Re: [PATCH v2 06/10] KVM: selftests: Drop HORRIFIC_L2_UCALL_CLOBBER_HACK

[sashiko-bot@kernel.org]

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [Medium] Removal of the ucall GPR hack causes L2 register corruption in EVMCS nested virtualization tests.
--

commit 15ef07c71219fb9256d8d4da6427386aaf993fbd
Author: Yosry Ahmed <yosry@kernel.org>
KVM: selftests: Drop HORRIFIC_L2_UCALL_CLOBBER_HACK

This commit drops the HORRIFIC_L2_UCALL_CLOBBER_HACK from ucall_arch_do_ucall(),
relying on the nVMX test code to preserve L2 GPRs across nested VM-exits.

> diff --git a/tools/testing/selftests/kvm/lib/x86/ucall.c b/tools/testing/selftests/kvm/lib/x86/ucall.c
> index e7dd5791959ba..38050c60a0670 100644
> --- a/tools/testing/selftests/kvm/lib/x86/ucall.c
> +++ b/tools/testing/selftests/kvm/lib/x86/ucall.c
> @@ -10,36 +10,8 @@
>  
>  void ucall_arch_do_ucall(gva_t uc)
>  {
[ ... ]
> -		     HORRIFIC_L2_UCALL_CLOBBER_HACK);
> +	asm volatile("in %[port], %%al"
> +		: : [port] "d" (UCALL_PIO_PORT), "D" (uc) : "rax", "memory");

[Severity: Medium]
Does the removal of this hack cause L2 register corruption in Enlightened
VMX (EVMCS) tests?

While standard nVMX tests preserve GPRs using VMX_SWITCH_GPRS_ASM, it appears
the EVMCS helpers evmcs_vmlaunch() and evmcs_vmresume() in
tools/testing/selftests/kvm/include/x86/evmcs.h were not updated.

These functions still use a hardcoded inline assembly sequence that explicitly
clobbers %rbx and %r8-%r15.

If L2 triggers a ucall and an asynchronous event forces a nested VM-Exit
to L1, wouldn't the L1 compiler clobber L2's GPRs, causing L2 to resume
with corrupted registers and leading to a test failure?

>  }
>  
>  void *ucall_arch_get_ucall(struct kvm_vcpu *vcpu)

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260604203546.365658-1-yosry@kernel.org?part=6