Greetings My Dear Friend,
Before I introduce myself, I wish to inform you that this letter is not a
hoax mail and I urge you to treat it serious. This letter must come to you
as a big surprise, but I believe it is only a day that people meet and
become great friends and business partners. Please I want you to read this
letter very carefully and I must apologize for barging this message into
your mail box without any formal introduction due to the urgency and
confidentiality of this business and I know that this message will come to
you as a surprise. Please
this is not a joke and I will not like you to joke with it ok, With due
respect to your person and much sincerity of purpose, I make this contact
with you as I believe that you can be of great assistance to me. My name is
DR.ADAMA ALI, from Burkina Faso, West Africa. I work in Bank Of Africa
(BOA) as telex manager, please see this as a confidential message and do
not reveal it to another person and let me know whether you can be of
assistance regarding my proposal below because it is top secret.
I am about to retire from active Banking service to start a new life but I
am skeptical to reveal this particular secret to a stranger. You must
assure me that everything will be handled confidentially because we are not
going to suffer again in life. It has been 10 years now that most of the
greedy African Politicians used our bank to launder money overseas through
the help of their Political advisers. Most of the funds which they
transferred out of the shores of Africa were gold and oil money that was
supposed to have been used to develop the continent. Their Political
advisers always inflated the amounts before transferring to foreign
accounts, so I also used the opportunity to divert part of the funds hence
I am aware that there is no official trace of how much was transferred as
all the accounts used for such transfers were being closed after transfer.
I acted as the Bank Officer to most of the politicians and when I
discovered that they were using me to succeed in their greedy act; I also
cleaned some of their banking records from the Bank files and no one cared
to ask me
because the money was too much for them to control. They laundered over
$5billion Dollars during the process.Before I send this message to you, I
have already diverted ($10.5million Dollars) to an escrow account belonging
to no one in the bank. The bank is anxious now to know who the beneficiary
to the funds is because they have made a lot of profits with the funds. It
is more than Eight years now and most of the politicians are no longer
using our bank to transfer funds overseas. The ($10.5million Dollars) has
been laying waste in our bank and I don’t want to retire from the bank
without transferring the funds to a foreign account to enable me share the
proceeds with the receiver (a foreigner). The money will be shared 60% for
me and 40% for you. There is no one coming to ask you about the funds
because I secured everything. I only want you to assist me by providing a
reliable bank account where the funds can be transferred.
You are not to face any difficulties or legal implications as I am going to
handle the transfer personally. If you are capable of receiving the funds,
do let me know immediately to enable me give you a detailed information on
what to do. For me, I have not stolen the money from anyone because the
other people that took the whole money did not face any problems. This is
my chance to grab my own life opportunity but you must keep the details of
the funds secret to avoid any leakages as no one in the bank knows about my
plans Please get back to me if you are interested and capable to handle
this project, I shall intimate you on what to do when I hear from your
confirmation and acceptance.If you are capable of being my trusted
associate do declare your consent to me. I am looking forward to hear from
you immediately for further information.
Thanks with my best regards.
DR.ADAMA ALI
Telex Manager
Bank Of Africa(BOA)
Burkina Faso
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 423ecfea77dda83823c71b0fad1c2ddb2af1e5fc Mon Sep 17 00:00:00 2001
From: Sean Christopherson <seanjc(a)google.com>
Date: Wed, 20 Apr 2022 01:37:31 +0000
Subject: [PATCH] KVM: x86: Pend KVM_REQ_APICV_UPDATE during vCPU creation to
fix a race
Make a KVM_REQ_APICV_UPDATE request when creating a vCPU with an
in-kernel local APIC and APICv enabled at the module level. Consuming
kvm_apicv_activated() and stuffing vcpu->arch.apicv_active directly can
race with __kvm_set_or_clear_apicv_inhibit(), as vCPU creation happens
before the vCPU is fully onlined, i.e. it won't get the request made to
"all" vCPUs. If APICv is globally inhibited between setting apicv_active
and onlining the vCPU, the vCPU will end up running with APICv enabled
and trigger KVM's sanity check.
Mark APICv as active during vCPU creation if APICv is enabled at the
module level, both to be optimistic about it's final state, e.g. to avoid
additional VMWRITEs on VMX, and because there are likely bugs lurking
since KVM checks apicv_active in multiple vCPU creation paths. While
keeping the current behavior of consuming kvm_apicv_activated() is
arguably safer from a regression perspective, force apicv_active so that
vCPU creation runs with deterministic state and so that if there are bugs,
they are found sooner than later, i.e. not when some crazy race condition
is hit.
WARNING: CPU: 0 PID: 484 at arch/x86/kvm/x86.c:9877 vcpu_enter_guest+0x2ae3/0x3ee0 arch/x86/kvm/x86.c:9877
Modules linked in:
CPU: 0 PID: 484 Comm: syz-executor361 Not tainted 5.16.13 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1~cloud0 04/01/2014
RIP: 0010:vcpu_enter_guest+0x2ae3/0x3ee0 arch/x86/kvm/x86.c:9877
Call Trace:
<TASK>
vcpu_run arch/x86/kvm/x86.c:10039 [inline]
kvm_arch_vcpu_ioctl_run+0x337/0x15e0 arch/x86/kvm/x86.c:10234
kvm_vcpu_ioctl+0x4d2/0xc80 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3727
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:874 [inline]
__se_sys_ioctl fs/ioctl.c:860 [inline]
__x64_sys_ioctl+0x16d/0x1d0 fs/ioctl.c:860
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x38/0x90 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
The bug was hit by a syzkaller spamming VM creation with 2 vCPUs and a
call to KVM_SET_GUEST_DEBUG.
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000000)) (async)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x400000000000002)
ioctl$KVM_SET_GUEST_DEBUG(r3, 0x4048ae9b, &(0x7f00000000c0)={0x5dda9c14aa95f5c5})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
Reported-by: Gaoning Pan <pgn(a)zju.edu.cn>
Reported-by: Yongkang Jia <kangel(a)zju.edu.cn>
Fixes: 8df14af42f00 ("kvm: x86: Add support for dynamic APICv activation")
Cc: stable(a)vger.kernel.org
Cc: Maxim Levitsky <mlevitsk(a)redhat.com>
Signed-off-by: Sean Christopherson <seanjc(a)google.com>
Reviewed-by: Maxim Levitsky <mlevitsk(a)redhat.com>
Message-Id: <20220420013732.3308816-4-seanjc(a)google.com>
Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com>
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index d54d4a67b226..9c02217c1e47 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -11189,8 +11189,21 @@ int kvm_arch_vcpu_create(struct kvm_vcpu *vcpu)
r = kvm_create_lapic(vcpu, lapic_timer_advance_ns);
if (r < 0)
goto fail_mmu_destroy;
- if (kvm_apicv_activated(vcpu->kvm))
+
+ /*
+ * Defer evaluating inhibits until the vCPU is first run, as
+ * this vCPU will not get notified of any changes until this
+ * vCPU is visible to other vCPUs (marked online and added to
+ * the set of vCPUs). Opportunistically mark APICv active as
+ * VMX in particularly is highly unlikely to have inhibits.
+ * Ignore the current per-VM APICv state so that vCPU creation
+ * is guaranteed to run with a deterministic value, the request
+ * will ensure the vCPU gets the correct state before VM-Entry.
+ */
+ if (enable_apicv) {
vcpu->arch.apicv_active = true;
+ kvm_make_request(KVM_REQ_APICV_UPDATE, vcpu);
+ }
} else
static_branch_inc(&kvm_has_noapic_vcpu);