Thread (35 messages) 35 messages, 4 authors, 2021-05-25

Re: [PATCH 00/12] KVM: nVMX: Fix vmcs02 PID use-after-free issue

From: Jim Mattson <hidden>
Date: 2021-05-21 12:04:49

On Thu, May 20, 2021 at 4:03 PM Jim Mattson [off-list ref] wrote:
When the VMCS12 posted interrupt descriptor isn't backed by an L1
memslot, kvm will launch vmcs02 with a stale posted interrupt
descriptor. Before commit 6beb7bd52e48 ("kvm: nVMX: Refactor
nested_get_vmcs12_pages()"), kvm would have silently disabled the
VMCS02 "process posted interrupts" VM-execution control. Both
behaviors are wrong, though the use-after-free is more egregious.
Oops. Prior to the referenced commit, kvm would have forced a vmcs02
VM-entry failure by loading an illegal value into its posted interrupt
descriptor field. Though better than clearing the "process posted
interrupts" VM-execution control, that's still wrong.
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help