Re: [PATCH 0/2] KVM: nSVM: Minor post-war fixups

From: Yosry Ahmed

Date: Fri Mar 06 2026 - 11:06:22 EST

On Thu, Mar 5, 2026 at 12:30 PM Yosry Ahmed <yosry@xxxxxxxxxx> wrote:
>
> A couple of fixups in the aftermath of all nSVM patches, the first one
> is just a cleanup suggested offlist by Sean, and the second is a fix for
> the test to make sure it's checking #GP on VMRUN not VMLOAD.
>
> In all honestly, I am not sure *why* the test was passing and a #GP was
> generated on VMLOAD with a very large but valid GPA. vls=1, so KVM
> should not be intercepting VMLOAD (in which case it would inject the
> #GP). A #NPF is generated on the VMLOAD, and through tracing I found out
> that kvm_mmu_page_fault() returns 1 (RETRY) to npf_interception(). There
> shouldn't be a corresponding memslot, so I am not sure if KVM stuffed an
> invalid mapping in the NPTs, or if KVM did nothing and the CPU #GP due
> to an infinite #NPF loop (although npf_interception() was only called
> once). Anyway, figuring that out is irrelevant to the fixup, which makes
> sure we're actually getting #GP on VMRUN.

The answer is here:
https://lore.kernel.org/kvm/CAO9r8zPZ7ezHSHfksZPu4Bj8O7WTmDfO-Wu8fUAEebDFV4EoRw@xxxxxxxxxxxxxx/T/#u.

TL;DR the emulator is injecting the #GP, I didn't catch it initially
because I was tracing kvm_queue_exception_e() and I think it's being
inlined into inject_emulated_exception().

Anyway, ignore this version. I will send a new version with fixes for
#GP on non-existent vmcb12 GPA on top of patch 1, and then the test
patch will be replaced with a minor fix (to actually test VMRUN),
followed by a change to test the new behavior (emulation failure)
instead of #GP. I will probably also rename it from "invalid" vmcb12
to "unmappable" since all these discussions made the distinction more
clear architecturally. The test uses a valid GPA, just not one that
KVM can map because userspace did not create a memslot for it.

>
> Yosry Ahmed (2):
> KVM: nSVM: Simplify error handling of
> nested_svm_copy_vmcb12_to_cache()
> KVM: selftests: Actually check #GP on VMRUN with invalid vmcb12
>
> arch/x86/kvm/svm/nested.c | 23 +++++++-------
> .../kvm/x86/svm_nested_invalid_vmcb12_gpa.c | 31 +++++++++----------
> 2 files changed, 26 insertions(+), 28 deletions(-)
>
>
> base-commit: 5128b972fb2801ad9aca54d990a75611ab5283a9
> --
> 2.53.0.473.g4a7958ca14-goog
>