On Mon, 14 Apr 2025 20:12:06 +0300, Mikhail Lobanov wrote:
Previously, commit ed129ec9057f ("KVM: x86: forcibly leave nested mode on vCPU reset") addressed an issue where a triple fault occurring in nested mode could lead to use-after-free scenarios. However, the commit did not handle the analogous situation for System Management Mode (SMM).
This omission results in triggering a WARN when a vCPU reset occurs while still in SMM mode, due to the check in kvm_vcpu_reset(). This situation was reprodused using Syzkaller by:
- Creating a KVM VM and vCPU
- Sending a KVM_SMI ioctl to explicitly enter SMM
- Executing invalid instructions causing consecutive exceptions and
eventually a triple fault
[...]
Applied to kvm-x86 fixes. I massaged the shortlog+changelog, as firing INIT isn't architectural behavior, it's simply the least awful option, and more importantly, it's KVM's existing behavior.
Thanks!
[1/1] KVM: SVM: forcibly leave SMM mode on vCPU reset commit: a2620f8932fa9fdabc3d78ed6efb004ca409019f