### Critical Vulnerability Information - **Vulnerability Description**: - In KVM, when a virtual CPU (vCPU) encounters a SHUTDOWN interrupt while in System Management Mode (SMM), KVM forces a vCPU INIT. This triggers a WARN. - **Related Commit**: - The issue stems from a previous commit `ed129ec9057f` ("KVM: x86: forcibly leave nested mode on vCPU reset"), which addressed a use-after-free issue that could occur when three faults happen in nested mode, but did not handle the SMM case. - **Reproduction Steps**: 1. Create a KVM VM and vCPU. 2. Send the KVM_SMI ioctl command to explicitly enter SMM. 3. Execute an invalid instruction to cause consecutive exceptions, ultimately triggering three faults. - **Error Log**: ```plaintext WARNING: CPU: 0 PID: 25506 at arch/x86/kvm/x86.c:12112 kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112 Modules linked in: CPU: 0 PID: 25506 Comm: syz-executor.0 Not tainted 6.1.130-syzkaller-00157-g164fe5dde9b6 #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS: 1.12.0-1 04/01/2014 RIP: 0010:kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112 Call Trace: shutdown_interception+0x66/0xb0 arch/x86/kvm/svm/svm.c:2136 svm_invoke_exit_handler+0x110/0x530 arch/x86/kvm/svm/svm.c:3395 svm_handle_exit+0x424/0x920 arch/x86/kvm/svm/svm.c:3457 vcpu_enter_guest arch/x86/kvm/x86.c:10959 [inline] vcpu_run+0xc43/0x5a90 arch/x86/kvm/x86.c:11062 kvm_arch_vcpu_ioctl_run+0x50f/0x1cfc0 arch/x86/kvm/x86.c:11283 kvm_vcpu_ioctl+0x570/0x800 arch/x86/kvm/.../.../virt/kvm/kvm_main.c:4122 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] ``` - **Fix**: - Commit `e9b28bc65fd3a56755ba503258024608292b4ab1` forces exiting SMM mode to resolve this issue.