Greg KH <gregkh@xxxxxxxxxx> writes: > On Wed, Feb 28, 2024 at 11:09:50PM +0100, Paolo Bonzini wrote: >> On 2/28/24 09:14, Greg Kroah-Hartman wrote: >> > From: gregkh@xxxxxxxxxx >> > >> > Description >> > =========== >> > >> > In the Linux kernel, the following vulnerability has been resolved: >> > >> > KVM: nVMX: Always make an attempt to map eVMCS after migration >> >> How does this break the confidentiality, integrity or availability of the >> host kernel? It's a fix for a failure to restart the guest after migration. >> Vitaly can confirm. > > It's a fix for the availability of the guest kernel, which now can not > boot properly, right? That's why this was selected. If this is not > correct, I will be glad to revoke this. > To be precise, this issue is about guest's behavior post-migration and not booting. Also, it should be noted that "Enlightened VMCS" feature is normally not used for Linux guests on KVM so the "guest kernel" is actually Windows kernel (or Hyper-V) :-) Personally, I don't see how this particular issue differs from other KVM hypervisor bugs. I.e. when hypervisor misbehaves, the guest will likely suffer and in many cases "suffer" means crash. What *is* important is who can trigger hypervisor's misbehavior. In case it is guest triggered (and especially if triggered from CPL!=0), security implications are possible. In the even worse case when such guest's actions can cause issues in the host's kernel, the presence of a vulnerability is almost certain. Migration is (normally) not guest triggered, it's a deliberate action on the host. -- Vitaly
