kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
------------[ cut here ]------------
WARNING: CPU: 1 PID: 5835 at arch/x86/kvm/../../../virt/kvm/pfncache.c:267 __kvm_gpc_refresh+0x11ff/0x1380 virt/kvm/pfncache.c:267
Modules linked in:
CPU: 1 UID: 0 PID: 5835 Comm: syz-executor401 Not tainted 6.14.0-rc3-next-20250218-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:__kvm_gpc_refresh+0x11ff/0x1380 virt/kvm/pfncache.c:267
Code: c6 05 69 55 f0 0e 01 48 c7 c7 89 2e 2b 8e be 24 04 00 00 48 c7 c2 a0 eb 21 8c e8 3c 36 66 00 e9 78 f1 ff ff e8 62 c0 8a 00 90 <0f> 0b 90 41 be ea ff ff ff e9 51 fe ff ff e8 4e c0 8a 00 90 0f 0b
RSP: 0018:ffffc9000406f140 EFLAGS: 00010293
RAX: ffffffff81373e7e RBX: ffffffffffffff01 RCX: ffff888035118000
RDX: 0000000000000000 RSI: ffff888000000000 RDI: ffff887fffffffff
RBP: ffffc9000406f2d0 R08: ffffffff81372d49 R09: 1ffffffff207b48e
R10: dffffc0000000000 R11: fffffbfff207b48f R12: ffff887fffffffff
R13: dffffc0000000000 R14: ffff888000000000 R15: ffffc900030f73f8
FS: 0000555565e72380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005654f4befc30 CR3: 000000007ecca000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
kvm_gpc_refresh+0xc6/0x110 virt/kvm/pfncache.c:382
kvm_xen_set_evtchn+0x165/0x230 arch/x86/kvm/xen.c:1933
kvm_xen_hvm_evtchn_send+0x1fa/0x370 arch/x86/kvm/xen.c:2013
kvm_arch_vm_ioctl+0xe4d/0x17c0 arch/x86/kvm/x86.c:7262
kvm_vm_ioctl+0x876/0xd70 virt/kvm/kvm_main.c:5285
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:906 [inline]
__se_sys_ioctl+0xf1/0x160 fs/ioctl.c:892
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2a11846429
Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff5d46cb48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000400000000000 RCX: 00007f2a11846429
RDX: 0000400000000180 RSI: 00000000400caed0 RDI: 0000000000000001
RBP: 00007f2a118b9610 R08: 00007fff5d46cd18 R09: 00007fff5d46cd18
R10: 00007fff5d46cd18 R11: 0000000000000246 R12: 0000000000000001
R13: 00007fff5d46cd08 R14: 0000000000000001 R15: 0000000000000001
</TASK>