On Thu, May 26, 2022 at 09:08:16PM +0000, Sean Christopherson wrote: > Bug the VM if KVM's emulator attempts to inject a bogus exception vector. > The guest is likely doomed even if KVM continues on, and propagating a > bad vector to the rest of KVM runs the risk of breaking other assumptions > in KVM and thus triggering a more egregious bug. > > All existing users of emulate_exception() have hardcoded vector numbers > (__load_segment_descriptor() uses a few different vectors, but they're > all hardcoded), and future users are likely to follow suit, i.e. the > change to emulate_exception() is a glorified nop. > > As for the ctxt->exception.vector check in x86_emulate_insn(), the few > known times the WARN has been triggered in the past is when the field was > not set when synthesizing a fault, i.e. for all intents and purposes the > check protects against consumption of uninitialized data. > > Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx> Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> -- Kees Cook
