From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com [209.85.210.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B030C3D5222 for ; Fri, 3 Apr 2026 17:39:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.202 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775237992; cv=none; b=ohcemWuZK5ykn2tviX9jEQh3gj8YOeamvt6KNfXwZsg2JR4U0uO4TwzJvQ/T6kGau5dOhLjY5mMSv28k5Ptv5oaihRlGXZFhBlUiab8Ty41z/9FUFkfUYq7VsAgkyQtslZoYQKBCzk2DXdiO+aUjSFDzBjnj88MThqohKs8Bzfs= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775237992; c=relaxed/simple; bh=Jy4rfj1/KxJ8LJwCt44iynD9eO2mSp4vklm/C58wTNs=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=mJAElfotFI7naJ1iAaIcm1ItV6cv1a9AxkKiqR7nJjd+DDxAtI+PjqZf6VrrBurLDYljJx444UgeazxASsRALDxMQZ3Lu55akKJoAwg/JKNVnlUYB22z1aSxLYM/lEwzPv99TbJLzyMoHjfhgM3tjP1hlVqZkguh76Qjgax8JlM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=prUa61PS; arc=none smtp.client-ip=209.85.210.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="prUa61PS" Received: by mail-pf1-f202.google.com with SMTP id d2e1a72fcca58-82a855dc82aso1238478b3a.2 for ; Fri, 03 Apr 2026 10:39:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1775237988; x=1775842788; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=YOEqOx7BmoFYS8gE1J9R8bgbNcRFQ8KaX5aD52jo+zc=; b=prUa61PSGd5RzzFNERG3WfTmZkF+2x+1h/mYIwWq7yKU9G9/hfraTUWby8sGfd4n/x i4Y7KX6wgFIKDe/E9HyYOY5rohRzCwKHQqsQKDVFa1hk2C3B4c6G1fNozxplamtr2zow 3rBdxcWmjgcVrBpBYgx0JA8yrzUOhA0lSPzDRLyLeluHeA+JFThRjNwbSwWIuf/NBa4D W4wJYBSWC/aCS6czHJ1+dZLJWD7d8MxjjWe+uiv2Mtnxi2y5dVKgRa1BVqdsqgbtqHiG zoapgQlyoxOKKb2AFevu754AkiS7vOlAXR6DNrENHbl2w6u2jolSunGH/zMHaczMIuEm eYOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775237988; x=1775842788; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=YOEqOx7BmoFYS8gE1J9R8bgbNcRFQ8KaX5aD52jo+zc=; b=hofrLT7WtoZe9hcLiPxNj20lhNnVtvTZBH5v/XW7hUY928kkByYLI3PFUv5Xa9PBqE 3VuacUm2UUYPQ3D0Y8aoZH3bNqb1wjEjoFwba2pLxEXqKtneDk8zeoOsjxL/6CgwK2+b AvrQm0nsOfCNoThIEv1LsU579pq36AHzMFokdcicCTF1FQBkHNt8RhmtDnBCZgwZfdUi uO8UF56HphT50TTPuuM7AlUDahP5mZq/UF/EhEO+/BL97EeHA+wPh52dhxdElbxTCsRy UEBh/CDwDiK5pU0B6hRpo/JJx6MZUZjJQjL/S5v/n+BaysxJCvi55sEEB9tdRJ32aQU2 Wv2Q== X-Forwarded-Encrypted: i=1; AJvYcCWdNANC7KpP3ScBY3lzOrfnodznYTDY5ZKQit0oM+XZ04tyeoKpR7GeTZMo9oN9aKzl5rEMTPZOAPxhp4w=@vger.kernel.org X-Gm-Message-State: AOJu0YyoRz8Ib6yaq+uikexzRTFORBEA/Np/jR2E/EkyyNRvwm4tbF9a jzj0aoyrlS0483seT5YlsdULk32titzgSS6qg+69uuLY0gnYTsC650pPSSeSHeKC2Ylrpk6PPcr S7AHb4g== X-Received: from pfqf9.prod.google.com ([2002:aa7:9d89:0:b0:82c:ed07:26b]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a00:2d10:b0:829:9f46:280d with SMTP id d2e1a72fcca58-82d0da345b2mr3710999b3a.1.1775237987747; Fri, 03 Apr 2026 10:39:47 -0700 (PDT) Date: Fri, 3 Apr 2026 10:39:46 -0700 In-Reply-To: <20260316202732.3164936-4-yosry@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260316202732.3164936-1-yosry@kernel.org> <20260316202732.3164936-4-yosry@kernel.org> Message-ID: Subject: Re: [PATCH v4 3/9] KVM: SVM: Properly check RAX on #GP intercept of SVM instructions From: Sean Christopherson To: Yosry Ahmed Cc: Paolo Bonzini , Jim Mattson , kvm@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="us-ascii" On Mon, Mar 16, 2026, Yosry Ahmed wrote: > Replace the PAGE_MASK check with page_address_valid(), which checks both > page-alignment as well as the legality of the GPA based on the vCPU's > MAXPHYADDR. Use kvm_register_read() to read RAX to avoid > page_address_valid() failing on 32-bit due to garbage in the higher > bits. Nit, not "on" 32-bit, correct? I think you actually mean "to avoid false positives when the vCPU is in 32-bit mode, in the unlikely case the vCPU transitioned from 64-bit back to 32-bit, without writing EAX". Because regs[] is an unsigned long, so the upper bits of save.rax will be cleared by svm_vcpu_run() on every VM-Entry, and it should be impossible for a purely 32-bit guest to get a non-zero value in RAX[63:32]. And even for a 64-bit host with a 32-bit guest, the only way to get a non-zero value in RAX[63:32] while in 32-bit mode would be to transition from 64-bit mode, back to 32-bit mode, without writing EAX. > Note that this is currently only a problem if KVM is running an L2 guest > and ends up synthesizing a #VMEXIT to L1, as the RAX check takes > precedence over the intercept. Otherwise, if KVM emulates the > instruction, kvm_vcpu_map() should fail on illegal GPAs and inject a #GP > anyway. However, following patches will change the failure behavior of > kvm_vcpu_map(), so make sure the #GP interception handler does this > appropriately. > > Opportunistically drop a teaser FIXME about the SVM instructions > handling on #GP belonging in the emulator. > > Fixes: 82a11e9c6fa2 ("KVM: SVM: Add emulation support for #GP triggered by SVM instructions") > Fixes: d1cba6c92237 ("KVM: x86: nSVM: test eax for 4K alignment for GP errata workaround") > Suggested-by: Sean Christopherson > Signed-off-by: Yosry Ahmed > --- > arch/x86/kvm/svm/svm.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c > index 392a5088f20bf..3122a98745ab7 100644 > --- a/arch/x86/kvm/svm/svm.c > +++ b/arch/x86/kvm/svm/svm.c > @@ -2277,10 +2277,12 @@ static int gp_interception(struct kvm_vcpu *vcpu) > if (x86_decode_emulated_instruction(vcpu, 0, NULL, 0) != EMULATION_OK) > goto reinject; > > + /* FIXME: Handle SVM instructions through the emulator */ > svm_exit_code = svm_instr_exit_code(vcpu); > if (svm_exit_code) { > - /* All SVM instructions expect page aligned RAX */ > - if (svm->vmcb->save.rax & ~PAGE_MASK) > + unsigned long rax = kvm_register_read(vcpu, VCPU_REGS_RAX); > + > + if (!page_address_valid(vcpu, rax)) Eh, let it poke out, i.e. if (!page_address_valid(vcpu, kvm_register_read(vcpu, VCPU_REGS_RAX))) goto reinject; > goto reinject; > > if (is_guest_mode(vcpu)) { > -- > 2.53.0.851.ga537e3e6e9-goog >