[01/15] KVM: nVMX: Don't dump VMCS if virtual APIC page can't be mapped
diff mbox series

Message ID 20190507160640.4812-2-sean.j.christopherson@intel.com
State New
Headers show
Series
  • KVM: nVMX: Optimize nested VM-Entry
Related show

Commit Message

Sean Christopherson May 7, 2019, 4:06 p.m. UTC
... as a malicious userspace can run a toy guest to generate invalid
virtual-APIC page addresses in L1, i.e. flood the kernel log with error
messages.

Fixes: 690908104e39d ("KVM: nVMX: allow tests to use bad virtual-APIC page address")
Cc: stable@vger.kernel.org
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 arch/x86/kvm/vmx/nested.c | 3 ---
 1 file changed, 3 deletions(-)

Comments

Paolo Bonzini May 7, 2019, 8:09 p.m. UTC | #1
On 07/05/19 11:06, Sean Christopherson wrote:
> ... as a malicious userspace can run a toy guest to generate invalid
> virtual-APIC page addresses in L1, i.e. flood the kernel log with error
> messages.
> 
> Fixes: 690908104e39d ("KVM: nVMX: allow tests to use bad virtual-APIC page address")
> Cc: stable@vger.kernel.org
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>

The same is true even of dump_vmcs caused by emulation failures.  I'm
thinking of just hiding dump_vmcs beneath a module parameter.

Paolo

Patch
diff mbox series

diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index 04b40a98f60b..63f2ca847f05 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -2875,9 +2875,6 @@  static void nested_get_vmcs12_pages(struct kvm_vcpu *vcpu)
 			 */
 			vmcs_clear_bits(CPU_BASED_VM_EXEC_CONTROL,
 					CPU_BASED_TPR_SHADOW);
-		} else {
-			printk("bad virtual-APIC page address\n");
-			dump_vmcs();
 		}
 	}