Wind River Support Network

Description

In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid[EOL][EOL]Skip the WRMSR and HLT fastpaths in SVM's VM-Exit handler if the next RIP[EOL]isn't valid, e.g. because KVM is running with nrips=false.  SVM must[EOL]decode and emulate to skip the instruction if the CPU doesn't provide the[EOL]next RIP, and getting the instruction bytes to decode requires reading[EOL]guest memory.  Reading guest memory through the emulator can fault, i.e.[EOL]can sleep, which is disallowed since the fastpath handlers run with IRQs[EOL]disabled.[EOL][EOL] BUG: sleeping function called from invalid context at ./include/linux/uaccess.h:106[EOL] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 32611, name: qemu[EOL] preempt_count: 1, expected: 0[EOL] INFO: lockdep is turned off.[EOL] irq event stamp: 30580[EOL] hardirqs last  enabled at (30579): [<ffffffffc08b2527>] vcpu_run+0x1787/0x1db0 [kvm][EOL] hardirqs last disabled at (30580): [<ffffffffb4f62e32>] __schedule+0x1e2/0xed0[EOL] softirqs last  enabled at (30570): [<ffffffffb4247a64>] fpu_swap_kvm_fpstate+0x44/0x210[EOL] softirqs last disabled at (30568): [<ffffffffb4247a64>] fpu_swap_kvm_fpstate+0x44/0x210[EOL] CPU: 298 UID: 0 PID: 32611 Comm: qemu Tainted: G     U              6.16.0-smp--e6c618b51cfe-sleep #782 NONE[EOL] Tainted: [U]=USER[EOL] Hardware name: Google Astoria-Turin/astoria, BIOS 0.20241223.2-0 01/17/2025[EOL] Call Trace:[EOL]  <TASK>[EOL]  dump_stack_lvl+0x7d/0xb0[EOL]  __might_resched+0x271/0x290[EOL]  __might_fault+0x28/0x80[EOL]  kvm_vcpu_read_guest_page+0x8d/0xc0 [kvm][EOL]  kvm_fetch_guest_virt+0x92/0xc0 [kvm][EOL]  __do_insn_fetch_bytes+0xf3/0x1e0 [kvm][EOL]  x86_decode_insn+0xd1/0x1010 [kvm][EOL]  x86_emulate_instruction+0x105/0x810 [kvm][EOL]  __svm_skip_emulated_instruction+0xc4/0x140 [kvm_amd][EOL]  handle_fastpath_invd+0xc4/0x1a0 [kvm][EOL]  vcpu_run+0x11a1/0x1db0 [kvm][EOL]  kvm_arch_vcpu_ioctl_run+0x5cc/0x730 [kvm][EOL]  kvm_vcpu_ioctl+0x578/0x6a0 [kvm][EOL]  __se_sys_ioctl+0x6d/0xb0[EOL]  do_syscall_64+0x8a/0x2c0[EOL]  entry_SYSCALL_64_after_hwframe+0x4b/0x53[EOL] RIP: 0033:0x7f479d57a94b[EOL]  </TASK>[EOL][EOL]Note, this is essentially a reapply of commit 5c30e8101e8d ("KVM: SVM:[EOL]Skip WRMSR fastpath on VM-Exit if next RIP isn't valid"), but with[EOL]different justification (KVM now grabs SRCU when skipping the instruction[EOL]for other reasons).