Re: [PATCH 22/43] KVM: nVMX: Don't dump VMCS if virtual APIC page can't be mapped
From: Radim KrÄmÃÅ
Date: Mon Jun 17 2019 - 15:22:26 EST
2019-06-13 19:03+0200, Paolo Bonzini:
> From: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
>
> ... as a malicious userspace can run a toy guest to generate invalid
> virtual-APIC page addresses in L1, i.e. flood the kernel log with error
> messages.
>
> Fixes: 690908104e39d ("KVM: nVMX: allow tests to use bad virtual-APIC page address")
> Cc: stable@xxxxxxxxxxxxxxx
> Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
> Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
> Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
> ---
Makes me wonder why it looks like this in kvm/queue. :)
commit 1971a835297f9098ce5a735d38916830b8313a65
Author: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
AuthorDate: Tue May 7 09:06:26 2019 -0700
Commit: Paolo Bonzini <pbonzini@xxxxxxxxxx>
CommitDate: Thu Jun 13 16:23:13 2019 +0200
KVM: nVMX: Don't dump VMCS if virtual APIC page can't be mapped
... as a malicious userspace can run a toy guest to generate invalid
virtual-APIC page addresses in L1, i.e. flood the kernel log with error
messages.
Fixes: 690908104e39d ("KVM: nVMX: allow tests to use bad virtual-APIC page address")
Cc: stable@xxxxxxxxxxxxxxx
Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>