Re: [PATCH v4 0/9] KVM: SVM: Fixes for VMCB12 checks and mapping
From: Sean Christopherson
Date: Tue Apr 07 2026 - 20:16:15 EST
On Mon, 16 Mar 2026 20:27:23 +0000, Yosry Ahmed wrote:
> Jim pointed out that VMRUN/VMLOAD/VMSAVE injecting a #GP when the vmcb12
> GPA is valid but not mappable is not architectural [1]. The series
> handles them as emulation failures and (mostly) exits to userspace
> instead. It also fixes the checks performed on the vmcb12 GPA (i.e. RAX)
> in a few places.
>
> Note that there's a few other bugs that this series leaves alone, mostly
> to keep it focused on fixing the non-architectrual #GPs, this includes:
> - KVM synthesizing #VMEXIT(VMLOAD/VMSAVE) to L1 when intercepting #GP
> from L2 on VMLOAD/VMSAVE, even if L1 does not intercept VMLOAD/VMSAVE
> (e.g. VLS enabled).
> - KVM not respecting priority of #GP vs. #UD when EFER.SVME is disabled
> by the guest.
>
> [...]
Applied to kvm-x86 nested, thanks!
[1/9] KVM: SVM: Properly check RAX in the emulator for SVM instructions
https://github.com/kvm-x86/linux/commit/c85aaff26d55
[2/9] KVM: SVM: Refactor SVM instruction handling on #GP intercept
https://github.com/kvm-x86/linux/commit/27f70eaa8661
[3/9] KVM: SVM: Properly check RAX on #GP intercept of SVM instructions
https://github.com/kvm-x86/linux/commit/435741a4e766
[4/9] KVM: SVM: Move RAX legality check to SVM insn interception handlers
https://github.com/kvm-x86/linux/commit/d2fbeb61e145
[5/9] KVM: SVM: Check EFER.SVME and CPL on #GP intercept of SVM instructions
https://github.com/kvm-x86/linux/commit/783cf7d01fb8
[6/9] KVM: SVM: Treat mapping failures equally in VMLOAD/VMSAVE emulation
https://github.com/kvm-x86/linux/commit/878b8efa2adb
[7/9] KVM: nSVM: Fail emulation of VMRUN/VMLOAD/VMSAVE if mapping vmcb12 fails
https://github.com/kvm-x86/linux/commit/2daf71bfd77d
[8/9] KVM: selftests: Rework svm_nested_invalid_vmcb12_gpa
https://github.com/kvm-x86/linux/commit/428543fbf06c
[9/9] KVM: selftests: Drop 'invalid' from svm_nested_invalid_vmcb12_gpa's name
https://github.com/kvm-x86/linux/commit/052ca584bd7c
--
https://github.com/kvm-x86/linux/tree/next