Minimal supplement to upstream Kernel Self Protection Project changes. Features already provided by SELinux + Yama and archs other than multiarch arm64 / x86_64 aren't in scope. Only tags have stable history. Shared IRC channel with KSPP: irc.libera.chat #linux-hardening
Until kernel 5.17.15 KVM was working fine for both Linux and Windows VM's.
When I use the 5.18.* or 5.19.5-hardened1 kernel, my host machine completely freezes when I start a Windows VM (when I start a Linux VM, everything works). During the freeze, my caps lock button light is blinking (kernel panic?). I have to do a hard reboot in order to use my machine again.
I am using an Intel i9-11950H.
When I check the value of /sys/module/kvm_intel/parameters/enable_apicv, it's set to "Y".
When I add
options kvm_intel enable_apicv=0
To /etc/modprobe.d/kvm_fix.conf, I am able to start my Windows VM again after a reboot.
Until kernel 5.17.15 KVM was working fine for both Linux and Windows VM's. When I use the 5.18.* or 5.19.5-hardened1 kernel, my host machine completely freezes when I start a Windows VM (when I start a Linux VM, everything works). During the freeze, my caps lock button light is blinking (kernel panic?). I have to do a hard reboot in order to use my machine again.
I am using an Intel i9-11950H.
When I check the value of
/sys/module/kvm_intel/parameters/enable_apicv, it's set to "Y". When I addoptions kvm_intel enable_apicv=0To/etc/modprobe.d/kvm_fix.conf, I am able to start my Windows VM again after a reboot.