From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CC65F3242BD for ; Fri, 27 Feb 2026 16:34:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772210054; cv=none; b=iICxG4ZM2+4meEOkYVilpMaJvuY/seDkkuKQSivLK+8IpJENaAEIUJlZ/HFf5KuE+kfG1WkaKwx97/cwf9wBXhtmySZ63E271Sc5DbYVkoMWZ8PkyAzLOwySQhClQ2/ukfIlXOm+6zTQ2mH8XFA/E8Ak4uX41qncsvQJz7uP/Aw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772210054; c=relaxed/simple; bh=HWAMGtrVz239eZa/rts3BRWHsXqlB+YyTW7YCGChg6o=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=CuaJBnVtTtUFw2mqyuJg1hh7kZx2mmsoU9bvqEzgfBseUQZjQVc9UpFK9madxqTQzcVXzHmVh6KldmlQFFI++spXGWrWfILvGPYx6tNKPJyq2FP+W8Fd8gyJfabskrtkdOyQCCrymp35IkPOPaCyYiOtBstCroYMhLRuEskVlCY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=EtQs4IwN; arc=none smtp.client-ip=209.85.214.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="EtQs4IwN" Received: by mail-pl1-f201.google.com with SMTP id d9443c01a7336-2ab4de9580dso124893885ad.3 for ; Fri, 27 Feb 2026 08:34:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1772210053; x=1772814853; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=zApGe4We6+vRR7eV6TuzKhkG9THcIsxQGN31fWvJcu0=; b=EtQs4IwNge+T1HaZ6cDjGIdL+OgtBv84/Fli9yXF8/RAzBocQFGszqu3b/vb4RpRlJ g8vb3Qmcl94ZVKMOsrH4+w33KaE1EgMsA2iVV73zqRNS2DE86UyssmZCETQm8I2uWrcZ qggZg3Rz2dGgOMaR5vgivbXVlvtGs0unB2VIs0chzwqRP2p1PmRWnrYwPp8CA8ddaHnZ SCoM4GdxkMeYnjIP3eu57CzHnkMKv47h/ZJ1OrI+sWa2CBe1J9G1b4XP+Nui+qDZhatO VkuIfrjpwVh9lZx9ef/aAdEiPgxoAAa+jRASUHJ/C+iggRHcTG5t9rJqe37/mJnMLfBy Pmag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772210053; x=1772814853; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=zApGe4We6+vRR7eV6TuzKhkG9THcIsxQGN31fWvJcu0=; b=eOazDy29+wBG1ELujZjVHm6H/KsssqIfBJuzF/lr1HicExOJSJnCfjLrIFI5bFa5A7 5xOyONFKH+k6ekGeLwrnRDQXLMunHy4kdCcLsdkSv7utlA5dRVDp/1fZp6PATixTGgt+ xxC59enoPeyLM0+rGmAr4DcikGV7R9KCqfRoANX9L8R8Tlb6WhT2MsQYw+JV9R4DJqNA mwqkAyifcAoySugZcCQ+ND65M9FI3FPj5BUKIlF0zAXJsPIdraAleLXNbkJP2wQzsxzK D5Ju8sEjpLAk4PhGm3fAbBKsSI8uwUY0ppdAtTc99JbILoprjpH1Kdp7/g5oTzd/g+8v DnGw== X-Forwarded-Encrypted: i=1; AJvYcCUHDWalcmTegPR1CdOCliWmHT6fMvvmA6/pVefaCJEgHa0V81qnwjMYEa89gFWN7s8KX59doOLjV7LxRxA=@vger.kernel.org X-Gm-Message-State: AOJu0YxO6plt1CwxTdXrbP+VDBNET23Ogg9ymVZqTIqpAH9LJZQ9O5CW iLPbLdVsdJDsSHhcbdvxCnuQxhDW6Meo9MIAg810TO1e556UaNlJYJg4GqknlBXV6xn5VnsRf59 Z3jEKdQ== X-Received: from plpj4.prod.google.com ([2002:a17:903:3d84:b0:2aa:d670:bf3b]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:902:f541:b0:2ab:344e:1413 with SMTP id d9443c01a7336-2ae2e46c080mr31921575ad.34.1772210052794; Fri, 27 Feb 2026 08:34:12 -0800 (PST) Date: Fri, 27 Feb 2026 08:34:11 -0800 In-Reply-To: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260227011306.3111731-1-yosry@kernel.org> <20260227011306.3111731-4-yosry@kernel.org> Message-ID: Subject: Re: [PATCH 3/3] KVM: x86: Check for injected exceptions before queuing a debug exception From: Sean Christopherson To: Yosry Ahmed Cc: Paolo Bonzini , kvm@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="us-ascii" On Fri, Feb 27, 2026, Sean Christopherson wrote: > So instead of patch 1, I want to try either (a) blocking KVM_SET_VCPU_EVENTS, > KVM_X86_SET_MCE, and KVM_SET_GUEST_DEBUG if nested_run_pending=1, *and* follow-up > with the below WARN-spree, or (b) add a separate flag, e.g. nested_run_in_progress > or so, that is set with nested_run_pending, but cleared on an exit to userspace, > and then WARN on _that_, i.e. so that we can detect KVM bugs (the whole point of > the WARN) and hopefully stop playing this losing game of whack-a-mole with syzkaller. > > I think I'm leaning toward (b)? Except for KVM_SET_GUEST_DEBUG, where userspace > is trying to interpose on the guest, restricting ioctls doesn't really add any > value in practice. Yeah, in theory it could _maybe_ prevent userspace from shooting > itself in the foot, but practically speaking, if userspace is restoring state into > a vCPU with nested_run_pending=1, it's either playing on expert mode or is already > completely broken. > > My only hesitation with (b) is that KVM wouldn't be entirely consistent, since > vmx_unhandleable_emulation_required() _does_ explicitly reject a "userspace did > something stupid with nested_run_pending=1" case. So from that perspective, part > of me wants to get greedy and try for (a). On second (fifth?) thought, I don't think (a) is a good idea. In addition to potentially breaking userspace, it also risks preventing genuinely useful sequences. E.g. even if no VMM does so today, it's entirely plausible that a VMM could want to asynchronously inject an #MC to mimic a broadcast, and that the injection could collide with a pending nested VM-Enter. I'll send a separate (maybe RFC?) series for (b) using patch 1 as a starting point. I want to fiddle around with some ideas, and it'll be faster to sketch things out in code versus trying to describe things in text.