[PATCH] KVM: x86: Replace BUG_ON() with WARN_ON_ONCE() on "bad" nested GPA translation

Kernel KVM virtualization development
 help / color / mirror / Atom feed

* [PATCH] KVM: x86: Replace BUG_ON() with WARN_ON_ONCE() on "bad" nested GPA translation
@ 2026-06-18 18:57 Sean Christopherson
  2026-06-19  4:26 ` Huang, Kai
  2026-06-19 15:06 ` David Laight
  0 siblings, 2 replies; 3+ messages in thread
From: Sean Christopherson @ 2026-06-18 18:57 UTC (permalink / raw)
  To: Sean Christopherson, Paolo Bonzini; +Cc: kvm, linux-kernel

If KVM attempts to translate what it thinks is an L2 GPA with a non-nested
MMU, simply WARN and return the GPA, i.e. trust the MMU more than the
caller, as there is zero reason to potentially panic the host kernel just
because KVM misused an API.

Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/svm/nested.c | 3 ++-
 arch/x86/kvm/vmx/nested.c | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index 9aedb88c832d..3e6c671a8dc2 100644
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -2152,7 +2152,8 @@ static gpa_t svm_translate_nested_gpa(struct kvm_vcpu *vcpu, gpa_t gpa,
 	struct vcpu_svm *svm = to_svm(vcpu);
 	struct kvm_mmu *mmu = vcpu->arch.mmu;
 
-	BUG_ON(!mmu_is_nested(vcpu));
+	if (WARN_ON_ONCE(!mmu_is_nested(vcpu)))
+		return gpa;
 
 	/* Non-GMET walks are always user-walks */
 	if (!(svm->nested.ctl.misc_ctl & SVM_MISC_ENABLE_GMET))
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index 3a293640d58c..6957bb6f5cf7 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -7470,7 +7470,8 @@ static gpa_t vmx_translate_nested_gpa(struct kvm_vcpu *vcpu, gpa_t gpa,
 {
 	struct kvm_mmu *mmu = vcpu->arch.mmu;
 
-	BUG_ON(!mmu_is_nested(vcpu));
+	if (WARN_ON_ONCE(!mmu_is_nested(vcpu)))
+		return gpa;
 
 	/*
 	 * MBEC differentiates based on the effective U/S bit of

base-commit: 9d4853b044beefa21c4ee3e18c40653601a64ced
-- 
2.55.0.rc0.738.g0c8ab3ebcc-goog


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] KVM: x86: Replace BUG_ON() with WARN_ON_ONCE() on "bad" nested GPA translation
  2026-06-18 18:57 [PATCH] KVM: x86: Replace BUG_ON() with WARN_ON_ONCE() on "bad" nested GPA translation Sean Christopherson
@ 2026-06-19  4:26 ` Huang, Kai
  2026-06-19 15:06 ` David Laight
  1 sibling, 0 replies; 3+ messages in thread
From: Huang, Kai @ 2026-06-19  4:26 UTC (permalink / raw)
  To: pbonzini@redhat.com, seanjc@google.com
  Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org

On Thu, 2026-06-18 at 11:57 -0700, Sean Christopherson wrote:
> If KVM attempts to translate what it thinks is an L2 GPA with a non-nested
> MMU, simply WARN and return the GPA, i.e. trust the MMU more than the
> caller, as there is zero reason to potentially panic the host kernel just
> because KVM misused an API.
> 
> Signed-off-by: Sean Christopherson <seanjc@google.com>
> 

Reviewed-by: Kai Huang <kai.huang@intel.com>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] KVM: x86: Replace BUG_ON() with WARN_ON_ONCE() on "bad" nested GPA translation
  2026-06-18 18:57 [PATCH] KVM: x86: Replace BUG_ON() with WARN_ON_ONCE() on "bad" nested GPA translation Sean Christopherson
  2026-06-19  4:26 ` Huang, Kai
@ 2026-06-19 15:06 ` David Laight
  1 sibling, 0 replies; 3+ messages in thread
From: David Laight @ 2026-06-19 15:06 UTC (permalink / raw)
  To: Sean Christopherson; +Cc: Paolo Bonzini, kvm, linux-kernel

On Thu, 18 Jun 2026 11:57:45 -0700
Sean Christopherson <seanjc@google.com> wrote:

> If KVM attempts to translate what it thinks is an L2 GPA with a non-nested
> MMU, simply WARN and return the GPA, i.e. trust the MMU more than the
> caller, as there is zero reason to potentially panic the host kernel just
> because KVM misused an API.

Except that PANIC_ON_WARN stands a reasonable chance of being set.
So it makes little difference.

	David

> 
> Signed-off-by: Sean Christopherson <seanjc@google.com>
> ---
>  arch/x86/kvm/svm/nested.c | 3 ++-
>  arch/x86/kvm/vmx/nested.c | 3 ++-
>  2 files changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
> index 9aedb88c832d..3e6c671a8dc2 100644
> --- a/arch/x86/kvm/svm/nested.c
> +++ b/arch/x86/kvm/svm/nested.c
> @@ -2152,7 +2152,8 @@ static gpa_t svm_translate_nested_gpa(struct kvm_vcpu *vcpu, gpa_t gpa,
>  	struct vcpu_svm *svm = to_svm(vcpu);
>  	struct kvm_mmu *mmu = vcpu->arch.mmu;
>  
> -	BUG_ON(!mmu_is_nested(vcpu));
> +	if (WARN_ON_ONCE(!mmu_is_nested(vcpu)))
> +		return gpa;
>  
>  	/* Non-GMET walks are always user-walks */
>  	if (!(svm->nested.ctl.misc_ctl & SVM_MISC_ENABLE_GMET))
> diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
> index 3a293640d58c..6957bb6f5cf7 100644
> --- a/arch/x86/kvm/vmx/nested.c
> +++ b/arch/x86/kvm/vmx/nested.c
> @@ -7470,7 +7470,8 @@ static gpa_t vmx_translate_nested_gpa(struct kvm_vcpu *vcpu, gpa_t gpa,
>  {
>  	struct kvm_mmu *mmu = vcpu->arch.mmu;
>  
> -	BUG_ON(!mmu_is_nested(vcpu));
> +	if (WARN_ON_ONCE(!mmu_is_nested(vcpu)))
> +		return gpa;
>  
>  	/*
>  	 * MBEC differentiates based on the effective U/S bit of
> 
> base-commit: 9d4853b044beefa21c4ee3e18c40653601a64ced


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2026-06-19 15:06 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-18 18:57 [PATCH] KVM: x86: Replace BUG_ON() with WARN_ON_ONCE() on "bad" nested GPA translation Sean Christopherson
2026-06-19  4:26 ` Huang, Kai
2026-06-19 15:06 ` David Laight

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox