From: "Yosry Ahmed" <yosry.ahmed@linux.dev>
To: "Sean Christopherson" <seanjc@google.com>,
"Jim Mattson" <jmattson@google.com>
Cc: "Paolo Bonzini" <pbonzini@redhat.com>,
"Thomas Gleixner" <tglx@kernel.org>,
"Ingo Molnar" <mingo@redhat.com>,
"Borislav Petkov" <bp@alien8.de>,
"Dave Hansen" <dave.hansen@linux.intel.com>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
"Shuah Khan" <shuah@kernel.org>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-kselftest@vger.kernel.org
Subject: Re: [PATCH v3 2/8] KVM: x86: nSVM: Cache and validate vmcb12 g_pat
Date: Fri, 06 Feb 2026 18:23:35 +0000 [thread overview]
Message-ID: <fb750b1bb21bd47f85eb133d69b2c059188f4c05@linux.dev> (raw)
In-Reply-To: <aYYwwWjMDJQh6uDd@google.com>
February 6, 2026 at 10:19 AM, "Sean Christopherson" <seanjc@google.com> wrote:
>
> On Thu, Feb 05, 2026, Jim Mattson wrote:
>
> >
> > Cache g_pat from vmcb12 in svm->nested.gpat to avoid TOCTTOU issues, and
> > add a validity check so that when nested paging is enabled for vmcb12, an
> > invalid g_pat causes an immediate VMEXIT with exit code VMEXIT_INVALID, as
> > specified in the APM, volume 2: "Nested Paging and VMRUN/VMEXIT."
> >
> > Fixes: 3d6368ef580a ("KVM: SVM: Add VMRUN handler")
> > Signed-off-by: Jim Mattson <jmattson@google.com>
> > ---
> > arch/x86/kvm/svm/nested.c | 4 +++-
> > arch/x86/kvm/svm/svm.h | 3 +++
> > 2 files changed, 6 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
> > index f72dbd10dcad..1d4ff6408b34 100644
> > --- a/arch/x86/kvm/svm/nested.c
> > +++ b/arch/x86/kvm/svm/nested.c
> > @@ -1027,9 +1027,11 @@ int nested_svm_vmrun(struct kvm_vcpu *vcpu)
> >
> > nested_copy_vmcb_control_to_cache(svm, &vmcb12->control);
> > nested_copy_vmcb_save_to_cache(svm, &vmcb12->save);
> > + svm->nested.gpat = vmcb12->save.g_pat;
> >
> > if (!nested_vmcb_check_save(vcpu) ||
> > - !nested_vmcb_check_controls(vcpu)) {
> > + !nested_vmcb_check_controls(vcpu) ||
> > + (nested_npt_enabled(svm) && !kvm_pat_valid(svm->nested.gpat))) {
> > vmcb12->control.exit_code = SVM_EXIT_ERR;
> > vmcb12->control.exit_info_1 = 0;
> > vmcb12->control.exit_info_2 = 0;
> > diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
> > index 986d90f2d4ca..42a4bf83b3aa 100644
> > --- a/arch/x86/kvm/svm/svm.h
> > +++ b/arch/x86/kvm/svm/svm.h
> > @@ -208,6 +208,9 @@ struct svm_nested_state {
> > */
> > struct vmcb_save_area_cached save;
> >
> > + /* Cached guest PAT from vmcb12.save.g_pat */
> > + u64 gpat;
> >
> Shouldn't this go in vmcb_save_area_cached?
I believe Jim changed it after this discussion on v2: https://lore.kernel.org/kvm/20260115232154.3021475-4-jmattson@google.com/.
next prev parent reply other threads:[~2026-02-06 18:23 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-05 21:43 [PATCH v3 0/8] KVM: x86: nSVM: Improve PAT virtualization Jim Mattson
2026-02-05 21:43 ` [PATCH v3 1/8] KVM: x86: nSVM: Clear VMCB_NPT clean bit when updating g_pat in L2 Jim Mattson
2026-02-09 16:05 ` Yosry Ahmed
2026-02-05 21:43 ` [PATCH v3 2/8] KVM: x86: nSVM: Cache and validate vmcb12 g_pat Jim Mattson
2026-02-06 18:19 ` Sean Christopherson
2026-02-06 18:23 ` Yosry Ahmed [this message]
2026-02-06 18:32 ` Jim Mattson
2026-02-06 19:12 ` Sean Christopherson
2026-02-06 19:15 ` Yosry Ahmed
2026-02-06 19:50 ` Sean Christopherson
2026-02-06 20:56 ` Jim Mattson
2026-02-06 23:07 ` Sean Christopherson
2026-02-05 21:43 ` [PATCH v3 3/8] KVM: x86: nSVM: Set vmcb02.g_pat correctly for nested NPT Jim Mattson
2026-02-06 18:23 ` Sean Christopherson
2026-02-06 18:29 ` Yosry Ahmed
2026-02-06 19:14 ` Sean Christopherson
2026-02-05 21:43 ` [PATCH v3 4/8] KVM: x86: nSVM: Redirect IA32_PAT accesses to either hPAT or gPAT Jim Mattson
2026-02-05 21:43 ` [PATCH v3 5/8] KVM: x86: nSVM: Save gPAT to vmcb12.g_pat on VMEXIT Jim Mattson
2026-02-05 21:43 ` [PATCH v3 6/8] KVM: x86: nSVM: Save/restore gPAT with KVM_{GET,SET}_NESTED_STATE Jim Mattson
2026-02-05 21:43 ` [PATCH v3 7/8] KVM: x86: nSVM: Handle restore of legacy nested state Jim Mattson
2026-02-06 19:17 ` Sean Christopherson
2026-02-06 22:38 ` Jim Mattson
2026-02-05 21:43 ` [PATCH v3 8/8] KVM: selftests: nSVM: Add svm_nested_pat test Jim Mattson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fb750b1bb21bd47f85eb133d69b2c059188f4c05@linux.dev \
--to=yosry.ahmed@linux.dev \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=shuah@kernel.org \
--cc=tglx@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.