Re: [PATCH] KVM: x86: Replace BUG_ON() with WARN_ON_ONCE() on "bad" nested GPA translation

From: David Laight

Date: Fri Jun 19 2026 - 11:08:55 EST


On Thu, 18 Jun 2026 11:57:45 -0700
Sean Christopherson <seanjc@xxxxxxxxxx> wrote:

> If KVM attempts to translate what it thinks is an L2 GPA with a non-nested
> MMU, simply WARN and return the GPA, i.e. trust the MMU more than the
> caller, as there is zero reason to potentially panic the host kernel just
> because KVM misused an API.

Except that PANIC_ON_WARN stands a reasonable chance of being set.
So it makes little difference.

David

>
> Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
> ---
> arch/x86/kvm/svm/nested.c | 3 ++-
> arch/x86/kvm/vmx/nested.c | 3 ++-
> 2 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
> index 9aedb88c832d..3e6c671a8dc2 100644
> --- a/arch/x86/kvm/svm/nested.c
> +++ b/arch/x86/kvm/svm/nested.c
> @@ -2152,7 +2152,8 @@ static gpa_t svm_translate_nested_gpa(struct kvm_vcpu *vcpu, gpa_t gpa,
> struct vcpu_svm *svm = to_svm(vcpu);
> struct kvm_mmu *mmu = vcpu->arch.mmu;
>
> - BUG_ON(!mmu_is_nested(vcpu));
> + if (WARN_ON_ONCE(!mmu_is_nested(vcpu)))
> + return gpa;
>
> /* Non-GMET walks are always user-walks */
> if (!(svm->nested.ctl.misc_ctl & SVM_MISC_ENABLE_GMET))
> diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
> index 3a293640d58c..6957bb6f5cf7 100644
> --- a/arch/x86/kvm/vmx/nested.c
> +++ b/arch/x86/kvm/vmx/nested.c
> @@ -7470,7 +7470,8 @@ static gpa_t vmx_translate_nested_gpa(struct kvm_vcpu *vcpu, gpa_t gpa,
> {
> struct kvm_mmu *mmu = vcpu->arch.mmu;
>
> - BUG_ON(!mmu_is_nested(vcpu));
> + if (WARN_ON_ONCE(!mmu_is_nested(vcpu)))
> + return gpa;
>
> /*
> * MBEC differentiates based on the effective U/S bit of
>
> base-commit: 9d4853b044beefa21c4ee3e18c40653601a64ced