[RFC PATCH 5/6] KVM: x86: nSVM: Add validity check for the VMCB12 g_pat

Next message: Jim Mattson: "[RFC PATCH 6/6] KVM: x86: nSVM: Use cached VMCB12 g_pat in VMCB02 when using NPT"
Previous message: Jim Mattson: "[RFC PATCH 4/6] KVM: x86: nSVM: Cache g_pat in vmcb_ctrl_area_cached"
In reply to: Jim Mattson: "[RFC PATCH 4/6] KVM: x86: nSVM: Cache g_pat in vmcb_ctrl_area_cached"
Next in thread: Jim Mattson: "[RFC PATCH 6/6] KVM: x86: nSVM: Use cached VMCB12 g_pat in VMCB02 when using NPT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jim Mattson

Date: Fri Nov 07 2025 - 15:12:05 EST

When nested paging is enabled for VMCB12, an invalid g_pat causes an
immediate #VMEXIT with exit code VMEXIT_INVALID, as specified in the
APM.

Fixes: 3d6368ef580a ("KVM: SVM: Add VMRUN handler")
Signed-off-by: Jim Mattson <jmattson@xxxxxxxxxx>
---
arch/x86/kvm/svm/nested.c | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index 6e48572e2bd7..43429399993c 100644
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -336,6 +336,10 @@ static bool __nested_vmcb_check_controls(struct kvm_vcpu *vcpu,
if (CC((control->nested_ctl & SVM_NESTED_CTL_NP_ENABLE) && !npt_enabled))
return false;

+ if (CC((control->nested_ctl & SVM_NESTED_CTL_NP_ENABLE) &&
+ npt_enabled && !kvm_pat_valid(control->g_pat)))
+ return false;
+
if (CC(!nested_svm_check_bitmap_pa(vcpu, control->msrpm_base_pa,
MSRPM_SIZE)))
return false;
--
2.51.2.1041.gc1ab5b90ca-goog