From: Sean Christopherson <[email protected]>
... as a malicious userspace can run a toy guest to generate invalid
virtual-APIC page addresses in L1, i.e. flood the kernel log with error
messages.
Fixes: 690908104e39d ("KVM: nVMX: allow tests to use bad virtual-APIC page address")
Cc: [email protected]
Cc: Paolo Bonzini <[email protected]>
Signed-off-by: Sean Christopherson <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
---
arch/x86/kvm/vmx/nested.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index 9478d8947595..0f4cb473bd36 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -2880,9 +2880,6 @@ static void nested_get_vmcs12_pages(struct kvm_vcpu *vcpu)
*/
vmcs_clear_bits(CPU_BASED_VM_EXEC_CONTROL,
CPU_BASED_TPR_SHADOW);
- } else {
- printk("bad virtual-APIC page address\n");
- dump_vmcs();
}
}
--
1.8.3.1
2019-06-13 19:03+0200, Paolo Bonzini:
> From: Sean Christopherson <[email protected]>
>
> ... as a malicious userspace can run a toy guest to generate invalid
> virtual-APIC page addresses in L1, i.e. flood the kernel log with error
> messages.
>
> Fixes: 690908104e39d ("KVM: nVMX: allow tests to use bad virtual-APIC page address")
> Cc: [email protected]
> Cc: Paolo Bonzini <[email protected]>
> Signed-off-by: Sean Christopherson <[email protected]>
> Signed-off-by: Paolo Bonzini <[email protected]>
> ---
Makes me wonder why it looks like this in kvm/queue. :)
commit 1971a835297f9098ce5a735d38916830b8313a65
Author: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
AuthorDate: Tue May 7 09:06:26 2019 -0700
Commit: Paolo Bonzini <[email protected]>
CommitDate: Thu Jun 13 16:23:13 2019 +0200
KVM: nVMX: Don't dump VMCS if virtual APIC page can't be mapped
... as a malicious userspace can run a toy guest to generate invalid
virtual-APIC page addresses in L1, i.e. flood the kernel log with error
messages.
Fixes: 690908104e39d ("KVM: nVMX: allow tests to use bad virtual-APIC page address")
Cc: stable@xxxxxxxxxxxxxxx
Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
Signed-off-by: Paolo Bonzini <[email protected]>
On Mon, Jun 17, 2019 at 09:17:24PM +0200, Radim Krčmář wrote:
> 2019-06-13 19:03+0200, Paolo Bonzini:
> > From: Sean Christopherson <[email protected]>
> >
> > ... as a malicious userspace can run a toy guest to generate invalid
> > virtual-APIC page addresses in L1, i.e. flood the kernel log with error
> > messages.
> >
> > Fixes: 690908104e39d ("KVM: nVMX: allow tests to use bad virtual-APIC page address")
> > Cc: [email protected]
> > Cc: Paolo Bonzini <[email protected]>
> > Signed-off-by: Sean Christopherson <[email protected]>
> > Signed-off-by: Paolo Bonzini <[email protected]>
> > ---
>
> Makes me wonder why it looks like this in kvm/queue. :)
Presumably something is wonky in Paolo's workflow, this happened before.
commit d69129b4e46a7b61dc956af038d143eb791f22c7
Author: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
Date: Wed May 8 07:32:15 2019 -0700
KVM: nVMX: Disable intercept for FS/GS base MSRs in vmcs02 when possible
If L1 is using an MSR bitmap, unconditionally merge the MSR bitmaps from
L0 and L1 for MSR_{KERNEL,}_{FS,GS}_BASE. KVM unconditionally exposes
MSRs L1. If KVM is also running in L1 then it's highly likely L1 is
also exposing the MSRs to L2, i.e. KVM doesn't need to intercept L2
accesses.
Based on code from Jintack Lim.
Cc: Jintack Lim <jintack@xxxxxxxxxxxxxxx>
Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
Signed-off-by: Paolo Bonzini <[email protected]>
>
> commit 1971a835297f9098ce5a735d38916830b8313a65
> Author: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
> AuthorDate: Tue May 7 09:06:26 2019 -0700
> Commit: Paolo Bonzini <[email protected]>
> CommitDate: Thu Jun 13 16:23:13 2019 +0200
>
> KVM: nVMX: Don't dump VMCS if virtual APIC page can't be mapped
>
> ... as a malicious userspace can run a toy guest to generate invalid
> virtual-APIC page addresses in L1, i.e. flood the kernel log with error
> messages.
>
> Fixes: 690908104e39d ("KVM: nVMX: allow tests to use bad virtual-APIC page address")
> Cc: stable@xxxxxxxxxxxxxxx
> Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
> Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
> Signed-off-by: Paolo Bonzini <[email protected]>
On 17/06/19 22:07, Sean Christopherson wrote:
> On Mon, Jun 17, 2019 at 09:17:24PM +0200, Radim Krčmář wrote:
>> 2019-06-13 19:03+0200, Paolo Bonzini:
>>> From: Sean Christopherson <[email protected]>
>>>
>>> ... as a malicious userspace can run a toy guest to generate invalid
>>> virtual-APIC page addresses in L1, i.e. flood the kernel log with error
>>> messages.
>>>
>>> Fixes: 690908104e39d ("KVM: nVMX: allow tests to use bad virtual-APIC page address")
>>> Cc: [email protected]
>>> Cc: Paolo Bonzini <[email protected]>
>>> Signed-off-by: Sean Christopherson <[email protected]>
>>> Signed-off-by: Paolo Bonzini <[email protected]>
>>> ---
>>
>> Makes me wonder why it looks like this in kvm/queue. :)
>
> Presumably something is wonky in Paolo's workflow, this happened before.
It's more my non-workflow... when I cannot find a patch for some reason
(deleted by mistake, eaten by Gmane, etc.), I search it with Google and
sometimes spinics.net comes up which mangles the domain. I should just
subscribe to [email protected] since Gmane has gotten less reliable,
or set up a Patchew instance for it.
Paolo