From: Sean Christopherson <seanjc@google.com>
To: Yosry Ahmed <yosry@kernel.org>
Cc: Jim Mattson <jmattson@google.com>,
Paolo Bonzini <pbonzini@redhat.com>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 1/6] KVM: SVM: Use maxphyaddr in emulator RAX check for VMRUN/VMLOAD/VMSAVE
Date: Thu, 12 Mar 2026 08:54:38 -0700 [thread overview]
Message-ID: <abLhvoAg17OKMrxR@google.com> (raw)
In-Reply-To: <CAO9r8zO_Mo-98MqREwHq4JN0bA11H2EpmNmUkAU5QvNm9OGNbg@mail.gmail.com>
On Thu, Mar 12, 2026, Yosry Ahmed wrote:
> > diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
> > index c8e292e9a24d..74df977a38ca 100644
> > --- a/arch/x86/kvm/emulate.c
> > +++ b/arch/x86/kvm/emulate.c
> > @@ -3867,18 +3867,10 @@ static int check_svme(struct x86_emulate_ctxt *ctxt)
> > if (!(efer & EFER_SVME))
> > return emulate_ud(ctxt);
> >
> > - return X86EMUL_CONTINUE;
> > -}
> > -
> > -static int check_svme_pa(struct x86_emulate_ctxt *ctxt)
> > -{
> > - u64 rax = reg_read(ctxt, VCPU_REGS_RAX);
> > -
> > - /* Valid physical address? */
> > - if (rax & 0xffff000000000000ULL)
> > + if (ctxt->ops->cpl(ctxt))
> > return emulate_gp(ctxt, 0);
> >
> > - return check_svme(ctxt);
> > + return X86EMUL_CONTINUE;
> > }
> >
> > static int check_rdtsc(struct x86_emulate_ctxt *ctxt)
> > @@ -3984,10 +3976,10 @@ static const struct opcode group7_rm2[] = {
> > };
> >
> > static const struct opcode group7_rm3[] = {
> > - DIP(SrcNone | Prot | Priv, vmrun, check_svme_pa),
> > + DIP(SrcNone | Prot | Priv, vmrun, check_svme),
> > II(SrcNone | Prot | EmulateOnUD, em_hypercall, vmmcall),
> > - DIP(SrcNone | Prot | Priv, vmload, check_svme_pa),
> > - DIP(SrcNone | Prot | Priv, vmsave, check_svme_pa),
> > + DIP(SrcNone | Prot | Priv, vmload, check_svme),
> > + DIP(SrcNone | Prot | Priv, vmsave, check_svme),
> > DIP(SrcNone | Prot | Priv, stgi, check_svme),
> > DIP(SrcNone | Prot | Priv, clgi, check_svme),
> > DIP(SrcNone | Prot | Priv, skinit, check_svme),
> > diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
> > index e6691c044913..e1223c07593b 100644
> > --- a/arch/x86/kvm/svm/svm.c
> > +++ b/arch/x86/kvm/svm/svm.c
> > @@ -2294,7 +2294,7 @@ static int gp_interception(struct kvm_vcpu *vcpu)
> > EMULTYPE_VMWARE_GP | EMULTYPE_NO_DECODE);
> > } else {
> > /* All SVM instructions expect page aligned RAX */
> > - if (svm->vmcb->save.rax & ~PAGE_MASK)
> > + if (!page_address_valid(vcpu, svm->vmcb->save.rax))
> > goto reinject;
>
> Final observation (hopefully), this check needs to be moved to the
> VMRUN/VMLOAD/VMSAVE interception functions.
Gah, yeah. I noticed that when initially typing up my response, but lost track
of it when I got distracted by all the emulator crud.
> As kvm_vcpu_map() failures will stop injecting #GP, we still need to handle
> the case where allow_smaller_maxphyaddr is used and the GPA is illegal from
> the vCPU's perspective but not the host.
allow_smaller_maxphyaddr is irrelevant. My read of the APM is that the intercept
has priority over the #GP due to a bad RAX. So with vls=0, KVM needs to check
RAX irrespective of allow_smaller_maxphyaddr.
next prev parent reply other threads:[~2026-03-12 15:54 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-06 21:08 [PATCH v2 0/6] KVM: nSVM: Fix vmcb12 mapping failure handling Yosry Ahmed
2026-03-06 21:08 ` [PATCH v2 1/6] KVM: SVM: Use maxphyaddr in emulator RAX check for VMRUN/VMLOAD/VMSAVE Yosry Ahmed
2026-03-06 22:27 ` Jim Mattson
2026-03-06 22:37 ` Yosry Ahmed
2026-03-06 23:12 ` Jim Mattson
2026-03-06 23:20 ` Yosry Ahmed
2026-03-06 23:45 ` Jim Mattson
2026-03-07 0:32 ` Sean Christopherson
2026-03-11 18:31 ` Yosry Ahmed
2026-03-11 20:07 ` Yosry Ahmed
2026-03-11 20:39 ` Sean Christopherson
2026-03-11 20:50 ` Yosry Ahmed
2026-03-11 23:01 ` Sean Christopherson
2026-03-11 23:22 ` Yosry Ahmed
2026-03-12 1:27 ` Yosry Ahmed
2026-03-12 1:38 ` Sean Christopherson
2026-03-12 15:50 ` Yosry Ahmed
2026-03-12 15:54 ` Sean Christopherson [this message]
2026-03-12 16:19 ` Yosry Ahmed
2026-03-07 0:28 ` Sean Christopherson
2026-03-07 0:31 ` Yosry Ahmed
2026-03-06 21:08 ` [PATCH v2 2/6] KVM: nSVM: Simplify error handling of nested_svm_copy_vmcb12_to_cache() Yosry Ahmed
2026-03-12 18:13 ` Sean Christopherson
2026-03-12 21:01 ` Yosry Ahmed
2026-03-06 21:08 ` [PATCH v2 3/6] KVM: SVM: Treat mapping failures equally in VMLOAD/VMSAVE emulation Yosry Ahmed
2026-03-06 21:08 ` [PATCH v2 4/6] KVM: nSVM: Fail emulation of VMRUN/VMLOAD/VMSAVE if mapping vmcb12 fails Yosry Ahmed
2026-03-07 1:09 ` Yosry Ahmed
2026-03-09 13:56 ` Yosry Ahmed
2026-03-06 21:08 ` [PATCH v2 5/6] KVM: selftests: Rework svm_nested_invalid_vmcb12_gpa Yosry Ahmed
2026-03-06 21:09 ` [PATCH v2 6/6] KVM: selftests: Drop 'invalid' from svm_nested_invalid_vmcb12_gpa's name Yosry Ahmed
2026-04-03 15:13 ` [PATCH v2 0/6] KVM: nSVM: Fix vmcb12 mapping failure handling Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=abLhvoAg17OKMrxR@google.com \
--to=seanjc@google.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=yosry@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.