Re: [PATCH] KVM: x86: Replace BUG_ON() with WARN_ON_ONCE() on "bad" nested GPA translation

From: Sean Christopherson

Date: Mon Jun 22 2026 - 19:24:31 EST


On Fri, Jun 19, 2026, David Laight wrote:
> On Thu, 18 Jun 2026 11:57:45 -0700
> Sean Christopherson <seanjc@xxxxxxxxxx> wrote:
>
> > If KVM attempts to translate what it thinks is an L2 GPA with a non-nested
> > MMU, simply WARN and return the GPA, i.e. trust the MMU more than the
> > caller, as there is zero reason to potentially panic the host kernel just
> > because KVM misused an API.
>
> Except that PANIC_ON_WARN stands a reasonable chance of being set.

Not in cloud environments, or in any environment where the guest workload is
untrusted.

> So it makes little difference.

I disagree, vehemently. There's a massive difference between opting in to
minimizing risk of data corruption at the cost of availability, and forcing all
KVM users to sacrifice availability, especially for no tangible beneft. Paolo
and I are fully aligned on this:

https://lore.kernel.org/all/CABgObfZJV5hU_7WoPWLRH3-EvKts%2BUBZOwtCXmwVZYJP8dDo2A@xxxxxxxxxxxxxx