Re: [PATCH 00/12] KVM: nVMX: Fix vmcs02 PID use-after-free issue
From: Jim Mattson <hidden>
Date: 2021-05-21 12:04:49
From: Jim Mattson <hidden>
Date: 2021-05-21 12:04:49
On Thu, May 20, 2021 at 4:03 PM Jim Mattson [off-list ref] wrote:
When the VMCS12 posted interrupt descriptor isn't backed by an L1
memslot, kvm will launch vmcs02 with a stale posted interrupt
descriptor. Before commit 6beb7bd52e48 ("kvm: nVMX: Refactor
nested_get_vmcs12_pages()"), kvm would have silently disabled the
VMCS02 "process posted interrupts" VM-execution control. Both
behaviors are wrong, though the use-after-free is more egregious.Oops. Prior to the referenced commit, kvm would have forced a vmcs02 VM-entry failure by loading an illegal value into its posted interrupt descriptor field. Though better than clearing the "process posted interrupts" VM-execution control, that's still wrong.