diff options
| -rw-r--r-- | 0002-kvm-ioapic-Restrict-lazy-EOI-update-to-edge-triggered-interrupts.patch | 78 | ||||
| -rw-r--r-- | PKGBUILD | 9 |
2 files changed, 84 insertions, 3 deletions
diff --git a/0002-kvm-ioapic-Restrict-lazy-EOI-update-to-edge-triggered-interrupts.patch b/0002-kvm-ioapic-Restrict-lazy-EOI-update-to-edge-triggered-interrupts.patch new file mode 100644 index 0000000..b887a12 --- /dev/null +++ b/0002-kvm-ioapic-Restrict-lazy-EOI-update-to-edge-triggered-interrupts.patch @@ -0,0 +1,78 @@ +From da707adaee9ff035c943178160be54a90de00cb3 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini <pbonzini@redhat.com> +Date: Mon, 4 May 2020 12:19:45 -0400 +Subject: kvm: ioapic: Restrict lazy EOI update to edge-triggered interrupts + +Commit f458d039db7e ("kvm: ioapic: Lazy update IOAPIC EOI") introduces +the following infinite loop: + +BUG: stack guard page was hit at 000000008f595917 \ +(stack is 00000000bdefe5a4..00000000ae2b06f5) +kernel stack overflow (double-fault): 0000 [#1] SMP NOPTI +RIP: 0010:kvm_set_irq+0x51/0x160 [kvm] +Call Trace: + irqfd_resampler_ack+0x32/0x90 [kvm] + kvm_notify_acked_irq+0x62/0xd0 [kvm] + kvm_ioapic_update_eoi_one.isra.0+0x30/0x120 [kvm] + ioapic_set_irq+0x20e/0x240 [kvm] + kvm_ioapic_set_irq+0x5c/0x80 [kvm] + kvm_set_irq+0xbb/0x160 [kvm] + ? kvm_hv_set_sint+0x20/0x20 [kvm] + irqfd_resampler_ack+0x32/0x90 [kvm] + kvm_notify_acked_irq+0x62/0xd0 [kvm] + kvm_ioapic_update_eoi_one.isra.0+0x30/0x120 [kvm] + ioapic_set_irq+0x20e/0x240 [kvm] + kvm_ioapic_set_irq+0x5c/0x80 [kvm] + kvm_set_irq+0xbb/0x160 [kvm] + ? kvm_hv_set_sint+0x20/0x20 [kvm] +.... + +The re-entrancy happens because the irq state is the OR of +the interrupt state and the resamplefd state. That is, we don't +want to show the state as 0 until we've had a chance to set the +resamplefd. But if the interrupt has _not_ gone low then +ioapic_set_irq is invoked again, causing an infinite loop. + +This can only happen for a level-triggered interrupt, otherwise +irqfd_inject would immediately set the KVM_USERSPACE_IRQ_SOURCE_ID high +and then low. Fortunately, in the case of level-triggered interrupts the VMEXIT already happens because +TMR is set. Thus, fix the bug by restricting the lazy invocation +of the ack notifier to edge-triggered interrupts, the only ones that +need it. + +Tested-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com> +Reported-by: borisvk@bstnet.org +Suggested-by: Paolo Bonzini <pbonzini@redhat.com> +Link: https://www.spinics.net/lists/kvm/msg213512.html +Fixes: f458d039db7e ("kvm: ioapic: Lazy update IOAPIC EOI") +Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=207489 +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> +--- + arch/x86/kvm/ioapic.