Re: 'WARNING in handle_exception_nmi' bug at arch/x86/kvm/vmx/vmx.c:4959

From: Paolo Bonzini
Date: Mon Jun 20 2022 - 07:33:41 EST

Next message: Juergen Gross: "[PATCH v2] x86/pat: fix x86_has_pat_wp()"
Previous message: Jann Horn: "Re: pgprot_encrypted macro is broken"
In reply to: Dmitry Vyukov: "Re: 'WARNING in handle_exception_nmi' bug at arch/x86/kvm/vmx/vmx.c:4959"
Next in thread: 潘高宁: "Re: Re: 'WARNING in handle_exception_nmi' bug at arch/x86/kvm/vmx/vmx.c:4959"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6/20/22 13:24, Dmitry Vyukov wrote:

On Mon, 20 Jun 2022 at 12:25, 潘高宁 <pgn@xxxxxxxxxx> wrote:

Hello,

This is Xiao Lei, Gaoning Pan and Yongkang Jia from Zhejiang University. We found a 'WARNING in handle_exception_nmi' bug by syzkaller. This flaw allows a malicious user in a local DoS condition. The following program triggers Local DoS at arch/x86/kvm/vmx/vmx.c:4959 in latest release linux-5.18.5, this bug can be reproducible stably by the C reproducer:

FWIW a similarly-looking issue was reported by syzbot:
https://syzkaller.appspot.com/bug?id=1b411bfb1739c497a8f0c7f1aa501202726cd01a
https://lore.kernel.org/all/0000000000000a5eae05d8947adb@xxxxxxxxxx/

Sean said it may be an issue in L0 kernel rather than in the tested kernel:
https://lore.kernel.org/all/Yqd5upAHNOxD0wrQ@xxxxxxxxxx/

Indeed I cannot reproduce these either on bare metal.

Paolo

Next message: Juergen Gross: "[PATCH v2] x86/pat: fix x86_has_pat_wp()"
Previous message: Jann Horn: "Re: pgprot_encrypted macro is broken"
In reply to: Dmitry Vyukov: "Re: 'WARNING in handle_exception_nmi' bug at arch/x86/kvm/vmx/vmx.c:4959"
Next in thread: 潘高宁: "Re: Re: 'WARNING in handle_exception_nmi' bug at arch/x86/kvm/vmx/vmx.c:4959"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]