[PATCH 0/4] KVM: nSVM: nested VMSAVE/VMLOAD fixes

Next message: Yosry Ahmed: "[PATCH 4/4] RFC: KVM: SVM: WARN if VMSAVE/VMLOAD are not intercepted or virtualized"
Previous message: Yosry Ahmed: "[PATCH 3/4] KVM: selftests: Add a selftests for nested VMLOAD/VMSAVE"
Next in thread: Yosry Ahmed: "[PATCH 1/4] KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Yosry Ahmed

Date: Fri Jan 09 2026 - 19:48:52 EST

A couple of fixes for nested VMLOAD/VMSAVE and a selftest that verifies
correct behavior. The test fails without patch 1.

Patch 4 is a proposed added WARNING, I am not sure if such warnings are
generally acceptable and if that's the correct place for it (hence RFC),
but I think it's useful to WARN if VMSAVE/VMLOAD are neither intercepted
nor virtualized by the CPU, because it means that the guest is directly
accessing host memory with them, a massive security hole.

The warning doesn't fire with or without the fixes, but at some point I
thought there might be such a security bug, and having a warning will
give me some peace of mind.

Yosry Ahmed (4):
KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation
KVM: SVM: Stop toggling virtual VMSAVE/VMLOAD on intercept recalc
KVM: selftests: Add a selftests for nested VMLOAD/VMSAVE
RFC: KVM: SVM: WARN if VMSAVE/VMLOAD are not intercepted or
virtualized

arch/x86/kvm/svm/svm.c | 23 +-
tools/testing/selftests/kvm/Makefile.kvm | 1 +
.../selftests/kvm/include/x86/processor.h | 1 +
.../kvm/x86/nested_vmsave_vmload_test.c | 197 ++++++++++++++++++
4 files changed, 218 insertions(+), 4 deletions(-)
create mode 100644 tools/testing/selftests/kvm/x86/nested_vmsave_vmload_test.c

--
2.52.0.457.g6b5491de43-goog