On 20/03/20 16:23, Thomas Gleixner wrote: > Thomas Gleixner <tglx@xxxxxxxxxxxxx> writes: > >> Paolo Bonzini <pbonzini@xxxxxxxxxx> writes: >>> The WARN_ON is essentially comparing a user-provided value with 0. It is >>> trivial to trigger it just by passing garbage to KVM_SET_CLOCK. Guests >>> can break if you do so, but if it hurts when you do like this just do not >>> do it. >> >> Yes, it's a user provided value and it's completely unchecked. If that >> value is bogus then the guest will go sideways because timekeeping is >> completely busted. At least you should explain WHY you don't care. > > Or why it does not matter.... I can change the commit message to "Guests can break if you do so, but the same applies to every KVM_SET_* ioctl". It's impossible to be sure that userspace doesn't ever send a bogus KVM_SET_CLOCK and later rectifies it with the right value. Paolo
