2019-06-13 19:03+0200, Paolo Bonzini:
From: Sean Christopherson sean.j.christopherson@intel.com
... as a malicious userspace can run a toy guest to generate invalid virtual-APIC page addresses in L1, i.e. flood the kernel log with error messages.
Fixes: 690908104e39d ("KVM: nVMX: allow tests to use bad virtual-APIC page address") Cc: stable@vger.kernel.org Cc: Paolo Bonzini pbonzini@redhat.com Signed-off-by: Sean Christopherson sean.j.christopherson@intel.com Signed-off-by: Paolo Bonzini pbonzini@redhat.com
Makes me wonder why it looks like this in kvm/queue. :)
commit 1971a835297f9098ce5a735d38916830b8313a65 Author: Sean Christopherson sean.j.christopherson@xxxxxxxxx AuthorDate: Tue May 7 09:06:26 2019 -0700 Commit: Paolo Bonzini pbonzini@redhat.com CommitDate: Thu Jun 13 16:23:13 2019 +0200
KVM: nVMX: Don't dump VMCS if virtual APIC page can't be mapped
... as a malicious userspace can run a toy guest to generate invalid virtual-APIC page addresses in L1, i.e. flood the kernel log with error messages.
Fixes: 690908104e39d ("KVM: nVMX: allow tests to use bad virtual-APIC page address") Cc: stable@xxxxxxxxxxxxxxx Cc: Paolo Bonzini pbonzini@xxxxxxxxxx Signed-off-by: Sean Christopherson sean.j.christopherson@xxxxxxxxx Signed-off-by: Paolo Bonzini pbonzini@redhat.com