Re: [PATCH 01/11] KVM: SVM: Truncate INVLPGA address in compatibility mode

Next message: Yosry Ahmed: "Re: [PATCH 05/11] KVM: x86: Trace hypercall register *after* truncating values for 32-bit"
Previous message: Sean Christopherson: "Re: [PATCH v2 3/3] KVM: Take gpa_t in kvm_vcpu_map[_readonly]()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Yosry Ahmed

Date: Tue Apr 21 2026 - 19:29:09 EST

On Thu, Apr 09, 2026 at 04:56:12PM -0700, Sean Christopherson wrote:
> Check for full 64-bit mode, not just long mode, when truncating the
> virtual address as part of INVLPGA emulation. Compatibility mode doesn't
> support 64-bit addressing.
>
> Note, the FIXME still applies, e.g. if the guest deliberately targeted
> EAX while in 64-bit via an address size override. That flaw isn't worth
> fixing as it would require decoding the code stream, which would open a
> an entirely different can of worms, and in practice no sane guest would
> shove garbage into RAX[63:32] and execute INVLPGA.
>
> Note #2, VMSAVE, VMLOAD, and VMRUN all suffer from the same architectural
> flaw of not providing the full linear address in a VMCB exit information
> field, because, quoting the APM verbatim:
>
> the linear address is available directly from the guest rAX register
>
> (VMSAVE, VMLOAD, and VMRUN take a physical address, but they're behavior
> with respect to rAX is otherwise identical).
>
> Fixes: bc9eff67fc35 ("KVM: SVM: Use default rAX size for INVLPGA emulation")
> Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
> ---

Reviewed-by: Yosry Ahmed <yosry@xxxxxxxxxx>