Re: [PATCH V2 3/4] KVM: VMX: Don't consult original exit qualification for nested EPT violation injection

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Sean Christopherson <seanjc@google.com>
To: Yosry Ahmed <yosry@kernel.org>
Cc: Kevin Cheng <chengkev@google.com>,
	pbonzini@redhat.com, kvm@vger.kernel.org,
	 linux-kernel@vger.kernel.org, yosry.ahmed@linux.dev
Subject: Re: [PATCH V2 3/4] KVM: VMX: Don't consult original exit qualification for nested EPT violation injection
Date: Tue, 24 Feb 2026 11:37:38 -0800	[thread overview]
Message-ID: <aZ3-AqK3liE1XNGB@google.com> (raw)
In-Reply-To: <CAO9r8zNrQGKM0N345+KG=W72FyV1pp2EqOLcTMUZkz6bCA3MgQ@mail.gmail.com>

On Tue, Feb 24, 2026, Yosry Ahmed wrote:
> > > @@ -496,7 +510,7 @@ static int FNAME(walk_addr_generic)(struct guest_walker *walker,
> > >        * [2:0] - Derive from the access bits. The exit_qualification might be
> > >        *         out of date if it is serving an EPT misconfiguration.
> > >        * [5:3] - Calculated by the page walk of the guest EPT page tables
> > > -      * [7:8] - Derived from [7:8] of real exit_qualification
> > > +      * [7:8] - Set at the kvm_translate_gpa() call sites above
> > >        *
> > >        * The other bits are set to 0.
> > >        */
> > > diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
> > > index 248635da67661..6a167b1d51595 100644
> > > --- a/arch/x86/kvm/vmx/nested.c
> > > +++ b/arch/x86/kvm/vmx/nested.c
> > > @@ -444,9 +444,6 @@ static void nested_ept_inject_page_fault(struct kvm_vcpu *vcpu,
> > >                       exit_qualification = 0;
> > >               } else {
> > >                       exit_qualification = fault->exit_qualification;
> > > -                     exit_qualification |= vmx_get_exit_qual(vcpu) &
> > > -                                           (EPT_VIOLATION_GVA_IS_VALID |
> > > -                                            EPT_VIOLATION_GVA_TRANSLATED);
> >
> > Hmm, this isn't quite correct.  If KVM injects an EPT Violation (or a #NPF) when
> > handling an EPT Violation (or #NPF) from L2, then KVM _should_ follow hardware.
> >
> > Aha!  I think the easiest way to deal with that is to flag nested page faults
> > that were the result of walking L1's TDP when handling an L2 TDP page fault, and
> > then let vendor code extract the fault information out of hardaware.
> 
> Is it not possible that KVM gets an EPT Violation (or a #NPF) on an L2
> memory access while the CPU is walking L2's page tables, then KVM
> walks L1's TDP and finds mappings for the L2 page tables but not the
> final translation? Or will KVM always just fixup the immediate EPT
> Violation (or #NPF) by inserting a shadow mapping of L2's page tables
> and retry the instruction immediately?

The latter, assuming by "shadow mapping of L2's page tables" out meant "installing
a shadow mapping of the faulting L2 GPA according to L1's TDP page tables".

I.e. when servicing an L2 TDP fault, KVM is only resolving the fault for the reported
L2 GPA, _not_ the originating L2 GVA (if there is one).

next prev parent reply	other threads:[~2026-02-24 19:37 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-02-24  7:18 [PATCH V2 0/4] KVM: X86: Correctly populate nested page fault Kevin Cheng
2026-02-24  7:18 ` [PATCH V2 1/4] KVM: x86: Widen x86_exception's error_code to 64 bits Kevin Cheng
2026-02-24  7:18 ` [PATCH V2 2/4] KVM: SVM: Fix nested NPF injection to set PFERR_GUEST_{PAGE,FINAL}_MASK Kevin Cheng
2026-02-24 16:42   ` Sean Christopherson
2026-02-24 16:53     ` Sean Christopherson
2026-03-05  3:50     ` Kevin Cheng
2026-03-05 19:46       ` Sean Christopherson
2026-03-13  4:50     ` Kevin Cheng
2026-03-13  5:36       ` Kevin Cheng
2026-02-24  7:18 ` [PATCH V2 3/4] KVM: VMX: Don't consult original exit qualification for nested EPT violation injection Kevin Cheng
2026-02-24 17:31   ` Sean Christopherson
2026-02-24 19:00     ` Yosry Ahmed
2026-02-24 19:37       ` Sean Christopherson [this message]
2026-02-24 19:42         ` Yosry Ahmed
2026-02-24 20:28           ` Sean Christopherson
2026-02-24  7:18 ` [PATCH V2 4/4] KVM: selftests: Add nested page fault injection test Kevin Cheng
2026-02-24 17:37   ` Sean Christopherson
2026-03-05  3:54     ` Kevin Cheng

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aZ3-AqK3liE1XNGB@google.com \
    --to=seanjc@google.com \
    --cc=chengkev@google.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pbonzini@redhat.com \
    --cc=yosry.ahmed@linux.dev \
    --cc=yosry@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox