Focal linux-azure: Vm crash on Dv5/Ev5
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Medium
|
Tim Gardner | ||
linux-azure (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Medium
|
Tim Gardner |
Bug Description
SRU Justification
[Impact]
We are seeing a below crash for Nested VM scenario in Dv5/Ev5.
[ 284.769421] ------------[ cut here ]------------
[ 284.769422] KVM: accessing unsupported EVMCS field 2032
[ 284.769443] WARNING: CPU: 30 PID: 8426 at /build/
[ 284.769443] Modules linked in: vhost_net vhost tap ipt_REJECT nf_reject_ipv4 xt_tcpudp iptable_filter xt_MASQUERADE iptable_nat nf_nat bridge stp llc xt_owner xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_security bpfilter udf crc_itu_t nls_iso8859_1 kvm_intel kvm serio_raw hv_balloon joydev sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_
[ 284.769463] CPU: 30 PID: 8426 Comm: qemu-system-x86 Not tainted 5.4.0-1062-azure #65~18.04.1-Ubuntu
[ 284.769464] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 07/22/2021
[ 284.769467] RIP: 0010:evmcs_
[ 284.769469] Code: c2 f7 d0 21 81 38 03 00 00 5d c3 80 3d 1c 32 03 00 00 75 f5 48 89 fe 48 c7 c7 f8 63 57 c0 c6 05 09 32 03 00 01 e8 eb d1 53 cd <0f> 0b 5d c3 0f 1f 80 00 00 00 00 0f 1f 44 00 00 48 8b 07 80 b8 ea
[ 284.769469] RSP: 0018:ffffb75a03
[ 284.769471] RAX: 0000000000000000 RBX: ffff8e126a9e8000 RCX: 0000000000000006
[ 284.769471] RDX: 0000000000000007 RSI: 0000000000000082 RDI: ffff8e12dfb96580
[ 284.769472] RBP: ffffb75a03f0fb68 R08: 000000000000022b R09: 0000000000000004
[ 284.769472] R10: ffffb75a03f0fcf8 R11: 0000000000000001 R12: 000000000000001e
[ 284.769473] R13: fffffe00005fd000 R14: 0000000000000000 R15: 0000000000000000
[ 284.769474] FS: 00007f4bc4c0970
[ 284.769476] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 284.769477] CR2: 00007f3fddb8eba0 CR3: 0000003f69dbe002 CR4: 0000000000372ee0
[ 284.769478] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 284.769478] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 284.769479] Call Trace:
[ 284.769485] vmx_vcpu_
[ 284.769488] vmx_vcpu_
[ 284.769493] ? __memcg_
[ 284.769495] ? __alloc_
[ 284.769499] vmx_create_
[ 284.769500] ? __get_free_
[ 284.769504] ? alloc_loaded_
[ 284.769507] ? vmx_create_
[ 284.769528] kvm_arch_
[ 284.769538] kvm_vm_
[ 284.769542] do_vfs_
[ 284.769545] ? __switch_
[ 284.769546] ? __switch_
[ 284.769547] ? __switch_
[ 284.769548] ? __switch_
[ 284.769550] ? __switch_
[ 284.769551] ? __switch_
[ 284.769552] ? __switch_
[ 284.769553] ? __switch_
[ 284.769554] ? __switch_
[ 284.769555] ksys_ioctl+
[ 284.769556] ? __switch_
[ 284.769557] __x64_sys_
[ 284.769559] do_syscall_
[ 284.769561] entry_SYSCALL_
[ 284.769562] RIP: 0033:0x7f4bcf01d317
[ 284.769563] Code: b3 66 90 48 8b 05 71 4b 2d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 41 4b 2d 00 f7 d8 64 89 01 48
[ 284.769564] RSP: 002b:00007f4bc4
[ 284.769565] RAX: ffffffffffffffda RBX: 000000000000ae41 RCX: 00007f4bcf01d317
[ 284.769566] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 000000000000000b
[ 284.769566] RBP: 0000000000000000 R08: 00005596f71e0ec0 R09: 00005596f896c170
[ 284.769567] R10: 00005596f77fb8e0 R11: 0000000000000246 R12: 00005596f892ae90
[ 284.769568] R13: 0000000000000000 R14: 00005596f896c170 R15: 00007fffa5dffce0
[ 284.769569] ---[ end trace 481983b25fa8f1f4 ]---
[ 284.795366] set kvm_intel.
[Fix]
55d2eba8e7cd ("jump_label: Fix usage in module __init")
064eedf2c50f ("KVM: VMX: eVMCS: make evmcs_sanitize_
[Test Case]
Create a nested VM on an Azure Dv5/Ev5 instance.
[Where things could go wrong]
KVM instance creation could fail in other unusual ways.
[Other info]
SF: #00322790
CVE References
Changed in linux (Ubuntu Focal): | |
status: | Incomplete → In Progress |
importance: | Undecided → Medium |
assignee: | nobody → Tim Gardner (timg-tpi) |
Changed in linux (Ubuntu): | |
status: | Incomplete → Fix Released |
Changed in linux-azure (Ubuntu): | |
status: | New → Fix Released |
Changed in linux-azure (Ubuntu Focal): | |
status: | New → In Progress |
importance: | Undecided → Medium |
assignee: | nobody → Tim Gardner (timg-tpi) |
tags: | added: bot-stop-nagging |
Changed in linux (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:
apport-collect 1950462
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.