Re: [PATCH v5 24/26] KVM: nSVM: Restrict mapping VMCB12 on nested VMRUN
From: Sean Christopherson
Date: Fri Feb 20 2026 - 20:27:08 EST
On Fri, Feb 06, 2026, Yosry Ahmed wrote:
> diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
> index b1f3e9df2cd5..0a7bb01f5404 100644
> --- a/arch/x86/kvm/svm/nested.c
> +++ b/arch/x86/kvm/svm/nested.c
> @@ -1102,26 +1102,56 @@ static void __nested_svm_vmexit(struct vcpu_svm *svm, struct vmcb *vmcb12)
> kvm_queue_exception(vcpu, DB_VECTOR);
> }
>
> -static void nested_svm_vmrun_error_vmexit(struct kvm_vcpu *vcpu, struct vmcb *vmcb12)
> +static void nested_svm_vmrun_error_vmexit(struct kvm_vcpu *vcpu, u64 vmcb12_gpa)
> {
> struct vcpu_svm *svm = to_svm(vcpu);
> + struct kvm_host_map map;
> + struct vmcb *vmcb12;
> + int r;
>
> WARN_ON_ONCE(svm->vmcb == svm->nested.vmcb02.ptr);
>
> leave_guest_mode(vcpu);
>
> + r = kvm_vcpu_map(vcpu, gpa_to_gfn(vmcb12_gpa), &map);
> + if (r) {
Drop the 'r' since KVM doesn't do anything with it, i.e.
if (kvm_vcpu_map(...)) {
kvm_make_request(KVM_REQ_TRIPLE_FAULT, vcpu);
return;
}
(I can do this when applying).
> + kvm_make_request(KVM_REQ_TRIPLE_FAULT, vcpu);
> + return;
> + }