[PATCH v3 0/7] KVM: SVM: Fixes for VMCB12 checks and mapping

[Yosry Ahmed]

Jim pointed out that VMRUN/VMLOAD/VMSAVE injecting a #GP when the vmcb12
GPA is valid but not mappable is not architectural [1]. The series
handles them as emulation failures and (mostly) exits to userspace
instead. It also fixes the checks performed on the vmcb12 GPA (i.e. RAX)
in a few places.

v2 -> v3:
- Drop the patch simplifying error handling of
  nested_svm_copy_vmcb12_to_cache() as it was picked up into
  kvm-x86/next.
- Drop the legal GPA check on RAX in the emulator instead of fixing it
  [Sean].
- Fix legal GPA check on RAX in the #GP interception path [Sean].
- Move legal GPA check to VMRUN/VMLOAD/VMSAVE interception handlers
  [Yosry].
- Update the selftest to use the first GPA after memslots, rather than
  the maximum legal GPA, as the unmappable GPA. This is needed because
  the maximum legal GPA sometimes still produces a #GP if it's in a
  reserved area [Yosry].

v2: https://lore.kernel.org/kvm/20260306210900.1933788-1-yosry@xxxxxxxxxx/


Yosry Ahmed (7):
  KVM: SVM: Drop RAX check for SVM instructions from the emulator
  KVM: SVM: Check that RAX has legal GPA on #GP interception of SVM
    insns
  KVM: SVM: Move RAX legality check to SVM insn interception handlers
  KVM: SVM: Treat mapping failures equally in VMLOAD/VMSAVE emulation
  KVM: nSVM: Fail emulation of VMRUN/VMLOAD/VMSAVE if mapping vmcb12
    fails
  KVM: selftests: Rework svm_nested_invalid_vmcb12_gpa
  KVM: selftests: Drop 'invalid' from svm_nested_invalid_vmcb12_gpa's
    name

 arch/x86/kvm/emulate.c                        |  17 +-
 arch/x86/kvm/svm/nested.c                     |  11 +-
 arch/x86/kvm/svm/svm.c                        |  37 ++--
 tools/testing/selftests/kvm/Makefile.kvm      |   2 +-
 .../kvm/x86/svm_nested_invalid_vmcb12_gpa.c   |  98 ----------
 .../selftests/kvm/x86/svm_nested_vmcb12_gpa.c | 176 ++++++++++++++++++
 6 files changed, 203 insertions(+), 138 deletions(-)
 delete mode 100644 tools/testing/selftests/kvm/x86/svm_nested_invalid_vmcb12_gpa.c
 create mode 100644 tools/testing/selftests/kvm/x86/svm_nested_vmcb12_gpa.c


base-commit: bfd7f4adc1230373c25e1b787a6f1ee407eb0656
-- 
2.53.0.851.ga537e3e6e9-goog