From: Yosry Ahmed <yosry@kernel.org>
To: Sean Christopherson <seanjc@google.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Yosry Ahmed <yosry@kernel.org>
Subject: [PATCH v1 0/4] KVM: nSVM: Fix RIP usage in the control area after restore
Date: Mon, 23 Feb 2026 15:46:32 +0000 [thread overview]
Message-ID: <20260223154636.116671-1-yosry@kernel.org> (raw)
Fix a few bugs in using L2's RIP to construct fields in vmcb02 after
save+restore. The main problem is that the vmcb12_rip (and maybe
vmcb12_cs_base) values passed to nested_vmcb02_prepare_control() in the
restore path are broken.
The series fixes that by delaying initializing the fields depending on
RIP and CS base until shortly before VMRUN, to use the most up-to-date
fields regardless of save+restore order.
It also fixes another bug where using vmcb12_rip is incorrect, even if
it was restored correctly (patch 1).
Patch 4 is a reproducer, not intended for merging. It modifies
svm_nested_soft_inject_test to reproduce the bug.
RFC -> v1:
- Only set NextRIP in vmcb02 if supported by the CPU [Sean].
- Rework the fixes to delay using RIP and CS base until before VMRUN,
instead of fixing up the fields using them when RIP or CS is set
[Sean].
RFC: https://lore.kernel.org/kvm/20260212230751.1871720-1-yosry.ahmed@linux.dev/
Yosry Ahmed (4):
KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN
KVM: nSVM: Delay stuffing L2's current RIP into NextRIP until vCPU run
KVM: nSVM: Delay setting soft IRQ RIP tracking fields until vCPU run
DO NOT MERGE: KVM: selftests: Reproduce nested RIP restore bug
arch/x86/kvm/svm/nested.c | 35 ++++-----
arch/x86/kvm/svm/svm.c | 28 +++++++
.../testing/selftests/kvm/lib/x86/processor.c | 3 +
.../kvm/x86/svm_nested_soft_inject_test.c | 74 +++++++++++++++----
4 files changed, 105 insertions(+), 35 deletions(-)
base-commit: 183bb0ce8c77b0fd1fb25874112bc8751a461e49
--
2.53.0.345.g96ddfc5eaa-goog
next reply other threads:[~2026-02-23 15:46 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-23 15:46 Yosry Ahmed [this message]
2026-02-23 15:46 ` [PATCH v1 1/4] KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN Yosry Ahmed
2026-02-23 15:46 ` [PATCH v1 2/4] KVM: nSVM: Delay stuffing L2's current RIP into NextRIP until vCPU run Yosry Ahmed
2026-02-25 0:07 ` Yosry Ahmed
2026-02-25 0:56 ` Sean Christopherson
2026-02-25 1:00 ` Yosry Ahmed
2026-02-25 1:10 ` Sean Christopherson
2026-02-25 1:15 ` Yosry Ahmed
2026-02-25 1:25 ` Sean Christopherson
2026-02-25 1:42 ` Yosry Ahmed
2026-02-23 15:46 ` [PATCH v1 3/4] KVM: nSVM: Delay setting soft IRQ RIP tracking fields " Yosry Ahmed
2026-02-23 15:46 ` [PATCH v1 4/4] DO NOT MERGE: KVM: selftests: Reproduce nested RIP restore bug Yosry Ahmed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260223154636.116671-1-yosry@kernel.org \
--to=yosry@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.