Re: [PATCH v2 01/15] KVM: SVM: Truncate INVLPGA address in compatibility mode
From: Binbin Wu
Date: Fri May 15 2026 - 02:36:15 EST
On 5/15/2026 5:53 AM, Sean Christopherson wrote:
> Check for full 64-bit mode, not just long mode, when truncating the
> virtual address as part of INVLPGA emulation. Compatibility mode doesn't
> support 64-bit addressing.
>
> Note, the FIXME still applies, e.g. if the guest deliberately targeted
> EAX while in 64-bit via an address size override. That flaw isn't worth
> fixing as it would require decoding the code stream, which would open a
^
an extra 'a'
> an entirely different can of worms, and in practice no sane guest would
> shove garbage into RAX[63:32] and execute INVLPGA.
>
> Note #2, VMSAVE, VMLOAD, and VMRUN all suffer from the same architectural
> flaw of not providing the full linear address in a VMCB exit information
> field, because, quoting the APM verbatim:
>
> the linear address is available directly from the guest rAX register
>
> (VMSAVE, VMLOAD, and VMRUN take a physical address, but they're behavior
^
their > with respect to rAX is otherwise identical).
>
> Fixes: bc9eff67fc35 ("KVM: SVM: Use default rAX size for INVLPGA emulation")
> Reviewed-by: Yosry Ahmed <yosry@xxxxxxxxxx>
> Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
Reviewed-by: Binbin Wu <binbin.wu@xxxxxxxxxxxxxxx>
> ---
> arch/x86/kvm/svm/svm.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
> index e74fcde6155e..4ad87f8df392 100644
> --- a/arch/x86/kvm/svm/svm.c
> +++ b/arch/x86/kvm/svm/svm.c
> @@ -2415,7 +2415,7 @@ static int invlpga_interception(struct kvm_vcpu *vcpu)
> return 1;
>
> /* FIXME: Handle an address size prefix. */
> - if (!is_long_mode(vcpu))
> + if (!is_64_bit_mode(vcpu))
> gva = (u32)gva;
>
> trace_kvm_invlpga(to_svm(vcpu)->vmcb->save.rip, asid, gva);