From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D129612F585; Mon, 23 Feb 2026 15:46:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771861612; cv=none; b=Fj33S1CYQgv69yMgFms2oSeRviqFiewncz3qQ8DtLrPTrRH/pd16LHOENNOA8jRoHs1XDojrgIAsl5uvOJqKefJXMGhxNtCPjukzpeOK5sImBJ0n07ah+7c8EOdu2OEeap5qYENzmjLZ51FJG/+wPpb9ITH7wq+fc1zJFbXNO3E= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771861612; c=relaxed/simple; bh=A0QMHEIf9poh+N25FSN/WhFw4x9idRTJ82NeDPFY6z4=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=MKmEe0dENqFOn3BTlNAujJ1/GKvBFdH6W/UtT+2sxsJJgk2UWQ/0xlbHgsVJx6Gs96fhP/PrNkTJB+apGSaJj5Z7PamqTVsVvUR8+kNZRDy5QWiWE5+OvEKbF5B78vyjcIpNKd9peqBvFSS9J+24tAgPIg4uhPVjtMXhXvz45nY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=VQOhfZNV; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="VQOhfZNV" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4A59AC116D0; Mon, 23 Feb 2026 15:46:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1771861612; bh=A0QMHEIf9poh+N25FSN/WhFw4x9idRTJ82NeDPFY6z4=; h=From:To:Cc:Subject:Date:From; b=VQOhfZNVtNC0T6xmNVSqj2CcKVhs9a3PzPuN7L8kcsrT123nfbXfLF1FIhHU6LrLX 8yLD16lyVHVCU8F/fGuDT7i8cQCJhmo1jcx1VwO3I/pX8kcxrSZ4cavymOjscENJXi EgCk+vaJjLkx0+OIvQRbjVEQWGHlDyb+BzMt1S/moWzW5aSlznK26bxAKenyElC6FT 4EyubsWgZplNZPYl4llP3S1nkbLogsKz2gkdTxL7fqwCXkgeKfU1K4FXUAV+KRvmnH 20HpecdYInMbzTfikQECeXOEjW/k/J9PatWrFKdsOtMlTV3EZtPCnm5+ljroVSHNII CePsvzmGkbjPQ== From: Yosry Ahmed To: Sean Christopherson Cc: Paolo Bonzini , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Yosry Ahmed Subject: [PATCH v1 0/4] KVM: nSVM: Fix RIP usage in the control area after restore Date: Mon, 23 Feb 2026 15:46:32 +0000 Message-ID: <20260223154636.116671-1-yosry@kernel.org> X-Mailer: git-send-email 2.53.0.345.g96ddfc5eaa-goog Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Fix a few bugs in using L2's RIP to construct fields in vmcb02 after save+restore. The main problem is that the vmcb12_rip (and maybe vmcb12_cs_base) values passed to nested_vmcb02_prepare_control() in the restore path are broken. The series fixes that by delaying initializing the fields depending on RIP and CS base until shortly before VMRUN, to use the most up-to-date fields regardless of save+restore order. It also fixes another bug where using vmcb12_rip is incorrect, even if it was restored correctly (patch 1). Patch 4 is a reproducer, not intended for merging. It modifies svm_nested_soft_inject_test to reproduce the bug. RFC -> v1: - Only set NextRIP in vmcb02 if supported by the CPU [Sean]. - Rework the fixes to delay using RIP and CS base until before VMRUN, instead of fixing up the fields using them when RIP or CS is set [Sean]. RFC: https://lore.kernel.org/kvm/20260212230751.1871720-1-yosry.ahmed@linux.dev/ Yosry Ahmed (4): KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN KVM: nSVM: Delay stuffing L2's current RIP into NextRIP until vCPU run KVM: nSVM: Delay setting soft IRQ RIP tracking fields until vCPU run DO NOT MERGE: KVM: selftests: Reproduce nested RIP restore bug arch/x86/kvm/svm/nested.c | 35 ++++----- arch/x86/kvm/svm/svm.c | 28 +++++++ .../testing/selftests/kvm/lib/x86/processor.c | 3 + .../kvm/x86/svm_nested_soft_inject_test.c | 74 +++++++++++++++---- 4 files changed, 105 insertions(+), 35 deletions(-) base-commit: 183bb0ce8c77b0fd1fb25874112bc8751a461e49 -- 2.53.0.345.g96ddfc5eaa-goog