Re: [PATCH v2] KVM: x86: Don't leave APF half-enabled on bad APF data GPA
From: Sean Christopherson
Date: Mon Apr 06 2026 - 12:23:29 EST
Thanks for posting this! My "week" estimate was wee bit off...
On Fri, Apr 03, 2026, Ethan Yang wrote:
> static inline u64 pdptr_rsvd_bits(struct kvm_vcpu *vcpu)
> @@ -3616,6 +3621,7 @@ static int set_msr_mce(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
> static int kvm_pv_enable_async_pf(struct kvm_vcpu *vcpu, u64 data)
> {
> gpa_t gpa = data & ~0x3f;
> + bool enable;
>
> /* Bits 4:5 are reserved, Should be zero */
> if (data & 0x30)
> @@ -3632,18 +3638,20 @@ static int kvm_pv_enable_async_pf(struct kvm_vcpu *vcpu, u64 data)
> if (!lapic_in_kernel(vcpu))
> return data ? 1 : 0;
>
> + enable = __kvm_pv_async_pf_enabled(data);
> +
> + if (enable &&
> + kvm_gfn_to_hva_cache_init(vcpu->kvm, &vcpu->arch.apf.data, gpa,
> + sizeof(u64)))
I would rather forgo a local variable and either hhave the below check stay as
kvm_pv_async_pf_enabled() or just redo the call to __kvm_pv_async_pf_enabled().
> + return 1;
Newline please.
> vcpu->arch.apf.msr_en_val = data;
>
> - if (!kvm_pv_async_pf_enabled(vcpu)) {
> + if (!enable) {
> kvm_clear_async_pf_completion_queue(vcpu);
> kvm_async_pf_hash_reset(vcpu);
> return 0;
> }
>
> - if (kvm_gfn_to_hva_cache_init(vcpu->kvm, &vcpu->arch.apf.data, gpa,
> - sizeof(u64)))
> - return 1;
> -
> vcpu->arch.apf.send_always = (data & KVM_ASYNC_PF_SEND_ALWAYS);
> vcpu->arch.apf.delivery_as_pf_vmexit = data & KVM_ASYNC_PF_DELIVERY_AS_PF_VMEXIT;
As I sketched out, in a follow-up patch, I would like to to update these fields
as well. I don't like tracking stale information, even if it _should_ be unused.
Actually, even better, just drop the fields. That way zeroing msr_en_val via
INIT won't lead to stale data either.
I'll post a v3, should be easier overall than posting diffs for the suggestions
and then making you write changelogs :-)