From: Sean Christopherson <seanjc@google.com>
To: Yosry Ahmed <yosry@kernel.org>
Cc: Kevin Cheng <chengkev@google.com>,
pbonzini@redhat.com, kvm@vger.kernel.org,
linux-kernel@vger.kernel.org, yosry.ahmed@linux.dev
Subject: Re: [PATCH V2 3/4] KVM: VMX: Don't consult original exit qualification for nested EPT violation injection
Date: Tue, 24 Feb 2026 12:28:01 -0800 [thread overview]
Message-ID: <aZ4J0flo0SwjAWgW@google.com> (raw)
In-Reply-To: <CAO9r8zPvUW0TxohX8Xw6Vi8NgNgWPHfxzsSp0kSVxU5hi7H8QA@mail.gmail.com>
On Tue, Feb 24, 2026, Yosry Ahmed wrote:
> On Tue, Feb 24, 2026 at 11:37 AM Sean Christopherson <seanjc@google.com> wrote:
> >
> > On Tue, Feb 24, 2026, Yosry Ahmed wrote:
> > > > > @@ -496,7 +510,7 @@ static int FNAME(walk_addr_generic)(struct guest_walker *walker,
> > > > > * [2:0] - Derive from the access bits. The exit_qualification might be
> > > > > * out of date if it is serving an EPT misconfiguration.
> > > > > * [5:3] - Calculated by the page walk of the guest EPT page tables
> > > > > - * [7:8] - Derived from [7:8] of real exit_qualification
> > > > > + * [7:8] - Set at the kvm_translate_gpa() call sites above
> > > > > *
> > > > > * The other bits are set to 0.
> > > > > */
> > > > > diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
> > > > > index 248635da67661..6a167b1d51595 100644
> > > > > --- a/arch/x86/kvm/vmx/nested.c
> > > > > +++ b/arch/x86/kvm/vmx/nested.c
> > > > > @@ -444,9 +444,6 @@ static void nested_ept_inject_page_fault(struct kvm_vcpu *vcpu,
> > > > > exit_qualification = 0;
> > > > > } else {
> > > > > exit_qualification = fault->exit_qualification;
> > > > > - exit_qualification |= vmx_get_exit_qual(vcpu) &
> > > > > - (EPT_VIOLATION_GVA_IS_VALID |
> > > > > - EPT_VIOLATION_GVA_TRANSLATED);
> > > >
> > > > Hmm, this isn't quite correct. If KVM injects an EPT Violation (or a #NPF) when
> > > > handling an EPT Violation (or #NPF) from L2, then KVM _should_ follow hardware.
> > > >
> > > > Aha! I think the easiest way to deal with that is to flag nested page faults
> > > > that were the result of walking L1's TDP when handling an L2 TDP page fault, and
> > > > then let vendor code extract the fault information out of hardaware.
> > >
> > > Is it not possible that KVM gets an EPT Violation (or a #NPF) on an L2
> > > memory access while the CPU is walking L2's page tables, then KVM
> > > walks L1's TDP and finds mappings for the L2 page tables but not the
> > > final translation? Or will KVM always just fixup the immediate EPT
> > > Violation (or #NPF) by inserting a shadow mapping of L2's page tables
> > > and retry the instruction immediately?
> >
> > The latter, assuming by "shadow mapping of L2's page tables" out meant "installing
> > a shadow mapping of the faulting L2 GPA according to L1's TDP page tables".
> >
> > I.e. when servicing an L2 TDP fault, KVM is only resolving the fault for the reported
> > L2 GPA, _not_ the originating L2 GVA (if there is one).
>
> I see. Does this need special handling when forwarding #NPFs to L1 as
> well? Or will fault->error_code have the HW fault bits in
> nested_svm_inject_npf_exit() in this case?
Yes, sorry for not making that it explicit. nested_svm_inject_npf_exit() would
also need to consult hardware_nested_page_fault.
next prev parent reply other threads:[~2026-02-24 20:28 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-24 7:18 [PATCH V2 0/4] KVM: X86: Correctly populate nested page fault Kevin Cheng
2026-02-24 7:18 ` [PATCH V2 1/4] KVM: x86: Widen x86_exception's error_code to 64 bits Kevin Cheng
2026-02-24 7:18 ` [PATCH V2 2/4] KVM: SVM: Fix nested NPF injection to set PFERR_GUEST_{PAGE,FINAL}_MASK Kevin Cheng
2026-02-24 16:42 ` Sean Christopherson
2026-02-24 16:53 ` Sean Christopherson
2026-03-05 3:50 ` Kevin Cheng
2026-03-05 19:46 ` Sean Christopherson
2026-03-13 4:50 ` Kevin Cheng
2026-03-13 5:36 ` Kevin Cheng
2026-02-24 7:18 ` [PATCH V2 3/4] KVM: VMX: Don't consult original exit qualification for nested EPT violation injection Kevin Cheng
2026-02-24 17:31 ` Sean Christopherson
2026-02-24 19:00 ` Yosry Ahmed
2026-02-24 19:37 ` Sean Christopherson
2026-02-24 19:42 ` Yosry Ahmed
2026-02-24 20:28 ` Sean Christopherson [this message]
2026-02-24 7:18 ` [PATCH V2 4/4] KVM: selftests: Add nested page fault injection test Kevin Cheng
2026-02-24 17:37 ` Sean Christopherson
2026-03-05 3:54 ` Kevin Cheng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aZ4J0flo0SwjAWgW@google.com \
--to=seanjc@google.com \
--cc=chengkev@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=yosry.ahmed@linux.dev \
--cc=yosry@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox