KVM: SVM: A fix and cleanups for VMCB intercepts

[PATCH v2 0/8] KVM: SVM: A fix and cleanups for VMCB intercepts

Posted by Sean Christopherson 1 month, 1 week ago

Fix a likely-benign bug where KVM fails to mark vmcb01 intercepts as dirty
after recalculating intercepts while L2 is active, then do a bunch of related
cleanup, e.g. to split recalc_intercepts() into nested vs. non-nested
functionality.

v2:
 - Fix the aforementioned bug.
 - Split recalc_intercepts() instead of simply renaming it.
 - Move the new WARN in nested_vmcb02_recalc_intercepts() to its own patch.
 - Use less weird local variables even if they aren't consistent with the
   existing code...
 - ... and then change some names in the existing code to provide consistency.

v1: https://lkml.kernel.org/r/20260112182022.771276-1-yosry.ahmed%40linux.dev

Sean Christopherson (6):
  KVM: SVM: Explicitly mark vmcb01 dirty after modifying VMCB intercepts
  KVM: SVM: Separate recalc_intercepts() into nested vs. non-nested
    parts
  KVM: nSVM: Directly (re)calc vmcb02 intercepts from
    nested_vmcb02_prepare_control()
  KVM: nSVM: Use intuitive local variables in
    nested_vmcb02_recalc_intercepts()
  KVM: nSVM: Move vmcb_ctrl_area_cached.bus_lock_rip to svm_nested_state
  KVM: nSVM: Capture svm->nested.ctl as vmcb12_ctrl when preparing
    vmcb02

Yosry Ahmed (2):
  KVM: nSVM: WARN and abort vmcb02 intercepts recalc if vmcb02 isn't
    active
  KVM: nSVM: Use vmcb12_is_intercept() in
    nested_sync_control_from_vmcb02()

 arch/x86/kvm/svm/nested.c | 88 +++++++++++++++++++--------------------
 arch/x86/kvm/svm/sev.c    |  2 +-
 arch/x86/kvm/svm/svm.c    |  6 +--
 arch/x86/kvm/svm/svm.h    | 28 +++++++++----
 4 files changed, 67 insertions(+), 57 deletions(-)


base-commit: 183bb0ce8c77b0fd1fb25874112bc8751a461e49
-- 
2.53.0.345.g96ddfc5eaa-goog

Re: [PATCH v2 0/8] KVM: SVM: A fix and cleanups for VMCB intercepts

Posted by Sean Christopherson 4 weeks ago

On Wed, 18 Feb 2026 15:09:50 -0800, Sean Christopherson wrote:
> Fix a likely-benign bug where KVM fails to mark vmcb01 intercepts as dirty
> after recalculating intercepts while L2 is active, then do a bunch of related
> cleanup, e.g. to split recalc_intercepts() into nested vs. non-nested
> functionality.
> 
> v2:
>  - Fix the aforementioned bug.
>  - Split recalc_intercepts() instead of simply renaming it.
>  - Move the new WARN in nested_vmcb02_recalc_intercepts() to its own patch.
>  - Use less weird local variables even if they aren't consistent with the
>    existing code...
>  - ... and then change some names in the existing code to provide consistency.
> 
> [...]

Applied to kvm-x86 nested, thanks!

[1/8] KVM: SVM: Explicitly mark vmcb01 dirty after modifying VMCB intercepts
      https://github.com/kvm-x86/linux/commit/d5bde6113aed
[2/8] KVM: SVM: Separate recalc_intercepts() into nested vs. non-nested parts
      https://github.com/kvm-x86/linux/commit/0b97f929831a
[3/8] KVM: nSVM: WARN and abort vmcb02 intercepts recalc if vmcb02 isn't active
      https://github.com/kvm-x86/linux/commit/a367b6e10372
[4/8] KVM: nSVM: Directly (re)calc vmcb02 intercepts from nested_vmcb02_prepare_control()
      https://github.com/kvm-x86/linux/commit/4a80c4bc1f10
[5/8] KVM: nSVM: Use intuitive local variables in nested_vmcb02_recalc_intercepts()
      https://github.com/kvm-x86/linux/commit/586160b75091
[6/8] KVM: nSVM: Use vmcb12_is_intercept() in nested_sync_control_from_vmcb02()
      https://github.com/kvm-x86/linux/commit/ef09eebc5736
[7/8] KVM: nSVM: Move vmcb_ctrl_area_cached.bus_lock_rip to svm_nested_state
      https://github.com/kvm-x86/linux/commit/af75470944f4
[8/8] KVM: nSVM: Capture svm->nested.ctl as vmcb12_ctrl when preparing vmcb02
      https://github.com/kvm-x86/linux/commit/56bfbe68f78e

--
https://github.com/kvm-x86/linux/tree/next