CVE-2022-48765

In the Linux kernel, the following vulnerability has been resolved: KVM:
LAPIC: Also cancel preemption timer during SET_LAPIC The below warning is
splatting during guest reboot. ------------[ cut here ]------------
WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322
kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm:
qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP:
0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace: <TASK>
kvm_vcpu_ioctl+0x279/0x710 [kvm] __x64_sys_ioctl+0x83/0xb0
do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP:
0033:0x7fd39797350b This can be triggered by not exposing tsc-deadline mode
and doing a reboot in the guest. The lapic_shutdown() function which is
called in sys_reboot path will not disarm the flying timer, it just masks
LVTT. lapic_shutdown() clears APIC state w/ LVT_MASKED and timer-mode bit
is 0, this can trigger timer-mode switch between tsc-deadline and
oneshot/periodic, which can result in preemption timer be cancelled in
apic_update_lvtt(). However, We can’t depend on this when not exposing
tsc-deadline mode and oneshot/periodic modes emulated by preemption timer.
Qemu will synchronise states around reset, let’s cancel preemption timer
under KVM_SET_LAPIC.