[PATCH v3 0/8] KVM: nSVM: Save/restore fixes for (Next)RIP

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Yosry Ahmed <yosry@kernel.org>
To: Sean Christopherson <seanjc@google.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
	kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Yosry Ahmed <yosry@kernel.org>
Subject: [PATCH v3 0/8] KVM: nSVM: Save/restore fixes for (Next)RIP
Date: Wed, 25 Feb 2026 00:59:42 +0000	[thread overview]
Message-ID: <20260225005950.3739782-1-yosry@kernel.org> (raw)

This is a combined v3 of series [1] and v2 of series [2], as patch 1
here is a dependency of patch 5. Without patch 1, NextRIP is not sync'd
correctly to the cache, and restoring it for a guest without NRIPS is a
bug.

The series fixes two classes of save/restore bugs:
- Some fields written by the CPU are not sync'd from vmcb02 to cached
  vmcb12 after VMRUN, so are not up-to-date in KVM_GET_NESTED_STATE
  payload (fixes in patches 1 & 2, tests in patches 3 & 4).
- Ordering between KVM_SET_NESTED_STATE and KVM_SET_{S}REGS could cause
  vmcb02 to be incorrectly initialized after save+restore (fixes in
  patches 5 to 7).

Patch 8 is a reproducer for the second class of bugs, it should not be
merged.

v2 -> v3 (for series [1]):
- Dropped patch moving vmcb02->vmcb12 sync after completing interrupts.

v1 -> v2 (for series [2]):
- Move code updating NextRIP and soft IRQ RIP tracking from
  svm_prepare_switch_to_guest() to pre_svm_run().

[1]https://lore.kernel.org/kvm/20260211162842.454151-1-yosry.ahmed@linux.dev/
[2]https://lore.kernel.org/kvm/20260223154636.116671-1-yosry@kernel.org/

Yosry Ahmed (8):
  KVM: nSVM: Sync NextRIP to cached vmcb12 after VMRUN of L2
  KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2
  KVM: selftests: Extend state_test to check vGIF
  KVM: selftests: Extend state_test to check next_rip
  KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN
  KVM: nSVM: Delay stuffing L2's current RIP into NextRIP until vCPU run
  KVM: nSVM: Delay setting soft IRQ RIP tracking fields until vCPU run
  DO NOT MERGE: KVM: selftests: Reproduce nested RIP restore bug

 arch/x86/kvm/svm/nested.c                     | 36 +++++----
 arch/x86/kvm/svm/svm.c                        | 37 ++++++++++
 .../testing/selftests/kvm/lib/x86/processor.c |  8 +-
 tools/testing/selftests/kvm/x86/state_test.c  | 35 +++++++++
 .../kvm/x86/svm_nested_soft_inject_test.c     | 74 +++++++++++++++----
 5 files changed, 154 insertions(+), 36 deletions(-)


base-commit: 183bb0ce8c77b0fd1fb25874112bc8751a461e49
-- 
2.53.0.414.gf7e9f6c205-goog

next             reply	other threads:[~2026-02-25  1:00 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-02-25  0:59 Yosry Ahmed [this message]
2026-02-25  0:59 ` [PATCH v3 1/8] KVM: nSVM: Sync NextRIP to cached vmcb12 after VMRUN of L2 Yosry Ahmed
2026-02-25  0:59 ` [PATCH v3 2/8] KVM: nSVM: Sync interrupt shadow " Yosry Ahmed
2026-02-27 17:53   ` Yosry Ahmed
2026-03-02 20:41     ` Sean Christopherson
2026-02-25  0:59 ` [PATCH v3 3/8] KVM: selftests: Extend state_test to check vGIF Yosry Ahmed
2026-02-25  0:59 ` [PATCH v3 4/8] KVM: selftests: Extend state_test to check next_rip Yosry Ahmed
2026-02-25  0:59 ` [PATCH v3 5/8] KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN Yosry Ahmed
2026-03-04 17:30   ` Yosry Ahmed
2026-03-04 17:39     ` Sean Christopherson
2026-03-04 17:41       ` Yosry Ahmed
2026-02-25  0:59 ` [PATCH v3 6/8] KVM: nSVM: Delay stuffing L2's current RIP into NextRIP until vCPU run Yosry Ahmed
2026-02-25  0:59 ` [PATCH v3 7/8] KVM: nSVM: Delay setting soft IRQ RIP tracking fields " Yosry Ahmed
2026-03-04 17:50   ` Yosry Ahmed
2026-03-04 18:34     ` Sean Christopherson
2026-03-04 18:39       ` Yosry Ahmed
2026-02-25  0:59 ` [PATCH v3 8/8] DO NOT MERGE: KVM: selftests: Reproduce nested RIP restore bug Yosry Ahmed
2026-03-05 17:08 ` [PATCH v3 0/8] KVM: nSVM: Save/restore fixes for (Next)RIP Sean Christopherson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260225005950.3739782-1-yosry@kernel.org \
    --to=yosry@kernel.org \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pbonzini@redhat.com \
    --cc=seanjc@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.