diff options
| author | Sean Christopherson <seanjc@google.com> | 2022-05-26 21:08:16 +0000 |
|---|---|---|
| committer | Paolo Bonzini <pbonzini@redhat.com> | 2022-06-10 10:01:33 -0400 |
| commit | 49a1431d3bea4092082b0082cd9f58f3ccdf57f4 (patch) | |
| tree | 206810b459c864570bbfc53f609e5c218719d107 /Documentation/virt/kvm/api.rst | |
| parent | 1cca2f8c501fa01e6c0d2aefbf97f8c3c89c0186 (diff) | |
KVM: x86: Bug the VM if the emulator generates a bogus exception vector
Bug the VM if KVM's emulator attempts to inject a bogus exception vector.
The guest is likely doomed even if KVM continues on, and propagating a
bad vector to the rest of KVM runs the risk of breaking other assumptions
in KVM and thus triggering a more egregious bug.
All existing users of emulate_exception() have hardcoded vector numbers
(__load_segment_descriptor() uses a few different vectors, but they're
all hardcoded), and future users are likely to follow suit, i.e. the
change to emulate_exception() is a glorified nop.
As for the ctxt->exception.vector check in x86_emulate_insn(), the few
known times the WARN has been triggered in the past is when the field was
not set when synthesizing a fault, i.e. for all intents and purposes the
check protects against consumption of uninitialized data.
Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20220526210817.3428868-8-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'Documentation/virt/kvm/api.rst')
0 files changed, 0 insertions, 0 deletions