Commit 02dc2543 authored Aug 17, 2023 by Sean Christopherson

KVM: selftests: Explicit set #UD when potentially injecting exception

Explicitly set the exception vector to #UD when potentially injecting an
exception in sync_regs_test's subtests that try to detect TOCTOU bugs
in KVM's handling of exceptions injected by userspace. A side effect of
the original KVM bug was that KVM would clear the vector, but relying on
KVM to clear the vector (i.e. make it #DE) makes it less likely that the
test would ever find *new* KVM bugs, e.g. because only the first iteration
would run with a legal vector to start.

Explicitly inject #UD for race_events_inj_pen() as well, e.g. so that it
doesn't inherit the illegal 255 vector from race_events_exc(), which
currently runs first.

Link: https://lore.kernel.org/r/20230817233430.1416463-3-seanjc@google.com

Signed-off-by: Sean Christopherson <seanjc@google.com>

parent 5002b112

tools/testing/selftests/kvm/x86_64/sync_regs_test.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -91,6 +91,8 @@ static void race_events_inj_pen(void arg)
		struct kvm_run run = (struct kvm_run )arg;
		struct kvm_vcpu_events *events = &run->s.regs.events;

		WRITE_ONCE(events->exception.nr, UD_VECTOR);

		for (;;) {
		WRITE_ONCE(run->kvm_dirty_regs, KVM_SYNC_X86_EVENTS);
		WRITE_ONCE(events->flags, 0);
		@@ -115,6 +117,7 @@ static void race_events_exc(void arg)
		for (;;) {
		WRITE_ONCE(run->kvm_dirty_regs, KVM_SYNC_X86_EVENTS);
		WRITE_ONCE(events->flags, 0);
		WRITE_ONCE(events->exception.nr, UD_VECTOR);
		WRITE_ONCE(events->exception.pending, 1);
		WRITE_ONCE(events->exception.nr, 255);