From nobody Sun Feb 8 18:32:07 2026 Received: from m239-4.eu.mailgun.net (m239-4.eu.mailgun.net [185.250.239.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9BFEF23314B for ; Sun, 4 Jan 2026 09:32:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.250.239.4 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767519155; cv=none; b=nW+83YPlHVJEBc/c/wY7LEnQ+gUQuBB/Z5YU/TZI7y6lYTKhZ390vXfoxcISjaL/JzFDGG8YE9EJOWqJwxpnW4QOa+UHGoSJaG8pvtvbbUpDW1mxxyR2UZUBvlY0KOxYKgCHyuL2B9Lz0wtzWEAxF5CZDsKtouE6T+Stor/wmCo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767519155; c=relaxed/simple; bh=MUgFvgqEB7XgxmikpsKlkfbvurFl8ED2oN0SDRcm7vI=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=mppCu20QldfhJMUYVyHaXgxd4POflfwqNkEZqzA8yLEEMmqIVI4eQ44vmYbCEleTu3XNoQOlCfH/gcJp3yt5uQBWpyUCEvgRMl0u2r4H8x7nTAfG37UQcwCTD1o7fEsD6DFNfaxWOaUZw2TZO8wz27eICO+TXL1UNXt/A9MBuT8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=0x65c.net; spf=pass smtp.mailfrom=0x65c.net; dkim=pass (2048-bit key) header.d=0x65c.net header.i=@0x65c.net header.b=KTHFT0AA; arc=none smtp.client-ip=185.250.239.4 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=0x65c.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=0x65c.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=0x65c.net header.i=@0x65c.net header.b="KTHFT0AA" DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=0x65c.net; q=dns/txt; s=email; t=1767519151; x=1767526351; h=Content-Transfer-Encoding: MIME-Version: Message-ID: Date: Subject: Subject: Cc: To: To: From: From: Sender: Sender; bh=XIeTYHnUQ/H/W/LI0nzsaTNmZqgXMJjMjR4cWFuMupE=; b=KTHFT0AADEsSN0V1C5VlOWkTpDpNJOI1mgFspEpA6pviZJBlOdv/8VHFKv8hVeOoaQUL348bTqvKxd19cuPGkggsiPcZejIMrqk4aU/Su+6o2pt/F0ddQuvUHJ3cQU/w/KsgQ1ZXqOSH7Mz8jjRRvGNpIzhGI2SFiebdQXdKDgRYmmxrsxXD1CFmKkUBb+IWPxaU4ZWDsKoy3iqh7EY/Z+tpEf50ULJpNZuzSp7KeOb5APh8c7V66gt/2r0EjYKHEXBUYol2GAWiS+B8L7+kpwoUvcWYHKaSNX0f7tMm0FWgSsl+qTuvuKGyaOqzKjXuaCuGN8OrYFjElqE+hFdJQw== X-Mailgun-Sid: WyI1OGU1MiIsImxpbnV4LWtlcm5lbEB2Z2VyLmtlcm5lbC5vcmciLCI1NGVmNCJd Received: from fedora (pub082136115007.dh-hfc.datazug.ch [82.136.115.7]) by 92fd60d16f98f66e64e22c6810b3b3dfcf197ead3d84d42024c93a95946dee14 with SMTP id 695a33aff97895dc57720485; Sun, 04 Jan 2026 09:32:31 GMT X-Mailgun-Sending-Ip: 185.250.239.4 Sender: alessandro@0x65c.net From: Alessandro Ratti To: pbonzini@redhat.com, seanjc@google.com Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, syzbot+1522459a74d26b0ac33a@syzkaller.appspotmail.com, Alessandro Ratti Subject: [PATCH] KVM: x86: Retry guest entry on -EBUSY from kvm_check_nested_events() Date: Sun, 4 Jan 2026 10:32:21 +0100 Message-ID: <20260104093221.494510-1-alessandro@0x65c.net> X-Mailer: git-send-email 2.52.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When a vCPU running in nested guest mode attempts to block (e.g., due to HLT), kvm_check_nested_events() may return -EBUSY to indicate that a nested event is pending but cannot be injected immediately, such as when event delivery is temporarily blocked in the guest. Currently, vcpu_block() logs a WARN_ON_ONCE() and then treats -EBUSY like any other error, returning 0 to exit to userspace. This can cause the vCPU to repeatedly block without making forward progress, delaying event injection and potentially leading to guest hangs under rare timing conditions. Remove the WARN_ON_ONCE() and handle -EBUSY explicitly by returning 1 to retry guest entry instead of exiting to userspace. This allows the nested event to be injected once the temporary blocking condition clears, ensuring forward progress. This issue was triggered by syzkaller while exercising nested virtualization. Fixes: 45405155d876 ("KVM: x86: WARN if a vCPU gets a valid wakeup that KVM= can't yet inject") Reported-by: syzbot+1522459a74d26b0ac33a@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=3D1522459a74d26b0ac33a Tested-by: syzbot+1522459a74d26b0ac33a@syzkaller.appspotmail.com Signed-off-by: Alessandro Ratti --- arch/x86/kvm/x86.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index ff8812f3a129..d5cf9a7ff8c5 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -11596,7 +11596,15 @@ static inline int vcpu_block(struct kvm_vcpu *vcpu) if (is_guest_mode(vcpu)) { int r =3D kvm_check_nested_events(vcpu); =20 - WARN_ON_ONCE(r =3D=3D -EBUSY); + /* + * -EBUSY indicates a nested event is pending but cannot be + * injected immediately (e.g., event delivery is temporarily + * blocked). Return to the vCPU run loop to retry guest entry + * instead of blocking, which would lose the pending event. + */ + if (r =3D=3D -EBUSY) + return 1; + if (r < 0) return 0; } --=20 2.52.0