On Wed, Feb 18, 2026 at 03:09:51PM -0800, Sean Christopherson wrote:
> When reacting to an intercept update, explicitly mark vmcb01's intercepts
> dirty, as KVM always initially operates on vmcb01, and nested_svm_vmexit()
> isn't guaranteed to mark VMCB_INTERCEPTS as dirty. I.e. if L2 is active,
> KVM will modify the intercepts for L1, but might not mark them as dirty
> before the next VMRUN of L1.
>
> Fixes: 116a0a23676e ("KVM: SVM: Add clean-bit for intercetps, tsc-offset and pause filter count")
> Cc: stable@vger.kernel.org
> Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Yosry Ahmed <yosry.ahmed@linux.dev>
> ---
> arch/x86/kvm/svm/nested.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
> index de90b104a0dd..66701106a51b 100644
> --- a/arch/x86/kvm/svm/nested.c
> +++ b/arch/x86/kvm/svm/nested.c
> @@ -128,11 +128,13 @@ void recalc_intercepts(struct vcpu_svm *svm)
> struct vmcb_ctrl_area_cached *g;
> unsigned int i;
>
> - vmcb_mark_dirty(svm->vmcb, VMCB_INTERCEPTS);
> + vmcb_mark_dirty(svm->vmcb01.ptr, VMCB_INTERCEPTS);
>
> if (!is_guest_mode(&svm->vcpu))
> return;
>
> + vmcb_mark_dirty(svm->vmcb, VMCB_INTERCEPTS);
> +
> c = &svm->vmcb->control;
> h = &svm->vmcb01.ptr->control;
> g = &svm->nested.ctl;
> --
> 2.53.0.345.g96ddfc5eaa-goog
>