lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <174559665447.890486.10602051835802598167.b4-ty@google.com>
Date: Fri, 25 Apr 2025 15:08:58 -0700
From: Sean Christopherson <seanjc@...gle.com>
To: Sean Christopherson <seanjc@...gle.com>, Mikhail Lobanov <m.lobanov@...a.ru>
Cc: Paolo Bonzini <pbonzini@...hat.com>, Thomas Gleixner <tglx@...utronix.de>, 
	Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, 
	Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org, 
	"H. Peter Anvin" <hpa@...or.com>, Maxim Levitsky <mlevitsk@...hat.com>, kvm@...r.kernel.org, 
	linux-kernel@...r.kernel.org, lvc-project@...uxtesting.org, 
	stable@...r.kernel.org
Subject: Re: [PATCH v3] KVM: SVM: forcibly leave SMM mode on vCPU reset

On Mon, 14 Apr 2025 20:12:06 +0300, Mikhail Lobanov wrote:
> Previously, commit ed129ec9057f ("KVM: x86: forcibly leave nested mode
> on vCPU reset") addressed an issue where a triple fault occurring in
> nested mode could lead to use-after-free scenarios. However, the commit
> did not handle the analogous situation for System Management Mode (SMM).
> 
> This omission results in triggering a WARN when a vCPU reset occurs
> while still in SMM mode, due to the check in kvm_vcpu_reset(). This
> situation was reprodused using Syzkaller by:
> 1) Creating a KVM VM and vCPU
> 2) Sending a KVM_SMI ioctl to explicitly enter SMM
> 3) Executing invalid instructions causing consecutive exceptions and
> eventually a triple fault
> 
> [...]

Applied to kvm-x86 fixes.  I massaged the shortlog+changelog, as firing INIT
isn't architectural behavior, it's simply the least awful option, and more
importantly, it's KVM's existing behavior.

Thanks!

[1/1] KVM: SVM: forcibly leave SMM mode on vCPU reset
      commit: a2620f8932fa9fdabc3d78ed6efb004ca409019f

--
https://github.com/kvm-x86/linux/tree/next

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