Re: [PATCH v2 1/6] KVM: SVM: Use maxphyaddr in emulator RAX check for VMRUN/VMLOAD/VMSAVE

Next message: Mattijs Korpershoek: "Re: [PATCH v6 00/13] Enable I2C on SA8255p Qualcomm platforms"
Previous message: Antheas Kapenekakis: "Re: [RFC v4 2/4] platform/x86/amd: dptc: Add AMD DPTCi driver"
In reply to: Sean Christopherson: "Re: [PATCH v2 1/6] KVM: SVM: Use maxphyaddr in emulator RAX check for VMRUN/VMLOAD/VMSAVE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Yosry Ahmed

Date: Thu Mar 12 2026 - 12:26:01 EST

> > > diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
> > > index e6691c044913..e1223c07593b 100644
> > > --- a/arch/x86/kvm/svm/svm.c
> > > +++ b/arch/x86/kvm/svm/svm.c
> > > @@ -2294,7 +2294,7 @@ static int gp_interception(struct kvm_vcpu *vcpu)
> > > EMULTYPE_VMWARE_GP | EMULTYPE_NO_DECODE);
> > > } else {
> > > /* All SVM instructions expect page aligned RAX */
> > > - if (svm->vmcb->save.rax & ~PAGE_MASK)
> > > + if (!page_address_valid(vcpu, svm->vmcb->save.rax))
> > > goto reinject;
> >
> > Final observation (hopefully), this check needs to be moved to the
> > VMRUN/VMLOAD/VMSAVE interception functions.
>
> Gah, yeah. I noticed that when initially typing up my response, but lost track
> of it when I got distracted by all the emulator crud.
>
> > As kvm_vcpu_map() failures will stop injecting #GP, we still need to handle
> > the case where allow_smaller_maxphyaddr is used and the GPA is illegal from
> > the vCPU's perspective but not the host.
>
> allow_smaller_maxphyaddr is irrelevant. My read of the APM is that the intercept
> has priority over the #GP due to a bad RAX. So with vls=0, KVM needs to check
> RAX irrespective of allow_smaller_maxphyaddr.

Oh yeah, good point.