I don't think it would matter. KVM wouldn't move the real APIC -- it would just move the fake APIC it exposes to the guest. SMM doesn't run in guest mode, so SMM code wouldn't see the fake APIC.
(If KVM allowed moving the APIC, then you could use this to escalate privileges from guest kernel mode to /guest/ SMM, and KVM is adding guest SMM soon, but that's a much less interesting attack IMO.)
amluto|10 years ago
(If KVM allowed moving the APIC, then you could use this to escalate privileges from guest kernel mode to /guest/ SMM, and KVM is adding guest SMM soon, but that's a much less interesting attack IMO.)