| Message ID | 20190507160640.4812-2-sean.j.christopherson@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | KVM: nVMX: Optimize nested VM-Entry | expand |
On 07/05/19 11:06, Sean Christopherson wrote: > ... as a malicious userspace can run a toy guest to generate invalid > virtual-APIC page addresses in L1, i.e. flood the kernel log with error > messages. > > Fixes: 690908104e39d ("KVM: nVMX: allow tests to use bad virtual-APIC page address") > Cc: stable@vger.kernel.org > Cc: Paolo Bonzini <pbonzini@redhat.com> > Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> The same is true even of dump_vmcs caused by emulation failures. I'm thinking of just hiding dump_vmcs beneath a module parameter. Paolo
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 04b40a98f60b..63f2ca847f05 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -2875,9 +2875,6 @@ static void nested_get_vmcs12_pages(struct kvm_vcpu *vcpu) */ vmcs_clear_bits(CPU_BASED_VM_EXEC_CONTROL, CPU_BASED_TPR_SHADOW); - } else { - printk("bad virtual-APIC page address\n"); - dump_vmcs(); } }
... as a malicious userspace can run a toy guest to generate invalid virtual-APIC page addresses in L1, i.e. flood the kernel log with error messages. Fixes: 690908104e39d ("KVM: nVMX: allow tests to use bad virtual-APIC page address") Cc: stable@vger.kernel.org Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> --- arch/x86/kvm/vmx/nested.c | 3 --- 1 file changed, 3 deletions(-)