[PATCH 0/5] KVM: x86: check validity of nested state when returning from SMM
From: Paolo Bonzini
Date: Tue Mar 10 2026 - 16:27:57 EST
The VMCS/VMCB state for a suspended L2 guest can become invalid while
the L1 guest is in SMM, for example via changes to the eVMCS or to the
in-memory image of the VMCB. On Intel systems this can also happen via
KVM_SET_NESTED_STATE with KVM_STATE_NESTED_SMM_GUEST_MODE and a
corrupted VMCS12 image (kvm-amd.ko stores the flag in memory rather
than out of band, so it's not affected).
Because of this, nested state has to be checked for validity when
RSM is executed and would re-enter L2. The existing checks already
exist as part of KVM_SET_NESTED_STATE (the other "not your usual
VMLAUNCH/VMRESUME/VMRUN" path that performs a nested vmentry),
so extract them to new functions and move them to the leave_smm
callback.
Paolo
Paolo Bonzini (5):
KVM: VMX: check validity of VMCS controls when returning from SMM
KVM: SVM: check validity of VMCB when returning from SMM
selftests: kvm: extract common functionality out of smm_test.c
selftests: kvm: add a test that VMX validates controls on RSM
KVM: x86: clarify leave_smm() return value
arch/x86/kvm/svm/nested.c | 12 +-
arch/x86/kvm/svm/svm.c | 8 +-
arch/x86/kvm/svm/svm.h | 1 +
arch/x86/kvm/vmx/nested.c | 39 +++--
arch/x86/kvm/vmx/nested.h | 1 +
arch/x86/kvm/vmx/vmx.c | 8 +-
tools/testing/selftests/kvm/Makefile.kvm | 1 +
tools/testing/selftests/kvm/include/x86/smm.h | 17 ++
.../testing/selftests/kvm/lib/x86/processor.c | 26 +++
.../kvm/x86/evmcs_smm_controls_test.c | 150 ++++++++++++++++++
tools/testing/selftests/kvm/x86/smm_test.c | 27 +---
11 files changed, 247 insertions(+), 43 deletions(-)
create mode 100644 tools/testing/selftests/kvm/include/x86/smm.h
create mode 100644 tools/testing/selftests/kvm/x86/evmcs_smm_controls_test.c
--
2.53.0