CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2025/12/20 06:52:45
Modified files:
sys/dev/vmm : vmm.c
Log message:
Fix race in vmm(4) where
vmm(4) tracks the number of virtual machines and vcpus being emulated
at a given time. When the last known vm is terminated, it disables
virtualization extensions on all host cpus. Consequently, if the
virtualization extensions are not currently enabled on the current
host processor and a caller issues a VMM_IOC_CREATE ioctl(2), vmm(4)
will enable the extensions on all host cpus before proceeding with
creation.
The current method of counting known vm's races with this check. A
caller issuing a VMM_IOC_CREATE ioctl(2) may be past the initial
check for extensions being active while another caller issuing a
VMM_IOC_TERM may be terminating the only running virtual machine.
The counter will reach zero, and the caller in the VMM_IOC_TERM
path will trigger the host-wide deactivation.
On Intel machines, this results in the vcpu initialization code
(executed by the VMM_IOC_CREATE caller) producing #UD as VMX-specific
instructions trap when VMX mode is not enabled on the cpu.
To fix the race, this change pulls the global counter incrementing
up to the top of the vm_create function making the counter non-zero
before initializing the various parts of the virtual machine. On
initialization failure, the counter is decremented. If it hits zero,
vmm_stop() is called.
ok mlarkin@
Reported-by: [email protected]
