>> I applied this to qemu-kvm since it missed 0.12-rc1.
>>
>>      
> OK, but this part is unused in qemu-kvm as we use our own (unaffected)
> implementation there so far.
>    

#include <toldyouso.h>

Will unapply.
Anthony Liguori - Dec. 7, 2009, 2:47 p.m.
Avi Kivity wrote:
> On 12/06/2009 04:51 PM, Jan Kiszka wrote:
>> KVM_GET_MSR_INDEX_LIST returns -E2BIG when the provided space is too
>> small for all MSRs. But this is precisely the error we trigger with the
>> initial request in order to obtain that size. Do not fail in that case.
>>
>> This caused a subtle corruption of the guest state as MSR_STAR was not
>> properly saved/restored. The corruption became visible with latest kvm
>> optimizing the MSR updates.
>>    
>
> I applied this to qemu-kvm since it missed 0.12-rc1.

I've got it in my tree.  It will be a part of 0.12-rc2 and I'll push to 
master today.

Don't know when 0.11.2 will happen but I'll also push it to the 
stable-0.11 branch.
Avi Kivity - Dec. 7, 2009, 4:31 p.m.
On 12/07/2009 04:47 PM, Anthony Liguori wrote:
>
> Don't know when 0.11.2 will happen but I'll also push it to the 
> stable-0.11 branch.
>

I think this is worthy of a 0.11.2 all by itself.
Anthony Liguori - Dec. 7, 2009, 4:33 p.m.
Avi Kivity wrote:
> On 12/07/2009 04:47 PM, Anthony Liguori wrote:
>>
>> Don't know when 0.11.2 will happen but I'll also push it to the 
>> stable-0.11 branch.
>>
>
> I think this is worthy of a 0.11.2 all by itself.

Understood.  I'll see what I can do today.

Patch

diff --git a/target-i386/kvm.c b/target-i386/kvm.c
index 3b61a7f..88b504c 100644
--- a/target-i386/kvm.c
+++ b/target-i386/kvm.c
@@ -244,9 +244,9 @@  static int kvm_has_msr_star(CPUState *env)
          * save/restore */
         msr_list.nmsrs = 0;
         ret = kvm_ioctl(env->kvm_state, KVM_GET_MSR_INDEX_LIST, &msr_list);
-        if (ret < 0)
+        if (ret < 0 && ret != -E2BIG) {
             return 0;
-
+        }
         /* Old kernel modules had a bug and could write beyond the provided
            memory. Allocate at least a safe amount of 1K. */
         kvm_msr_list = qemu_mallocz(MAX(1024, sizeof(msr_list) +