In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
| linux | | https://git.kernel.org/linus/35fe7cfbab2e81f1afb23fc4212210b1de6d9633 | https://git.kernel.org/linus/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
IntheLinuxkernel,thefollowingvulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can't depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let's cancel preemption timerunder KVM_SET_LAPIC.The Linux kernel CVE team has assigned CVE-2022-48765 to this issue.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
| linux | | https://git.kernel.org/linus/35fe7cfbab2e81f1afb23fc4212210b1de6d9633 | https://git.kernel.org/linus/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can't depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let's cancel preemption timerunder KVM_SET_LAPIC.The Linux kernel CVE team has assigned CVE-2022-48765 to this issue.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
| linux | | https://git.kernel.org/linus/35fe7cfbab2e81f1afb23fc4212210b1de6d9633 | https://git.kernel.org/linus/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can't depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let's cancel preemption timerunder KVM_SET_LAPIC.The Linux kernel CVE team has assigned CVE-2022-48765 to this issue.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
| linux | | https://git.kernel.org/linus/35fe7cfbab2e81f1afb23fc4212210b1de6d9633 | https://git.kernel.org/linus/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can't depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let's cancel preemption timerunder KVM_SET_LAPIC.The Linux kernel CVE team has assigned CVE-2022-48765 to this issue.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
| linux | | https://git.kernel.org/linus/35fe7cfbab2e81f1afb23fc4212210b1de6d9633 | https://git.kernel.org/linus/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can't depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let's cancel preemption timerunder KVM_SET_LAPIC.The Linux kernel CVE team has assigned CVE-2022-48765 to this issue.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
| linux | | https://git.kernel.org/linus/35fe7cfbab2e81f1afb23fc4212210b1de6d9633 | https://git.kernel.org/linus/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can't depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let's cancel preemption timerunder KVM_SET_LAPIC.The Linux kernel CVE team has assigned CVE-2022-48765 to this issue.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
| linux | | https://git.kernel.org/linus/35fe7cfbab2e81f1afb23fc4212210b1de6d9633 | https://git.kernel.org/linus/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can't depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let's cancel preemption timerunder KVM_SET_LAPIC.The Linux kernel CVE team has assigned CVE-2022-48765 to this issue.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
| linux | | https://git.kernel.org/linus/35fe7cfbab2e81f1afb23fc4212210b1de6d9633 | https://git.kernel.org/linus/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0PID: 1931 Comm: qemu-system-x86 Tainted: GI5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing areboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can't depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let's cancel preemption timerunder KVM_SET_LAPIC.The Linux kernel CVE team has assigned CVE-2022-48765 to this issue.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
| linux | | https://git.kernel.org/linus/35fe7cfbab2e81f1afb23fc4212210b1de6d9633 | https://git.kernel.org/linus/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU:0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU:0 PID: 1931 Comm: qemu-system-x86 Tainted:GI 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doinga reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can't depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let's cancel preemption timerunder KVM_SET_LAPIC.The Linux kernel CVE team has assigned CVE-2022-48765 to this issue.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
| linux | | https://git.kernel.org/linus/35fe7cfbab2e81f1afb23fc4212210b1de6d9633 | https://git.kernel.org/linus/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0PID: 1931 Comm: qemu-system-x86 Tainted: GI5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing areboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can't depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let's cancel preemption timerunder KVM_SET_LAPIC.The Linux kernel CVE team has assigned CVE-2022-48765 to this issue.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
| linux | | https://git.kernel.org/linus/35fe7cfbab2e81f1afb23fc4212210b1de6d9633 | https://git.kernel.org/linus/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU:0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU:0 PID: 1931 Comm: qemu-system-x86 Tainted:GI 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doinga reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can't depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let's cancel preemption timerunder KVM_SET_LAPIC.The Linux kernel CVE team has assigned CVE-2022-48765 to this issue.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
| linux | | https://git.kernel.org/linus/35fe7cfbab2e81f1afb23fc4212210b1de6d9633 | https://git.kernel.org/linus/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0PID: 1931 Comm: qemu-system-x86 Tainted: GI5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing areboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can't depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let's cancel preemption timerunder KVM_SET_LAPIC.The Linux kernel CVE team has assigned CVE-2022-48765 to this issue.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
| linux | | https://git.kernel.org/linus/35fe7cfbab2e81f1afb23fc4212210b1de6d9633 | https://git.kernel.org/linus/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU:0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU:0 PID: 1931 Comm: qemu-system-x86 Tainted:GI 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doinga reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can't depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let's cancel preemption timerunder KVM_SET_LAPIC.The Linux kernel CVE team has assigned CVE-2022-48765 to this issue.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
| linux | | https://git.kernel.org/linus/35fe7cfbab2e81f1afb23fc4212210b1de6d9633 | https://git.kernel.org/linus/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0PID: 1931 Comm: qemu-system-x86 Tainted: GI5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing areboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can't depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let's cancel preemption timerunder KVM_SET_LAPIC.The Linux kernel CVE team has assigned CVE-2022-48765 to this issue.
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doing a reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can t depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let s cancel preemption timerunder KVM_SET_LAPIC.
| linux | | https://git.kernel.org/linus/35fe7cfbab2e81f1afb23fc4212210b1de6d9633 | https://git.kernel.org/linus/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:KVM: LAPIC: Also cancel preemption timer during SET_LAPICThe below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU:0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU:0 PID: 1931 Comm: qemu-system-x86 Tainted:GI 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK> kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd39797350bThis can be triggered by not exposing tsc-deadline mode and doinga reboot inthe guest. The lapic_shutdown() function which is called in sys_reboot pathwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clearsAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-modeswitch between tsc-deadline and oneshot/periodic, which can result in preemptiontimer be cancelled in apic_update_lvtt(). However, We can't depend on this whennot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemptiontimer. Qemu will synchronise states around reset, let's cancel preemption timerunder KVM_SET_LAPIC.The Linux kernel CVE team has assigned CVE-2022-48765 to this issue.
