Jim pointed out that VMRUN/VMLOAD/VMSAVE injecting a #GP when the vmcb12
GPA is valid but not mappable is not architectural [1]. The series
handles them as emulation failures and (mostly) exits to userspace
instead.

With vls=1, a VMSAVE/VMLOAD with an unmappable GPA will cause a #NPF and
be emulated. The emulator currently hardcodes the GPA check to 48 valid
bits and injects a #GP otherwise. Fix this to only inject a #GP if the
GPA actually exceeds maxphyaddr, and otherwise fail the emulation as
well.

Rework svm_nested_invalid_vmcb12_gpa to fix the fact that it's currently
testing #GP on VMLOAD instead of VMRUN, and extend it to test all of
VMRUN, VMLOAD, and VMSAVE in both cases of GPA > maxphyaddr and GPA <
maxphyaddr but unmappable. Finally rename it to make its name a bit more
generic and representative.

This is not strictly a v2, but it supersedes the series at [2].

[1]https://lore.kernel.org/kvm/CALMp9eSMtzDJn7tGtbj=zLYpcU7Tc7XjcWBRZH7Aa5YihSmN7g@mail.gmail.com/
[2]https://lore.kernel.org/kvm/20260305203005.1021335-1-yosry@kernel.org/

Yosry Ahmed (6):
  KVM: SVM: Use maxphyaddr in emulator RAX check for VMRUN/VMLOAD/VMSAVE
  KVM: nSVM: Simplify error handling of
    nested_svm_copy_vmcb12_to_cache()
  KVM: SVM: Treat mapping failures equally in VMLOAD/VMSAVE emulation
  KVM: nSVM: Fail emulation of VMRUN/VMLOAD/VMSAVE if mapping vmcb12
    fails
  KVM: selftests: Rework svm_nested_invalid_vmcb12_gpa
  KVM: selftests: Drop 'invalid' from svm_nested_invalid_vmcb12_gpa's
    name

 arch/x86/kvm/emulate.c                        |   3 +-
 arch/x86/kvm/svm/nested.c                     |  20 +-
 arch/x86/kvm/svm/svm.c                        |   8 +-
 tools/testing/selftests/kvm/Makefile.kvm      |   2 +-
 .../testing/selftests/kvm/include/kvm_util.h  |   1 +
 tools/testing/selftests/kvm/lib/kvm_util.c    |   6 +
 .../kvm/x86/svm_nested_invalid_vmcb12_gpa.c   |  98 ----------
 .../selftests/kvm/x86/svm_nested_vmcb12_gpa.c | 179 ++++++++++++++++++
 8 files changed, 200 insertions(+), 117 deletions(-)
 delete mode 100644 tools/testing/selftests/kvm/x86/svm_nested_invalid_vmcb12_gpa.c
 create mode 100644 tools/testing/selftests/kvm/x86/svm_nested_vmcb12_gpa.c


base-commit: 5128b972fb2801ad9aca54d990a75611ab5283a9
-- 
2.53.0.473.g4a7958ca14-goog

On Fri, 06 Mar 2026 21:08:54 +0000, Yosry Ahmed wrote:
> Jim pointed out that VMRUN/VMLOAD/VMSAVE injecting a #GP when the vmcb12
> GPA is valid but not mappable is not architectural [1]. The series
> handles them as emulation failures and (mostly) exits to userspace
> instead.
> 
> With vls=1, a VMSAVE/VMLOAD with an unmappable GPA will cause a #NPF and
> be emulated. The emulator currently hardcodes the GPA check to 48 valid
> bits and injects a #GP otherwise. Fix this to only inject a #GP if the
> GPA actually exceeds maxphyaddr, and otherwise fail the emulation as
> well.
> 
> [...]

As promised, applied a tweaked version of patch 2 to kvm-x86 nested, many weeks
ago.

[2/6] KVM: nSVM: Simplify error handling of nested_svm_copy_vmcb12_to_cache()
      https://github.com/kvm-x86/linux/commit/520a1347faf4

--
https://github.com/kvm-x86/linux/tree/next