[PATCH] KVM: x86/mmu: Bug the VM, not the host kernel, if KVM write-protects upper SPTEs

Next message: Joel Fernandes: "[PATCH v3 12/14] rcutorture: tighten boost-WARN to exclude any implicit-reader context"
Previous message: Joel Fernandes: "[PATCH v3 11/14] rcutorture: Test RCU readers from hardware interrupt handlers"
Next in thread: Huang, Kai: "Re: [PATCH] KVM: x86/mmu: Bug the VM, not the host kernel, if KVM write-protects upper SPTEs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Sean Christopherson

Date: Thu Jun 18 2026 - 14:56:46 EST

WARN and terminate the VM if KVM attempts to write-protect non-leaf SPTEs
instead of bugging the host kernel, as there is no reason to bring down the
entire host. Even termininating the VM is likely overkill, but in theory a
missed write could corrupt guest memory, so play it safe.

Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
---
arch/x86/kvm/mmu/tdp_mmu.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/arch/x86/kvm/mmu/tdp_mmu.c b/arch/x86/kvm/mmu/tdp_mmu.c
index 5b3041138301..c1cbae65d239 100644
--- a/arch/x86/kvm/mmu/tdp_mmu.c
+++ b/arch/x86/kvm/mmu/tdp_mmu.c
@@ -1410,9 +1410,10 @@ static bool wrprot_gfn_range(struct kvm *kvm, struct kvm_mmu_page *root,
u64 new_spte;
bool spte_set = false;

- rcu_read_lock();
+ if (KVM_BUG_ON(min_level > KVM_MAX_HUGEPAGE_LEVEL, kvm))
+ return false;

- BUG_ON(min_level > KVM_MAX_HUGEPAGE_LEVEL);
+ rcu_read_lock();

for_each_tdp_pte_min_level(iter, kvm, root, min_level, start, end) {
retry:
@@ -1844,7 +1845,8 @@ static bool write_protect_gfn(struct kvm *kvm, struct kvm_mmu_page *root,
u64 new_spte;
bool spte_set = false;

- BUG_ON(min_level > KVM_MAX_HUGEPAGE_LEVEL);
+ if (KVM_BUG_ON(min_level > KVM_MAX_HUGEPAGE_LEVEL, kvm))
+ return false;

rcu_read_lock();

base-commit: 9d4853b044beefa21c4ee3e18c40653601a64ced
--
2.55.0.rc0.738.g0c8ab3ebcc-goog