Please ignore this patch. I mistakenly sent this wrong one. Sorry for making noise. Thanks, SJ On Thu, 2 Nov 2023 17:33:11 +0000 SeongJae Park <sj@xxxxxxxxxx> wrote: > From: Maxim Levitsky <mlevitsk@xxxxxxxxxx> > > The following problem exists since x2avic was enabled in the KVM: > > svm_set_x2apic_msr_interception is called to enable the interception of > the x2apic msrs. > > In particular it is called at the moment the guest resets its apic. > > Assuming that the guest's apic was in x2apic mode, the reset will bring > it back to the xapic mode. > > The svm_set_x2apic_msr_interception however has an erroneous check for > '!apic_x2apic_mode()' which prevents it from doing anything in this case. > > As a result of this, all x2apic msrs are left unintercepted, and that > exposes the bare metal x2apic (if enabled) to the guest. > Oops. > > Remove the erroneous '!apic_x2apic_mode()' check to fix that. > > This fixes CVE-2023-5090
