On Mon, 14 Apr 2025 20:12:06 +0300, Mikhail Lobanov wrote:
> Previously, commit ed129ec9057f ("KVM: x86: forcibly leave nested mode
> on vCPU reset") addressed an issue where a triple fault occurring in
> nested mode could lead to use-after-free scenarios. However, the commit
> did not handle the analogous situation for System Management Mode (SMM).
>
> This omission results in triggering a WARN when a vCPU reset occurs
> while still in SMM mode, due to the check in kvm_vcpu_reset(). This
> situation was reprodused using Syzkaller by:
> 1) Creating a KVM VM and vCPU
> 2) Sending a KVM_SMI ioctl to explicitly enter SMM
> 3) Executing invalid instructions causing consecutive exceptions and
> eventually a triple fault
>
> [...]
Applied to kvm-x86 fixes. I massaged the shortlog+changelog, as firing INIT
isn't architectural behavior, it's simply the least awful option, and more
importantly, it's KVM's existing behavior.
Thanks!
[1/1] KVM: SVM: forcibly leave SMM mode on vCPU reset
commit: a2620f8932fa9fdabc3d78ed6efb004ca409019f
--
https://github.com/kvm-x86/linux/tree/next
