From: Sean Christopherson sean.j.christopherson@intel.com
... as a malicious userspace can run a toy guest to generate invalid virtual-APIC page addresses in L1, i.e. flood the kernel log with error messages.
Fixes: 690908104e39d ("KVM: nVMX: allow tests to use bad virtual-APIC page address") Cc: stable@vger.kernel.org Cc: Paolo Bonzini pbonzini@redhat.com Signed-off-by: Sean Christopherson sean.j.christopherson@intel.com Signed-off-by: Paolo Bonzini pbonzini@redhat.com --- arch/x86/kvm/vmx/nested.c | 3 --- 1 file changed, 3 deletions(-)
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 9478d8947595..0f4cb473bd36 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -2880,9 +2880,6 @@ static void nested_get_vmcs12_pages(struct kvm_vcpu *vcpu) */ vmcs_clear_bits(CPU_BASED_VM_EXEC_CONTROL, CPU_BASED_TPR_SHADOW); - } else { - printk("bad virtual-APIC page address\n"); - dump_vmcs(); } }
2019-06-13 19:03+0200, Paolo Bonzini:
From: Sean Christopherson sean.j.christopherson@intel.com
... as a malicious userspace can run a toy guest to generate invalid virtual-APIC page addresses in L1, i.e. flood the kernel log with error messages.
Fixes: 690908104e39d ("KVM: nVMX: allow tests to use bad virtual-APIC page address") Cc: stable@vger.kernel.org Cc: Paolo Bonzini pbonzini@redhat.com Signed-off-by: Sean Christopherson sean.j.christopherson@intel.com Signed-off-by: Paolo Bonzini pbonzini@redhat.com
Makes me wonder why it looks like this in kvm/queue. :)
commit 1971a835297f9098ce5a735d38916830b8313a65 Author: Sean Christopherson sean.j.christopherson@xxxxxxxxx AuthorDate: Tue May 7 09:06:26 2019 -0700 Commit: Paolo Bonzini pbonzini@redhat.com CommitDate: Thu Jun 13 16:23:13 2019 +0200
KVM: nVMX: Don't dump VMCS if virtual APIC page can't be mapped
... as a malicious userspace can run a toy guest to generate invalid virtual-APIC page addresses in L1, i.e. flood the kernel log with error messages.
Fixes: 690908104e39d ("KVM: nVMX: allow tests to use bad virtual-APIC page address") Cc: stable@xxxxxxxxxxxxxxx Cc: Paolo Bonzini pbonzini@xxxxxxxxxx Signed-off-by: Sean Christopherson sean.j.christopherson@xxxxxxxxx Signed-off-by: Paolo Bonzini pbonzini@redhat.com
On Mon, Jun 17, 2019 at 09:17:24PM +0200, Radim Krčmář wrote:
2019-06-13 19:03+0200, Paolo Bonzini:
From: Sean Christopherson sean.j.christopherson@intel.com
... as a malicious userspace can run a toy guest to generate invalid virtual-APIC page addresses in L1, i.e. flood the kernel log with error messages.
Fixes: 690908104e39d ("KVM: nVMX: allow tests to use bad virtual-APIC page address") Cc: stable@vger.kernel.org Cc: Paolo Bonzini pbonzini@redhat.com Signed-off-by: Sean Christopherson sean.j.christopherson@intel.com Signed-off-by: Paolo Bonzini pbonzini@redhat.com
Makes me wonder why it looks like this in kvm/queue. :)
Presumably something is wonky in Paolo's workflow, this happened before.
commit d69129b4e46a7b61dc956af038d143eb791f22c7 Author: Sean Christopherson sean.j.christopherson@xxxxxxxxx Date: Wed May 8 07:32:15 2019 -0700
KVM: nVMX: Disable intercept for FS/GS base MSRs in vmcs02 when possible
If L1 is using an MSR bitmap, unconditionally merge the MSR bitmaps from L0 and L1 for MSR_{KERNEL,}_{FS,GS}_BASE. KVM unconditionally exposes MSRs L1. If KVM is also running in L1 then it's highly likely L1 is also exposing the MSRs to L2, i.e. KVM doesn't need to intercept L2 accesses.
Based on code from Jintack Lim.
Cc: Jintack Lim jintack@xxxxxxxxxxxxxxx Signed-off-by: Sean Christopherson sean.j.christopherson@xxxxxxxxx Signed-off-by: Paolo Bonzini pbonzini@redhat.com
commit 1971a835297f9098ce5a735d38916830b8313a65 Author: Sean Christopherson sean.j.christopherson@xxxxxxxxx AuthorDate: Tue May 7 09:06:26 2019 -0700 Commit: Paolo Bonzini pbonzini@redhat.com CommitDate: Thu Jun 13 16:23:13 2019 +0200 KVM: nVMX: Don't dump VMCS if virtual APIC page can't be mapped ... as a malicious userspace can run a toy guest to generate invalid virtual-APIC page addresses in L1, i.e. flood the kernel log with error messages. Fixes: 690908104e39d ("KVM: nVMX: allow tests to use bad virtual-APIC page address") Cc: stable@xxxxxxxxxxxxxxx Cc: Paolo Bonzini pbonzini@xxxxxxxxxx Signed-off-by: Sean Christopherson sean.j.christopherson@xxxxxxxxx Signed-off-by: Paolo Bonzini pbonzini@redhat.com
On 17/06/19 22:07, Sean Christopherson wrote:
On Mon, Jun 17, 2019 at 09:17:24PM +0200, Radim Krčmář wrote:
2019-06-13 19:03+0200, Paolo Bonzini:
From: Sean Christopherson sean.j.christopherson@intel.com
... as a malicious userspace can run a toy guest to generate invalid virtual-APIC page addresses in L1, i.e. flood the kernel log with error messages.
Fixes: 690908104e39d ("KVM: nVMX: allow tests to use bad virtual-APIC page address") Cc: stable@vger.kernel.org Cc: Paolo Bonzini pbonzini@redhat.com Signed-off-by: Sean Christopherson sean.j.christopherson@intel.com Signed-off-by: Paolo Bonzini pbonzini@redhat.com
Makes me wonder why it looks like this in kvm/queue. :)
Presumably something is wonky in Paolo's workflow, this happened before.
It's more my non-workflow... when I cannot find a patch for some reason (deleted by mistake, eaten by Gmane, etc.), I search it with Google and sometimes spinics.net comes up which mangles the domain. I should just subscribe to kvm@vger.kernel.org since Gmane has gotten less reliable, or set up a Patchew instance for it.
Paolo
linux-stable-mirror@lists.linaro.org
-
Paolo Bonzini -
Radim Krčmář -
Sean Christopherson