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/arch/x86/kvm/ioapic.c b/arch/x86/kvm/ioapic.c +index 750ff0b29404..d057376bd3d3 100644 +--- a/arch/x86/kvm/ioapic.c ++++ b/arch/x86/kvm/ioapic.c +@@ -225,12 +225,12 @@ static int ioapic_set_irq(struct kvm_ioapic *ioapic, unsigned int irq, + } + + /* +- * AMD SVM AVIC accelerate EOI write and do not trap, +- * in-kernel IOAPIC will not be able to receive the EOI. +- * In this case, we do lazy update of the pending EOI when +- * trying to set IOAPIC irq. ++ * AMD SVM AVIC accelerate EOI write iff the interrupt is edge ++ * triggered, in which case the in-kernel IOAPIC will not be able ++ * to receive the EOI. In this case, we do a lazy update of the ++ * pending EOI when trying to set IOAPIC irq. + */ +- if (kvm_apicv_activated(ioapic->kvm)) ++ if (edge && kvm_apicv_activated(ioapic->kvm)) + ioapic_lazy_update_eoi(ioapic, irq); + + /* +-- +cgit v1.2.3-1-gf6bb5 + @@ -19,7 +19,7 @@ _pkgbase=linux-hardened pkgbase=linux-libre-hardened _supver=5 _majver=6 -_minver=10 +_minver=11 _hardenedver=a _gccpatchver='20191217' _gccpatchger='9.1' @@ -48,6 +48,7 @@ _gnupkgver=${_pkgver}-gnu source=( https://linux-libre.fsfla.org/pub/linux-libre/releases/${_gnumajver}/linux-libre-${_gnumajver}.tar.xz{,.sign} https://github.com/anthraxx/${_pkgbase}/releases/download/${pkgver}/${_pkgbase}-${pkgver}.patch{,.sig} + 0002-kvm-ioapic-Restrict-lazy-EOI-update-to-edge-triggered-interrupts.patch graysky_bdver2-hotfix.patch kernel_gcc_patch-${_gccpatchver}.tar.gz::https://github.com/graysky2/kernel_gcc_patch/archive/${_gccpatchver}.tar.gz ath9k-regdom-hack.patch @@ -64,15 +65,16 @@ validpgpkeys=( ) b2sums=('921a3836ffbd5ababb897b8d923ab3e97c10c39b8d01060fe41742005f8111b5c2c9e76c9b7bcf4fe59a056454a364eca5df8006ca8a174205df152007e18dff' 'SKIP' - '41ad3e8d4fde376da8dd0e7f52fdcb807bcaf8acf178a515754617bc8f351fd2f231ecee843e112a309acf5105aa344a5f9073bc1fccdd041dcebbb21cd8e38c' + 'e1e3319e5e539efb5095e41aeba7d1f4dc290773d3279c6c2c5ae739040fb369e557b8e71176bafe877251c8914c789b912486328258e3968d69998d3d53c711' 'SKIP' + 'a620c0ea33d0613916d1876de0d2e2f6ac501ff264d1ee4ce63ba9792d5c05268694c27d94d250d42826e05f8893b4f19c305d1ac8a37fc9c6935b1abe4feab0' '1892bd22775eac3bcc4d37f4fd30c95346bf3a0888cbbff57fd614973b525390dff2e315ce35b2e498523cceaab94ff21a80475dee8df3de4dd8fc0fab07d74e' 'd76bd0bf237ea2bb7999fd3715cb664d89148cb0ade8057d57cdb40bc0a7954336e50ee077312e5e192398b0f35f055786deb98af9130d57e60f2ea040fbb66f' '2e58bb89b247b1678355368956e67c1de51fcde97a227b2162f6771e30f17fa5520faafe7be4b6816a542e7ae10d05f64c6b6354f352c12746d4b8da632936dd' 'fde132f3705d908e6f2147c78a2193289916d72304ca5efa2229d79fc3e57a857314ce94e71425caef2f7f7b6cf87f05ef86335dc8bd4be78e7035afe608005a' '26722fd089d161b50702718cd5e6a85a8aac971ef3af3168b6854bfc450e7cfb58307956d7f73ed051a74a3e09ee6e91979bcf911d68885d4e604e36c90eecd2' 'b4e1377d97ad7e8144d6e55b6d43731e3271a5aec65b65ca6d81026a95f15f549b9303fb3c6f492099ca691e3f65f4cf7f0c3aa742df03b396d7f6d81813aa95' - 'fbd6b0f56376b1bb61ecec983fef838d8533099d38a7e1f0d0102d03aa27c14128341df887e9ec6e5114d3a2414b193cf6f990f9fb754ee75999b7c42e46fb2d' + 'aae9916c6bf8a8673d8b48c3699e07849be677483e3ec2845b02067bab1067b3c002f73038958085c0cb6e9c98f1fac63fdd4fa37abecd645b6499916e1ea41b' 'SKIP') export KBUILD_BUILD_HOST=$pkgbase @@ -91,6 +93,7 @@ prepare() { # Hotfixes echo "Applying hotfixes" + patch -p1 -i ../0002-kvm-ioapic-Restrict-lazy-EOI-update-to-edge-triggered-interrupts.patch patch -p1 -i ../sphinx-workaround.patch |