From: sashiko-bot@kernel.org
To: "Juergen Gross" <jgross@suse.com>
Cc: kvm@vger.kernel.org
Subject: Re: [PATCH v2 5/6] KVM/x86: Return -errno instead of "1" for SVM related MSR emulation
Date: Thu, 28 May 2026 14:51:16 +0000 [thread overview]
Message-ID: <20260528145116.EFBCC1F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260528113605.267111-6-jgross@suse.com>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [High] Returning -EINVAL instead of 1 from KVM MSR emulation handlers breaks the KVM error handling API, crashing the VM instead of gracefully injecting a #GP exception into the guest.
--
commit 4acdcc8f1417c1c797f8ed84011c6082e6aae48e
Author: Juergen Gross <jgross@suse.com>
KVM/x86: Return -errno instead of "1" for SVM related MSR emulation
This commit replaces literal "1" return values with negative errno values in
the emulation code of SVM related MSR registers to signal an error.
> diff --git a/arch/x86/kvm/svm/pmu.c b/arch/x86/kvm/svm/pmu.c
> index 7aa298eeb0721..1c325d602baa4 100644
> --- a/arch/x86/kvm/svm/pmu.c
> +++ b/arch/x86/kvm/svm/pmu.c
> @@ -144,7 +144,7 @@ static int amd_pmu_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
> return 0;
> }
>
> - return 1;
> + return -EINVAL;
[Severity: High]
Does returning -EINVAL instead of 1 here bypass the #GP injection logic?
KVM's x86 MSR emulation relies on a return value of 1 to signal an
architectural fault that should result in a #GP exception being injected into
the guest.
By changing the return values to -EINVAL, the errors become negative. In
__kvm_emulate_wrmsr() and similar paths, there is a check for r < 0 which
immediately propagates the negative error up the call stack.
Could this cause the KVM_RUN ioctl to fail with -EINVAL, crashing the VM
instead of gracefully injecting a #GP exception when a guest OS accesses an
invalid or reserved MSR?
[ ... ]
> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
> index e02a38da5296e..f8d9df822ab34 100644
> --- a/arch/x86/kvm/svm/svm.c
> +++ b/arch/x86/kvm/svm/svm.c
[ ... ]
> @@ -2907,7 +2907,7 @@ static int svm_complete_emulated_msr(struct kvm_vcpu *vcpu, int err)
> return kvm_complete_insn_gp(vcpu, err);
>
> svm_vmgexit_inject_exception(svm, X86_TRAP_GP);
> - return 1;
> + return -EINVAL;
[Severity: High]
Could returning -EINVAL here cause SEV-ES guests to fatally crash upon
invalid MSR accesses instead of receiving the injected exception?
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260528113605.267111-1-jgross@suse.com?part=5
next prev parent reply other threads:[~2026-05-28 14:51 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-28 11:35 [PATCH v2 0/6] KVM/x86: Drop "1" as MSR emulation return value Juergen Gross
2026-05-28 11:36 ` [PATCH v2 1/6] KVM/x86: Change comment before KVM_MSR_RET_* defines Juergen Gross
2026-05-28 11:52 ` sashiko-bot
2026-05-28 11:36 ` [PATCH v2 2/6] KVM/x86: Return -errno instead of "1" for APIC related MSR emulation Juergen Gross
2026-05-28 12:17 ` sashiko-bot
2026-05-28 11:36 ` [PATCH v2 3/6] KVM/x86: Return -errno instead of "1" for Hyper-V " Juergen Gross
2026-05-28 13:00 ` sashiko-bot
2026-05-28 11:36 ` [PATCH v2 4/6] KVM/x86: Return -errno instead of "1" for VMX " Juergen Gross
2026-05-28 14:11 ` sashiko-bot
2026-05-28 11:36 ` [PATCH v2 5/6] KVM/x86: Return -errno instead of "1" for SVM " Juergen Gross
2026-05-28 14:51 ` sashiko-bot [this message]
2026-05-28 11:36 ` [PATCH v2 6/6] KVM/x86: Return -errno instead of "1" for common " Juergen Gross
2026-05-28 16:19 ` sashiko-bot
2026-05-28 11:58 ` [PATCH v2 0/6] KVM/x86: Drop "1" as MSR emulation return value Juergen Gross
2026-05-28 13:09 ` Sean Christopherson
2026-05-28 13:18 ` Jürgen Groß
2026-05-28 13:21 ` Sean Christopherson
2026-05-28 14:01 ` Jürgen Groß
2026-05-28 14:33 ` Jürgen Groß
2026-05-28 15:32 ` David Woodhouse
2026-05-28 15:36 ` Jürgen Groß
2026-05-28 15:50 ` Jürgen Groß
2026-05-29 9:31 ` Juergen Gross
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260528145116.EFBCC1F000E9@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=jgross@suse.com \
--cc=kvm@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox