From nobody Wed Apr 8 03:08:58 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DD61E3EAC7C for ; Tue, 10 Mar 2026 20:24:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773174266; cv=none; b=ogAp7TKfhgp1FfM5eS+3dSS4kE3kFMV3RLqMxkPKwlXeXyCVr7TjS9YAJUo84i1zFEUKTVVw/gtedA+AF5P8qxtd2tx3I0AaNIY/N4RZcbvUpqml0EtUSOJSJpqMzNpdcxgeOUDFkDEAjc6ZJpgE0lGtuCYWgsTercWUNnQZDF8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773174266; c=relaxed/simple; bh=JJO5qewKWIqGbxpfcpQoE00DHR/fbyp+xQU2r4R6u5Q=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=D4cECKHYn+qsf3J/SNhamG5JJwgC9Yd2W8SMZZwN8ih7bcP+fsBU4yMaATdHlDRDK137Lh6EjXaNxNGbdbxEom6BkSF0g+AMGWTTJ54coGEnwB85ruWtEflugZ0JayPmft1TQ2PsoOZzPPUbOBNVMd7CmDDDZBIMkWvpIMy2obw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=R/mg7vTN; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=ENN7Aunw; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="R/mg7vTN"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="ENN7Aunw" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1773174263; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=BJ85Lkzx3nSPKz8vbaVq+hpymVq+1ScaQgtLPpniKs4=; b=R/mg7vTNunwmphze+aKEUqx9asam6I/erYAcRCWIPVSit/NfPCzd/ACZGFHH48KBHT3Iu2 beh6B0cu1qVtqKh5PZAZAGJe4lxYKRZm0YHDJ4o5f1PJyvb8Kbkj0VcTkJaTYCOwMtil8I VzGL8xYf83XO5SYwXhPmcTghFKsozMY= Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-443-W6ElGCsuPyqCFuxfi_ejeA-1; Tue, 10 Mar 2026 16:24:21 -0400 X-MC-Unique: W6ElGCsuPyqCFuxfi_ejeA-1 X-Mimecast-MFC-AGG-ID: W6ElGCsuPyqCFuxfi_ejeA_1773174260 Received: by mail-wr1-f71.google.com with SMTP id ffacd0b85a97d-439c54e0f6aso186540f8f.0 for ; Tue, 10 Mar 2026 13:24:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1773174259; x=1773779059; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=BJ85Lkzx3nSPKz8vbaVq+hpymVq+1ScaQgtLPpniKs4=; b=ENN7AunwnuoxQNdjN9tfHrr0HKXiET+Gl7YqtAzhncsOaua049ULloIia0dTfg2/pH Vnc6gSGuBaQJ6zb3nYNtPYauC9VO1vlivLVJ3XvDN/RKpWFIokA/TDaiw81jnmgElGGt APn4S6+w8+WGLIFyST3Q7Mlg7oqPYFcHfksrab5/mfn+nS24laPkl1e/FrNNvIqyIzeA q+iZxg5NoCbp49RZD8ywG1ToovQaASe8xQ/AOSRil/qjQdHzgcMiveHtlcQKU8Dg4JCG tP/n6DoMmLEzu5nbGwjh10FQhlP1wXkeXqzrDxTBmmPHcquChGlnGKU7Uk/sBkof8/TV QLkg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773174259; x=1773779059; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=BJ85Lkzx3nSPKz8vbaVq+hpymVq+1ScaQgtLPpniKs4=; b=dRmomdqndfiLuiW73OzQFJ/HcwIoVW9m0XIsKQQc8iypgQf5Anco06LMI1tm2fdwMx fN95MBiwRQL04NJSNPebV1+I4IgutUv6FTWR4/5EilBYVoAQcK4cIu7R7+2eFLvTf2TF +oi+qoyFxbcPkOlDodDhJD2R25hC3NuYaFPH0xVxjEHJH0xvI78/lYl8h8+dJY5lAEHw f+1AvWcgZVEppIptoLiF9ff6NHK1n1r/fuwYsGPcNlpcihdhgA60GaBdNYkDuQjQq1Tj cPFZxrCQAi10AXtxaShwt2RaPuFV+mW7815VTdZBhX0Rmn2iTXTv8BCEk7109xfxvAKh 9iKQ== X-Gm-Message-State: AOJu0YwuodNo9IONFp7sQ33pWIflv5kqz1J/Jaqutw0TpiVpJ1psfyya R79GyoM5TXEG+uzbVVlkWhx60H4DXW8tyMOM5t7HrwADbBDgZMgoMyE6Tuauab3zzd/YmmMkSj+ 8w9K/NdAW1Aakme6Do+ZLABeYACwA/d9e9u1T3igV0bl7aqDFnPRx7ERz74oXgfGgNp4WYyu5Nb 9AfG8jmDExJNCyQxpcgD+gK/DiaLa5cL7YRjYkGPW37W5LV1Zdag== X-Gm-Gg: ATEYQzy6Q5+0GL9uuTYiuYjoH+PHRT0IZSFErpMTYeV0JiOqlL7MtrLuo1VfdCmHkXF SlhjENQ9Di3z9C3omYak3hbveh7dzKu7RvZCcf+8pyenDia+G6Pfjj75UU1CYOJcWO8VONmmbJV xcnRoRzAm2E/eX8zjx0sMiqNlJao9dkoKWcUOgHSquoWVQdutRWovAX5OgLsunervebqkYyrUG6 dcyst3TJAalZHFHpgDbQnD5GK9MbIOxV10Ksf9DeTRy3Ly9kSL0CorjDBc5PUBKR7UYUN9oOn44 6kt2zRJa9Ox7B0iESNJZFsEVhw5g3CFk2Z33Goulsr36VTdKp/a6+bAOun5f17nmdZMlwYA5czu s9Uutb3JDcfqVqpBg4iMzvCcxys56IYV9dofIp6iJJh8kp2dKTb28qn6MjyptyETEqlGVrF9fwy nQjBmogwTHdzuhdM7Joa+54bwG8l8= X-Received: by 2002:a05:6000:2908:b0:439:b6b3:faa7 with SMTP id ffacd0b85a97d-439f8c10e3dmr43768f8f.28.1773174259430; Tue, 10 Mar 2026 13:24:19 -0700 (PDT) X-Received: by 2002:a05:6000:2908:b0:439:b6b3:faa7 with SMTP id ffacd0b85a97d-439f8c10e3dmr43703f8f.28.1773174258827; Tue, 10 Mar 2026 13:24:18 -0700 (PDT) Received: from [192.168.10.48] ([151.95.144.138]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-439f81a3638sm621443f8f.9.2026.03.10.13.24.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Mar 2026 13:24:16 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: seanjc@google.com, xinyang@anthropic.com, stable@vger.kernel.org Subject: [PATCH 1/5] KVM: VMX: check validity of VMCS controls when returning from SMM Date: Tue, 10 Mar 2026 21:24:10 +0100 Message-ID: <20260310202414.406078-2-pbonzini@redhat.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260310202414.406078-1-pbonzini@redhat.com> References: <20260310202414.406078-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The VMCS12 is not available while in SMM. However, it can be overwritten if userspace manages to trigger copy_enlightened_to_vmcs12() - for example via KVM_GET_NESTED_STATE. Because of this, the VMCS12 has to be checked for validity before it is used to generate the VMCS02. Move the check code out of vmx_set_nested_sta= te() (the other "not a VMLAUNCH/VMRESUME" path that emulates a nested vmentry) and reuse it in vmx_leave_smm(). Cc: stable@vger.kernel.org Reported-by: Xinyang Ge Signed-off-by: Paolo Bonzini --- arch/x86/kvm/vmx/nested.c | 39 +++++++++++++++++++++++++++------------ arch/x86/kvm/vmx/nested.h | 1 + arch/x86/kvm/vmx/vmx.c | 4 ++++ 3 files changed, 32 insertions(+), 12 deletions(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index cb925cc53389..d4bc47079809 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -6849,13 +6849,34 @@ void vmx_leave_nested(struct kvm_vcpu *vcpu) free_nested(vcpu); } =20 +int nested_vmx_check_restored_vmcs12(struct kvm_vcpu *vcpu) +{ + enum vm_entry_failure_code ignored; + struct vmcs12 *vmcs12 =3D get_vmcs12(vcpu); + + if (nested_cpu_has_shadow_vmcs(vmcs12) && + vmcs12->vmcs_link_pointer !=3D INVALID_GPA) { + struct vmcs12 *shadow_vmcs12 =3D get_shadow_vmcs12(vcpu); + + if (shadow_vmcs12->hdr.revision_id !=3D VMCS12_REVISION || + !shadow_vmcs12->hdr.shadow_vmcs) + return -EINVAL; + } + + if (nested_vmx_check_controls(vcpu, vmcs12) || + nested_vmx_check_host_state(vcpu, vmcs12) || + nested_vmx_check_guest_state(vcpu, vmcs12, &ignored)) + return -EINVAL; + + return 0; +} + static int vmx_set_nested_state(struct kvm_vcpu *vcpu, struct kvm_nested_state __user *user_kvm_nested_state, struct kvm_nested_state *kvm_state) { struct vcpu_vmx *vmx =3D to_vmx(vcpu); struct vmcs12 *vmcs12; - enum vm_entry_failure_code ignored; struct kvm_vmx_nested_state_data __user *user_vmx_nested_state =3D &user_kvm_nested_state->data.vmx[0]; int ret; @@ -6986,25 +7007,20 @@ static int vmx_set_nested_state(struct kvm_vcpu *vc= pu, vmx->nested.mtf_pending =3D !!(kvm_state->flags & KVM_STATE_NESTED_MTF_PENDING); =20 - ret =3D -EINVAL; if (nested_cpu_has_shadow_vmcs(vmcs12) && vmcs12->vmcs_link_pointer !=3D INVALID_GPA) { struct vmcs12 *shadow_vmcs12 =3D get_shadow_vmcs12(vcpu); =20 + ret =3D -EINVAL; if (kvm_state->size < sizeof(*kvm_state) + sizeof(user_vmx_nested_state->vmcs12) + sizeof(*shadow_vmcs12)) goto error_guest_mode; =20 + ret =3D -EFAULT; if (copy_from_user(shadow_vmcs12, user_vmx_nested_state->shadow_vmcs12, - sizeof(*shadow_vmcs12))) { - ret =3D -EFAULT; - goto error_guest_mode; - } - - if (shadow_vmcs12->hdr.revision_id !=3D VMCS12_REVISION || - !shadow_vmcs12->hdr.shadow_vmcs) + sizeof(*shadow_vmcs12))) goto error_guest_mode; } =20 @@ -7015,9 +7031,8 @@ static int vmx_set_nested_state(struct kvm_vcpu *vcpu, kvm_state->hdr.vmx.preemption_timer_deadline; } =20 - if (nested_vmx_check_controls(vcpu, vmcs12) || - nested_vmx_check_host_state(vcpu, vmcs12) || - nested_vmx_check_guest_state(vcpu, vmcs12, &ignored)) + ret =3D nested_vmx_check_restored_vmcs12(vcpu); + if (ret < 0) goto error_guest_mode; =20 vmx->nested.dirty_vmcs12 =3D true; diff --git a/arch/x86/kvm/vmx/nested.h b/arch/x86/kvm/vmx/nested.h index b844c5d59025..213a448104af 100644 --- a/arch/x86/kvm/vmx/nested.h +++ b/arch/x86/kvm/vmx/nested.h @@ -22,6 +22,7 @@ void nested_vmx_setup_ctls_msrs(struct vmcs_config *vmcs_= conf, u32 ept_caps); void nested_vmx_hardware_unsetup(void); __init int nested_vmx_hardware_setup(int (*exit_handlers[])(struct kvm_vcp= u *)); void nested_vmx_set_vmcs_shadowing_bitmap(void); +int nested_vmx_check_restored_vmcs12(struct kvm_vcpu *vcpu); void nested_vmx_free_vcpu(struct kvm_vcpu *vcpu); enum nvmx_vmentry_status nested_vmx_enter_non_root_mode(struct kvm_vcpu *v= cpu, bool from_vmentry); diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 48f0e426a8a2..e9fa59e92548 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -8540,6 +8540,10 @@ int vmx_leave_smm(struct kvm_vcpu *vcpu, const union= kvm_smram *smram) } =20 if (vmx->nested.smm.guest_mode) { + /* Triple fault if the state is invalid. */ + if (nested_vmx_check_restored_vmcs12(vcpu) < 0) + return 1; + ret =3D nested_vmx_enter_non_root_mode(vcpu, false); if (ret) return ret; --=20 2.53.0 From nobody Wed Apr 8 03:08:59 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B437F3EAC68 for ; Tue, 10 Mar 2026 20:24:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773174267; cv=none; b=JA/4tnhvaSH4mpAm6h57Hg6ounkwRiVX+YcnV1VdT4s/1qA4C9xyMVfSZFUZax/HUnGmXQHA0LHqDvonp9mWPAvWIIiT27kZbApQp2cOcT0IMscFoHgQDLsXzgRiLGeskY3qQHhOU5ago9auLb/uhQF67+X6FtqPp1jkIs0B9Mw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773174267; c=relaxed/simple; bh=XzfjV0NwKwYFZsCPkm9GQbhIVKJ1rr5+J23oLRZx2CI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=WtOEKLjdjW6BjD2Jj46TXr9yyhq3u44esBJPLBACTgJjRId2VHDAvHhGZ4sA8wiNh+ibYavi5/bJ9I8V2461j3alnPyduNwJXOXj7vG+e8R9kYDc/9yaxjl2KX/eb1vll96YSjVP2VEfXAzNrgfUokfSQtQDqOgUi7U5y66Q8f0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=cn1AjjU2; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=LdzuRbb8; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="cn1AjjU2"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="LdzuRbb8" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1773174264; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8TGyObaOA+0rXaSG+XOwiWbo5MYOrwO/NaEY5gkjsyg=; b=cn1AjjU2nLIH6KVFkAjtpPpY5wBwHVs1RDF8z4mJyFnmstxT+5S3+e6kMAPLdWli88ojxc 8kJGIWR4wH/rmf62Gp0xAySZHkUXQnfqYLkgzQKDTv5aNMYPUe6y5nhHAnkBn3B6YA6UXT h47AIG02hXHnlgBRjVQWkB72FjUdWXk= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-12-nIvclmCJMh6-QZIdPxHArw-1; Tue, 10 Mar 2026 16:24:23 -0400 X-MC-Unique: nIvclmCJMh6-QZIdPxHArw-1 X-Mimecast-MFC-AGG-ID: nIvclmCJMh6-QZIdPxHArw_1773174263 Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-4853ae7d672so16390135e9.1 for ; Tue, 10 Mar 2026 13:24:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1773174262; x=1773779062; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=8TGyObaOA+0rXaSG+XOwiWbo5MYOrwO/NaEY5gkjsyg=; b=LdzuRbb8MobO9rreTqNhgtujUtTvdKApvNz5U6dOahThNtXueTsMHKOKI+9dYa5Bwy LBWW5msVfzBvQs/31I1OGkV7Hhbt4eBigX38SGzau5/kzQ5iQfdSLFfGgyO/ByFKBXYq ugi8SuTRq6q0jeA7O+DdgTaMeYRuJ5UyLa6up+SR6yI6ZkoUpRzob0DlP95ANFPR28tu LneNS+S+ArcIz3fdD847WPEg9+uxXj+IW83q+eeUJuYoQsDhKEutgtqi+w/JnehX5ofq lFAg0kXNl9/vbgspixVvfQv5GK/pnozkdllyJyKXLMkrmCU3/eJZkhKClTop/hk3AJFm exUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773174262; x=1773779062; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=8TGyObaOA+0rXaSG+XOwiWbo5MYOrwO/NaEY5gkjsyg=; b=k9uYEK8U5YVFc4bUk2ZlEqyp8JXED8G/frTPEWlhXoeycKXBxWnddTK3R3dysCAL10 Wb/VMyOpNUVxt2iwkkRlboZkMdYgTG4jB68PV/2SX/YEDWtD1adH8MNuAG/W7ulpmWZB NrRm32H4+kGL8HekaxsOKcKSjuYNFr78DKXWUi7GGql6qmkP2ecT90l+aDkzJBniTECG 15WG/bYZLLOuTgkCIUlVgoIIMFRehASkeETC4/2Z2rbc8QStm+yCYRvWhc9TnknTEd2c p5cqkZPdmfBuETY5pouYudJUFAwBIbJH7EbtmpEGI4rNqzHK3ytwHzloZHUYWTqjCHhc CuTA== X-Gm-Message-State: AOJu0Yxk8IljPNPCW3pzDk+BABAU/c2wkKYbeEa4raFBrVTS1JVK8SGJ Fjof555gUO7U2Qnz/5Fjn+0Kv7T6PKZrkrGcwmtL36n2ryvBNvQX5NjW1IDoy9wnuOp29BijJur Bme6bGmbp/JES7Yy1WR6nIcN776yeei7mlF06svkKXcXM6MSgaTAHXdR/6D4u0M+Rl+LzAaMM+Q 8hSx/lt7qENLtDDmCWYinFk8KxPZrEjSOGr8ZoJllTf/zLl7u36g== X-Gm-Gg: ATEYQzwE3gdwVpMw5AW6m/O5ZV+GC5xJflolM4zpir7REDcO1KJN3nKfqSbnuKrgcFz POoaBLJ7ZZUiVcFrki80ZdpglV9u+BrTNYJsbASe9SqliPwOCxaS1plxsFX2MeENj1K3/nQ0+Mz iE9ah8kL6ieBxf617xlaBxYa+Dohzebq9lLRVRK/C+kkYPCb6ye4VIE5ysXbU5FgCLGMAELGlXT C4Cx2uW9OuZB+nLq752PxJtyYBcitiWcWK4kBm7I+nMhcxXIHpsTF4kn4xPaETzA7L6tyCDwdCS 3cd5UwEl5wK4wCJWY8evmtmXttEQV8CAbQO2IeOe/yYOEQrHKbTZpkIFsscackJrHyChzNn5A6R a3tVgCMmuhjoePa9dq8e8oe9Jqf+HeAuewBwb7oc9nTvdszIPX7zGQgz+FyXyDIL7jg5aUe/J5Z V+qYHy2pKjKQgVSYdmKLFPr5yfJIE= X-Received: by 2002:a05:600c:1d16:b0:483:1403:c47f with SMTP id 5b1f17b1804b1-4854b0a6fcamr2153875e9.6.1773174261681; Tue, 10 Mar 2026 13:24:21 -0700 (PDT) X-Received: by 2002:a05:600c:1d16:b0:483:1403:c47f with SMTP id 5b1f17b1804b1-4854b0a6fcamr2153445e9.6.1773174261198; Tue, 10 Mar 2026 13:24:21 -0700 (PDT) Received: from [192.168.10.48] ([151.95.144.138]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4854b0cc00asm1231095e9.7.2026.03.10.13.24.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Mar 2026 13:24:19 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: seanjc@google.com, xinyang@anthropic.com, stable@vger.kernel.org Subject: [PATCH 2/5] KVM: SVM: check validity of VMCB when returning from SMM Date: Tue, 10 Mar 2026 21:24:11 +0100 Message-ID: <20260310202414.406078-3-pbonzini@redhat.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260310202414.406078-1-pbonzini@redhat.com> References: <20260310202414.406078-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The VMCB12 is stored in guest memory and can be mangled while in SMM; it is then reloaded by svm_leave_smm(), but it is not checked again for validity. Move the check code out of vmx_set_nested_state() (the other "not a VMLAUNCH/VMRESUME" path that emulates a nested vmentry) and reuse it in svm_leave_smm(). Cc: stable@vger.kernel.org Signed-off-by: Paolo Bonzini --- arch/x86/kvm/svm/nested.c | 12 ++++++++++-- arch/x86/kvm/svm/svm.c | 4 ++++ arch/x86/kvm/svm/svm.h | 1 + 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 7b61124051a7..de9906adb73b 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -419,6 +419,15 @@ static bool nested_vmcb_check_controls(struct kvm_vcpu= *vcpu) return __nested_vmcb_check_controls(vcpu, ctl); } =20 +int nested_svm_check_cached_vmcb12(struct kvm_vcpu *vcpu) +{ + if (!nested_vmcb_check_save(vcpu) || + !nested_vmcb_check_controls(vcpu)) + return -EINVAL; + + return 0; +} + /* * If a feature is not advertised to L1, clear the corresponding vmcb12 * intercept. @@ -1034,8 +1043,7 @@ int nested_svm_vmrun(struct kvm_vcpu *vcpu) nested_copy_vmcb_control_to_cache(svm, &vmcb12->control); nested_copy_vmcb_save_to_cache(svm, &vmcb12->save); =20 - if (!nested_vmcb_check_save(vcpu) || - !nested_vmcb_check_controls(vcpu)) { + if (nested_svm_check_cached_vmcb12(vcpu) < 0) { vmcb12->control.exit_code =3D SVM_EXIT_ERR; vmcb12->control.exit_info_1 =3D 0; vmcb12->control.exit_info_2 =3D 0; diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 477fda63653b..95495048902c 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4890,6 +4890,10 @@ static int svm_leave_smm(struct kvm_vcpu *vcpu, cons= t union kvm_smram *smram) vmcb12 =3D map.hva; nested_copy_vmcb_control_to_cache(svm, &vmcb12->control); nested_copy_vmcb_save_to_cache(svm, &vmcb12->save); + + if (nested_svm_check_cached_vmcb12(vcpu) < 0) + goto unmap_save; + ret =3D enter_svm_guest_mode(vcpu, smram64->svm_guest_vmcb_gpa, vmcb12, f= alse); =20 if (ret) diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index ebd7b36b1ceb..6942e6b0eda6 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -797,6 +797,7 @@ static inline int nested_svm_simple_vmexit(struct vcpu_= svm *svm, u32 exit_code) =20 int nested_svm_exit_handled(struct vcpu_svm *svm); int nested_svm_check_permissions(struct kvm_vcpu *vcpu); +int nested_svm_check_cached_vmcb12(struct kvm_vcpu *vcpu); int nested_svm_check_exception(struct vcpu_svm *svm, unsigned nr, bool has_error_code, u32 error_code); int nested_svm_exit_special(struct vcpu_svm *svm); --=20 2.53.0 From nobody Wed Apr 8 03:08:59 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7FEF13E9F7F for ; Tue, 10 Mar 2026 20:24:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773174269; cv=none; b=lIDA/SZShbkgQP9D4fPb1n7Vq1RwnvLh9j5kA8i7uPTSmUjYesZZCaD+1lTpO0ZQx4ifOOLnacunvC/hrZlB2oJvpuD3vjHKetd/NfeD8mkUXtHfipeIfElULMTujCkN5U43/DMciRcUz7bh6vjOyXm6cMy1P/SChIAEVvKAx0k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773174269; c=relaxed/simple; bh=UVUiXt98QDeNvnqUrAq5eGxYRODlEkBstmozUC7w1fg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=u1TQIodWweD7zp4H5M85vGwkU9HyWa63LNRWqRxOjEfI/LNcEl/ToLVnJ22qLoK9QHzojgE3+1x/emB6U+v04q7loITyjYXGWBD39Q1Nd2nW9lKAmYw3E6VFNvG5UqpCVvFCapYhV5kT/PfLyMEh9rch8lK8X3Wf5Mpp8kOGQkI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=FTSPmuXX; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=Ape8kHsL; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="FTSPmuXX"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="Ape8kHsL" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1773174267; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ISzayfMc5PLVDoc63KqzP7tRn0dS/ZiGeioFlqaIWsk=; b=FTSPmuXX6Lk5gP0FgvKDhOBwFPy83i38BPZFqYSYn+g52iJA6njpCZtvu6YIG/z628wEHq Wi/OTAd4xaze71ctLEtueuXUcarsQS+JizGwpcKqKVFYrRQdFT5S3jDsikfgBHaXOGVlOL 9V4d5pns+lxRTQvxAFbMSNGiYP/EulU= Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-641-Fxa3g2-xOsWQ-WRT_vho6A-1; Tue, 10 Mar 2026 16:24:26 -0400 X-MC-Unique: Fxa3g2-xOsWQ-WRT_vho6A-1 X-Mimecast-MFC-AGG-ID: Fxa3g2-xOsWQ-WRT_vho6A_1773174265 Received: by mail-wm1-f70.google.com with SMTP id 5b1f17b1804b1-4839fc4cef6so2513365e9.0 for ; Tue, 10 Mar 2026 13:24:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1773174264; x=1773779064; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ISzayfMc5PLVDoc63KqzP7tRn0dS/ZiGeioFlqaIWsk=; b=Ape8kHsL5NrlH2lcGGrKTfiUO8seuo+9U0Qk6QPResoO66kIoJ7gBQkdigpKadRU0a sZjtq0hKZclWiJWZuXK3hiN3SnVmt3iNw673zuGliwbNBlrIK4bG1GsDlH4Hx/J82G4g w5084MCQUvchjYlWpFnLKYPZv5pUNXEc+rOhAKi3vFAumExQVJHxgDilTo7u6Nwy3AGt 37hB65/pS2QVL2ClcFEvxnp2krFSBuc/ootfAt4usDcRUx1Q/bFTeEpdnJGCdN2uwXam OA68z6z0BMw7moQX/ileJVJwyJNJRdpDpSz29z8x9nnHzHsRTIoALwMS3ZCM3wqfsUr7 H6UA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773174264; x=1773779064; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=ISzayfMc5PLVDoc63KqzP7tRn0dS/ZiGeioFlqaIWsk=; b=HRZ9S1dtJ37LmByz4T56pvkxl7dRrrxJ7F2PhS9NItflY5+/d9XGfz9oiFr/y3986p GnJEpoIJKgFOXcXf2C4wt5Nw7grhvJl5bO2wDRETV4UU0fEGMFRZ2Ae/RfEMfmT+krqn tDJCTi48y2fpi8p9sCBpQFhA0+XRdm7qvHh8ZSe0X/1AFp04jjC5zAfI/SLEHaQkCQnC 9Ivu3EY3Bw/aqXBIghtvfpfVQIcgXQG0PEgTMaltZFW0xdo4D6mvVP/hhVfyO8LCxKzN 4yANVoY/TMJYEE49k52EeNi24mQbaX/R86L7ctLvxBdFqFpYSA8HI0aXE/3GuIZNvch8 qNcw== X-Gm-Message-State: AOJu0Yy+BXXgnzeI6V0YpICti9oTpt+ALBSQ5hc4Kks+Ec9JE3wuGPqk 6pI+0LgB3UyBgBwABH/8GjU/H7NTprYVgbTqRWF1JIKN++RST6Qr8sgE6gI3CK7YA53YIwUsVoo 7hPmjnSItMWyTnoHyfaZFWDsVpjP4Sq6sIVh9oTRXnamhUBJM2GfrUKyLIukzNC/7KKF2YFMd5V XuTR6FDJR+IFs9NYMDzz/06VNtOVjSb/DMR9VmToEbQoedTxbedg== X-Gm-Gg: ATEYQzyEi1yDCPQeGgceCf5YkRof1KA2EVV/Zq6Zh/uGsXlkreHrxH8J/LMFAeaZZ38 QY7vTK8BrkppKnFKDMqTaX0WnzG9PmuZUZzTyaRuAYFmpgWxIRhCFtZUli/3DoQaxESMtDzeWnd kizevnMQIqh1jNHZlsRD2KPBXjRRfdEKghIb6Vp4OqpxfOAIansqD26esKhfadxJU9i7TkhWZB1 HOVVIXAofvq3tRJGLKoktvfvUgRG77NZ13wBciA4K9EzBYjrqeprAU5mOzE4OqxXtop5BqmENUB 1ycMofDPW+Dp96dunIYtNvg2bezSZxCr2dZ/ZFB1hYqN3k81Bvaya5Lz7vo2/CfuGH9sIGUKWHk gZs4pzIy+0ToYziRKVlALUseAtrqSMKvKkx1hk7nvJ9hb9leCabXO6Cw18TCbY1MJFsHyCWbmRX 78m+FQshimQBMmrxVbvYw1R3J1qfI= X-Received: by 2002:a05:600c:81c5:b0:485:3f58:da2 with SMTP id 5b1f17b1804b1-4854b291de0mr284425e9.16.1773174264375; Tue, 10 Mar 2026 13:24:24 -0700 (PDT) X-Received: by 2002:a05:600c:81c5:b0:485:3f58:da2 with SMTP id 5b1f17b1804b1-4854b291de0mr283965e9.16.1773174263824; Tue, 10 Mar 2026 13:24:23 -0700 (PDT) Received: from [192.168.10.48] ([151.95.144.138]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4854a18bcf4sm6851425e9.0.2026.03.10.13.24.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Mar 2026 13:24:22 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: seanjc@google.com, xinyang@anthropic.com, stable@vger.kernel.org Subject: [PATCH 3/5] selftests: kvm: extract common functionality out of smm_test.c Date: Tue, 10 Mar 2026 21:24:12 +0100 Message-ID: <20260310202414.406078-4-pbonzini@redhat.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260310202414.406078-1-pbonzini@redhat.com> References: <20260310202414.406078-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Cc: stable@vger.kernel.org Signed-off-by: Paolo Bonzini --- tools/testing/selftests/kvm/include/x86/smm.h | 17 ++++++++++++ .../testing/selftests/kvm/lib/x86/processor.c | 26 ++++++++++++++++++ tools/testing/selftests/kvm/x86/smm_test.c | 27 ++----------------- 3 files changed, 45 insertions(+), 25 deletions(-) create mode 100644 tools/testing/selftests/kvm/include/x86/smm.h diff --git a/tools/testing/selftests/kvm/include/x86/smm.h b/tools/testing/= selftests/kvm/include/x86/smm.h new file mode 100644 index 000000000000..19337c34f13e --- /dev/null +++ b/tools/testing/selftests/kvm/include/x86/smm.h @@ -0,0 +1,17 @@ +// SPDX-License-Identifier: GPL-2.0-only +#ifndef SELFTEST_KVM_SMM_H +#define SELFTEST_KVM_SMM_H + +#include "kvm_util.h" + +#define SMRAM_SIZE 65536 +#define SMRAM_MEMSLOT ((1 << 16) | 1) +#define SMRAM_PAGES (SMRAM_SIZE / PAGE_SIZE) + +void setup_smram(struct kvm_vm *vm, struct kvm_vcpu *vcpu, + uint64_t smram_gpa, + const void *smi_handler, size_t handler_size); + +void inject_smi(struct kvm_vcpu *vcpu); + +#endif /* SELFTEST_KVM_SMM_H */ diff --git a/tools/testing/selftests/kvm/lib/x86/processor.c b/tools/testin= g/selftests/kvm/lib/x86/processor.c index fab18e9be66c..23a44941e283 100644 --- a/tools/testing/selftests/kvm/lib/x86/processor.c +++ b/tools/testing/selftests/kvm/lib/x86/processor.c @@ -8,6 +8,7 @@ #include "kvm_util.h" #include "pmu.h" #include "processor.h" +#include "smm.h" #include "svm_util.h" #include "sev.h" #include "vmx.h" @@ -1444,3 +1445,28 @@ bool kvm_arch_has_default_irqchip(void) { return true; } + +void setup_smram(struct kvm_vm *vm, struct kvm_vcpu *vcpu, + uint64_t smram_gpa, + const void *smi_handler, size_t handler_size) +{ + vm_userspace_mem_region_add(vm, VM_MEM_SRC_ANONYMOUS, smram_gpa, + SMRAM_MEMSLOT, SMRAM_PAGES, 0); + TEST_ASSERT(vm_phy_pages_alloc(vm, SMRAM_PAGES, smram_gpa, + SMRAM_MEMSLOT) =3D=3D smram_gpa, + "Could not allocate guest physical addresses for SMRAM"); + + memset(addr_gpa2hva(vm, smram_gpa), 0x0, SMRAM_SIZE); + memcpy(addr_gpa2hva(vm, smram_gpa) + 0x8000, smi_handler, handler_size); + vcpu_set_msr(vcpu, MSR_IA32_SMBASE, smram_gpa); +} + +void inject_smi(struct kvm_vcpu *vcpu) +{ + struct kvm_vcpu_events events; + + vcpu_events_get(vcpu, &events); + events.smi.pending =3D 1; + events.flags |=3D KVM_VCPUEVENT_VALID_SMM; + vcpu_events_set(vcpu, &events); +} diff --git a/tools/testing/selftests/kvm/x86/smm_test.c b/tools/testing/sel= ftests/kvm/x86/smm_test.c index 55c88d664a94..ade8412bf94a 100644 --- a/tools/testing/selftests/kvm/x86/smm_test.c +++ b/tools/testing/selftests/kvm/x86/smm_test.c @@ -14,13 +14,11 @@ #include "test_util.h" =20 #include "kvm_util.h" +#include "smm.h" =20 #include "vmx.h" #include "svm_util.h" =20 -#define SMRAM_SIZE 65536 -#define SMRAM_MEMSLOT ((1 << 16) | 1) -#define SMRAM_PAGES (SMRAM_SIZE / PAGE_SIZE) #define SMRAM_GPA 0x1000000 #define SMRAM_STAGE 0xfe =20 @@ -113,18 +111,6 @@ static void guest_code(void *arg) sync_with_host(DONE); } =20 -void inject_smi(struct kvm_vcpu *vcpu) -{ - struct kvm_vcpu_events events; - - vcpu_events_get(vcpu, &events); - - events.smi.pending =3D 1; - events.flags |=3D KVM_VCPUEVENT_VALID_SMM; - - vcpu_events_set(vcpu, &events); -} - int main(int argc, char *argv[]) { vm_vaddr_t nested_gva =3D 0; @@ -140,16 +126,7 @@ int main(int argc, char *argv[]) /* Create VM */ vm =3D vm_create_with_one_vcpu(&vcpu, guest_code); =20 - vm_userspace_mem_region_add(vm, VM_MEM_SRC_ANONYMOUS, SMRAM_GPA, - SMRAM_MEMSLOT, SMRAM_PAGES, 0); - TEST_ASSERT(vm_phy_pages_alloc(vm, SMRAM_PAGES, SMRAM_GPA, SMRAM_MEMSLOT) - =3D=3D SMRAM_GPA, "could not allocate guest physical addresses?"); - - memset(addr_gpa2hva(vm, SMRAM_GPA), 0x0, SMRAM_SIZE); - memcpy(addr_gpa2hva(vm, SMRAM_GPA) + 0x8000, smi_handler, - sizeof(smi_handler)); - - vcpu_set_msr(vcpu, MSR_IA32_SMBASE, SMRAM_GPA); + setup_smram(vm, vcpu, SMRAM_GPA, smi_handler, sizeof(smi_handler)); =20 if (kvm_has_cap(KVM_CAP_NESTED_STATE)) { if (kvm_cpu_has(X86_FEATURE_SVM)) --=20 2.53.0 From nobody Wed Apr 8 03:08:59 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 43B123EBF1C for ; Tue, 10 Mar 2026 20:24:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773174272; cv=none; b=e3Ubdhysn85e1cXfp4WFAdNyXh79SXWLv404baIqBoA2Vw9L6PIeVJhhGVHH/TV/lScvFFaplEbK71xHosHgqeYdXNhUypjFMt+GRsMvgoUOvAMKiUwNjQaT+3ZhFAQKyvK4dNXXutgAZaX3Rr1/IYacEzyj+pyqnuxkAVDq/Vo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773174272; c=relaxed/simple; bh=6rB+UB1kEMw6k+b86L/qIAQ+B3zVuFeQgsyZVjk7hWQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=tZsIYcVRg6hk36SoW4tbTAvQW4kyvHoQ292CfoaZOvkbFdfW15C3/Ees0+sJDDZ/6Rr9mkGtr09nziGPZ30VzPD8BIzGljBRZXhX6yHYH1OfkSuGOiFdEP6NYV7Y7Gg3DY/kSEbOk2ozFq7tJ57gGykcydNV+Tg15odWphkl28I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=GRnmBCBW; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=sj0pN6aW; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="GRnmBCBW"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="sj0pN6aW" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1773174270; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=LhOFlLPWZiB7d69MOKPXsBv2+W178XJ/rSiUNGxujFE=; b=GRnmBCBWVgX/ICtNtfCELovM0I7rVsgAsDDEtXrfIM33m+S/z15209NkHTUQ8lt9/OYC/R KakuVfpAVUM+dLTit1qh3qYESqlG2kVYf8kBGPXY2cJWILLc/Z5LtGGNpq0Vo+Q3ozCNsQ 9O6fYjYd5CGtKezjtzdMKYLr5vsJzfg= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-551-am6PLJVUP_WqAF2ywXvtgw-1; Tue, 10 Mar 2026 16:24:29 -0400 X-MC-Unique: am6PLJVUP_WqAF2ywXvtgw-1 X-Mimecast-MFC-AGG-ID: am6PLJVUP_WqAF2ywXvtgw_1773174268 Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-485335f4466so26899205e9.0 for ; Tue, 10 Mar 2026 13:24:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1773174267; x=1773779067; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=LhOFlLPWZiB7d69MOKPXsBv2+W178XJ/rSiUNGxujFE=; b=sj0pN6aWy7LJUle2fB1hMlJCxRMLDCO4I9jD/Bm6f4n+Uiq5er5AsPY5cvdmrKUOgi jiwcQqwuF356KdHXBFptjDxeriBZ/eEYauIuG7Dxw/ZI6gstZQ5YgP1vjBGapSgYn38B 5hn4gD9M8VDqFjgXfQk2Rr1nOeZPOJl9fxWAKdKQ7KqrtPRPMWdvKFhIvPQnGbyEVaCD a5YyiakLduzGrFyAmRboGpm/imrzuEKRICX/FP0Gmhhv5Uxwa9+uMCGZoDq1Xvbv7kg8 FWjEryjEeB6C/7qYcQNHeMb01hoPXgcVTZ5TbKWt9MyU2eDsJdL+rTo8FchxKirMipt2 aVdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773174267; x=1773779067; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=LhOFlLPWZiB7d69MOKPXsBv2+W178XJ/rSiUNGxujFE=; b=CnAuKQSEpH2vNGgvPsi1yFw7uRyonSPrUPKex2bbAxsZSXGYctdirV8SEzG4A9vfWE E7R04WBgn2o2HfzJTQKlKkiQ6zHHKJm0rGb6iwZy5SlEcF/6If7HwFaL8ELd0wlzjGwG Z3HbxY7Mya6MwZnnmxsjlpbc53dvInv7f+tWo/THyCouO6c5+JAwNaWlrHdk7SwwRBhO XwqOPz7N4AHG/TPlSs9f7fKaqmWnK4VM4POFx64jIBHDAnmhCC58mpdIs0IIrq2hZ1eI gCQJaz9gq+I5cBXXS3L94SwpcchcrmM+MibLP55F5EG+e9IYF/0RVewsCK83Ggt1DjCB +2IA== X-Gm-Message-State: AOJu0Yzs88HXY05UEVpDa1UeMQRte8ztZvWDDOaTGvPgdI9tTV2Rhn97 BN7CBCGOK7GxJaflUNJO6xVyXXNyzxng0NVoAbECqpltkbDD0BRY4XKCIKd8EsBJq1BjuuFRetE zS7nau2LGfegq9AaM+JHTkNqIDRLM6AIYpnqjIU0cEG9sesBS94yXFzgymYkM4g9tVwNLOKCFJc MCK/fioRuTqS/5YZor9iMp81WXsBwvlfWBtTSPzh7kz37kIzMoFA== X-Gm-Gg: ATEYQzxal8Ut9x0AKO8UGlga9ivtMOscxtp5ji99J4b5keOqvVvV/60WQrglzfBRdxL Cv+Tw7hvpfse73cyvjsQ9S6c4z92f75tmqtUlCThXipupEmrlHIsi64z/kh348UTAehHhZBnZ8h 1yGOzorB5nd7iTmgSgM3DCZqNSrOkT12HHitSkyq7F6/hlMBHptfp9Zp22HqheNVeffJ3L8q8+M adixuVrFmEcKmtZbbSi2fg97gnTevLswIUHX/Z787QqepvykZBgOB4BGL9r3gtDe3NSgS1MEWp5 vRYXEfqDV2dSgTBkSfP3lYzOou3yE7/lLs6PRXSppDeIRGNTBwnlNbFRrhHxOHavdylVBBZmlJz 3TPoj00eM2RDk/Nn48guXyyI+lebqFCrAyHMvOZG1noCxu2Y0UqnufH4eVLo7jj/6OWK8MlL5aq /cNmK/NTdsk5r7KSGzuZl6KSpZNo0= X-Received: by 2002:a05:600c:4f95:b0:483:3380:ca11 with SMTP id 5b1f17b1804b1-4854b13e0f6mr1539545e9.33.1773174266638; Tue, 10 Mar 2026 13:24:26 -0700 (PDT) X-Received: by 2002:a05:600c:4f95:b0:483:3380:ca11 with SMTP id 5b1f17b1804b1-4854b13e0f6mr1538915e9.33.1773174265985; Tue, 10 Mar 2026 13:24:25 -0700 (PDT) Received: from [192.168.10.48] ([151.95.144.138]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4854a307bc4sm4723665e9.3.2026.03.10.13.24.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Mar 2026 13:24:24 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: seanjc@google.com, xinyang@anthropic.com, stable@vger.kernel.org Subject: [PATCH 4/5] selftests: kvm: add a test that VMX validates controls on RSM Date: Tue, 10 Mar 2026 21:24:13 +0100 Message-ID: <20260310202414.406078-5-pbonzini@redhat.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260310202414.406078-1-pbonzini@redhat.com> References: <20260310202414.406078-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add a test checking that invalid eVMCS contents are validated after an RSM instruction is emulated. The failure mode is simply that the RSM succeeds, because KVM virtualizes NMIs anyway while running L2; the two pin-based execution controls used by the test are entirely handled by KVM and not by the processor. Cc: stable@vger.kernel.org Signed-off-by: Paolo Bonzini --- tools/testing/selftests/kvm/Makefile.kvm | 1 + .../kvm/x86/evmcs_smm_controls_test.c | 150 ++++++++++++++++++ 2 files changed, 151 insertions(+) create mode 100644 tools/testing/selftests/kvm/x86/evmcs_smm_controls_test= .c diff --git a/tools/testing/selftests/kvm/Makefile.kvm b/tools/testing/selft= ests/kvm/Makefile.kvm index fdec90e85467..dc68371f76a3 100644 --- a/tools/testing/selftests/kvm/Makefile.kvm +++ b/tools/testing/selftests/kvm/Makefile.kvm @@ -71,6 +71,7 @@ TEST_GEN_PROGS_x86 +=3D x86/cpuid_test TEST_GEN_PROGS_x86 +=3D x86/cr4_cpuid_sync_test TEST_GEN_PROGS_x86 +=3D x86/dirty_log_page_splitting_test TEST_GEN_PROGS_x86 +=3D x86/feature_msrs_test +TEST_GEN_PROGS_x86 +=3D x86/evmcs_smm_controls_test TEST_GEN_PROGS_x86 +=3D x86/exit_on_emulation_failure_test TEST_GEN_PROGS_x86 +=3D x86/fastops_test TEST_GEN_PROGS_x86 +=3D x86/fix_hypercall_test diff --git a/tools/testing/selftests/kvm/x86/evmcs_smm_controls_test.c b/to= ols/testing/selftests/kvm/x86/evmcs_smm_controls_test.c new file mode 100644 index 000000000000..af7c90103396 --- /dev/null +++ b/tools/testing/selftests/kvm/x86/evmcs_smm_controls_test.c @@ -0,0 +1,150 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2026, Red Hat, Inc. + * + * Test that vmx_leave_smm() validates vmcs12 controls before re-entering + * nested guest mode on RSM. + */ +#include +#include +#include +#include +#include + +#include "test_util.h" +#include "kvm_util.h" +#include "smm.h" +#include "hyperv.h" +#include "vmx.h" + +#define SMRAM_GPA 0x1000000 +#define SMRAM_STAGE 0xfe + +#define SYNC_PORT 0xe + +#define STR(x) #x +#define XSTR(s) STR(s) + +/* + * SMI handler: runs in real-address mode. + * Reports SMRAM_STAGE via port IO, then does RSM. + */ +static uint8_t smi_handler[] =3D { + 0xb0, SMRAM_STAGE, /* mov $SMRAM_STAGE, %al */ + 0xe4, SYNC_PORT, /* in $SYNC_PORT, %al */ + 0x0f, 0xaa, /* rsm */ +}; + +static inline void sync_with_host(uint64_t phase) +{ + asm volatile("in $" XSTR(SYNC_PORT) ", %%al \n" + : "+a" (phase)); +} + +static void l2_guest_code(void) +{ + sync_with_host(1); + + /* After SMI+RSM with invalid controls, we should not reach here. */ + vmcall(); +} + +static void guest_code(struct vmx_pages *vmx_pages, + struct hyperv_test_pages *hv_pages) +{ +#define L2_GUEST_STACK_SIZE 64 + unsigned long l2_guest_stack[L2_GUEST_STACK_SIZE]; + + /* Set up Hyper-V enlightenments and eVMCS */ + wrmsr(HV_X64_MSR_GUEST_OS_ID, HYPERV_LINUX_OS_ID); + enable_vp_assist(hv_pages->vp_assist_gpa, hv_pages->vp_assist); + evmcs_enable(); + + GUEST_ASSERT(prepare_for_vmx_operation(vmx_pages)); + GUEST_ASSERT(load_evmcs(hv_pages)); + prepare_vmcs(vmx_pages, l2_guest_code, + &l2_guest_stack[L2_GUEST_STACK_SIZE]); + + GUEST_ASSERT(!vmlaunch()); + + /* L2 exits via vmcall if test fails */ + sync_with_host(2); +} + +int main(int argc, char *argv[]) +{ + vm_vaddr_t vmx_pages_gva =3D 0, hv_pages_gva =3D 0; + struct hyperv_test_pages *hv; + struct hv_enlightened_vmcs *evmcs; + struct kvm_vcpu *vcpu; + struct kvm_vm *vm; + struct kvm_regs regs; + int stage_reported; + + TEST_REQUIRE(kvm_cpu_has(X86_FEATURE_VMX)); + TEST_REQUIRE(kvm_has_cap(KVM_CAP_NESTED_STATE)); + TEST_REQUIRE(kvm_has_cap(KVM_CAP_HYPERV_ENLIGHTENED_VMCS)); + TEST_REQUIRE(kvm_has_cap(KVM_CAP_X86_SMM)); + + vm =3D vm_create_with_one_vcpu(&vcpu, guest_code); + + setup_smram(vm, vcpu, SMRAM_GPA, smi_handler, sizeof(smi_handler)); + + vcpu_set_hv_cpuid(vcpu); + vcpu_enable_evmcs(vcpu); + vcpu_alloc_vmx(vm, &vmx_pages_gva); + hv =3D vcpu_alloc_hyperv_test_pages(vm, &hv_pages_gva); + vcpu_args_set(vcpu, 2, vmx_pages_gva, hv_pages_gva); + + vcpu_run(vcpu); + + /* L2 is running and syncs with host. */ + TEST_ASSERT_KVM_EXIT_REASON(vcpu, KVM_EXIT_IO); + vcpu_regs_get(vcpu, ®s); + stage_reported =3D regs.rax & 0xff; + TEST_ASSERT(stage_reported =3D=3D 1, + "Expected stage 1, got %d", stage_reported); + + /* Inject SMI while L2 is running. */ + inject_smi(vcpu); + vcpu_run(vcpu); + TEST_ASSERT_KVM_EXIT_REASON(vcpu, KVM_EXIT_IO); + vcpu_regs_get(vcpu, ®s); + stage_reported =3D regs.rax & 0xff; + TEST_ASSERT(stage_reported =3D=3D SMRAM_STAGE, + "Expected SMM handler stage %#x, got %#x", + SMRAM_STAGE, stage_reported); + + /* + * Guest is now paused in the SMI handler, about to execute RSM. + * Hack the eVMCS page to set-up invalid pin-based execution + * control (PIN_BASED_VIRTUAL_NMIS without PIN_BASED_NMI_EXITING). + */ + evmcs =3D hv->enlightened_vmcs_hva; + evmcs->pin_based_vm_exec_control |=3D PIN_BASED_VIRTUAL_NMIS; + evmcs->hv_clean_fields =3D 0; + + /* + * Trigger copy_enlightened_to_vmcs12() via KVM_GET_NESTED_STATE, + * copying the invalid pin_based_vm_exec_control into cached_vmcs12. + */ + union { + struct kvm_nested_state state; + char state_[16384]; + } nested_state_buf; + + memset(&nested_state_buf, 0, sizeof(nested_state_buf)); + nested_state_buf.state.size =3D sizeof(nested_state_buf); + vcpu_nested_state_get(vcpu, &nested_state_buf.state); + + /* + * Resume the guest. The SMI handler executes RSM, which calls + * vmx_leave_smm(). nested_vmx_check_controls() should detect + * VIRTUAL_NMIS without NMI_EXITING and cause a triple fault. + */ + vcpu_run(vcpu); + TEST_ASSERT_KVM_EXIT_REASON(vcpu, KVM_EXIT_SHUTDOWN); + + kvm_vm_free(vm); + return 0; +} --=20 2.53.0 From nobody Wed Apr 8 03:08:59 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CE4823EB7F1 for ; Tue, 10 Mar 2026 20:24:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773174274; cv=none; b=Q/hxE8Yv7N8M8WLzLs3evr0WwzQD7Fkro1bb71/NOTb9obSNhmrs9NTX/eyGzIurrlSxAJXdcM6orVqZlE4XoCn+agiI6YRxpQuDLM9UxyBf6FzMgX4uSJXlY+xbLbqplwIyk4Q23itb8fe6dMOTkDPHhFlU/f1AXs0GzJefiJE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773174274; c=relaxed/simple; bh=nPf3/zpsXr0gYyMgLI8arjnB90SmOw4ukmzR/VbRl74=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=HOJ4dg0sHfSxPmzeLwOzzq/An1ilVfsStoN8qj03pOJfp2r/ubhTQEjXd3rWR1nsDmZcwJ8xOH3mP3cK2IKLvWWSI+3tbnFB/oY/XX8brCZKCM1/a8VspChlTZPQMhKJItv9plmSBTvlYwVxCQuQycEgiZTah6iV4ZoeqIEokcY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=dGGuMc/5; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=nN4M5d3H; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="dGGuMc/5"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="nN4M5d3H" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1773174271; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=A7UyBjZ3bFL2zCPRfYGX2fdYuZKgz++d8DEbJHushfs=; b=dGGuMc/5ocZ9TmfdALwEBduggRqjkoL2tMUu/bKifXaguWcSTDaDsGow8Y0EHQ92cBbs4G QmGbAmku1TNRrpD0FYUAupzYmIMQzN94vTpqBe8+6/bPVeb6JiYGOgv3DVZZnSJaBmb8TT OzngOJM+BhMxSEd/JuKL2HGucGT7JoA= Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-607-IuLH7wf7NWidjcu-BEquwQ-1; Tue, 10 Mar 2026 16:24:30 -0400 X-MC-Unique: IuLH7wf7NWidjcu-BEquwQ-1 X-Mimecast-MFC-AGG-ID: IuLH7wf7NWidjcu-BEquwQ_1773174269 Received: by mail-wm1-f70.google.com with SMTP id 5b1f17b1804b1-4853040372fso36366525e9.1 for ; Tue, 10 Mar 2026 13:24:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1773174268; x=1773779068; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=A7UyBjZ3bFL2zCPRfYGX2fdYuZKgz++d8DEbJHushfs=; b=nN4M5d3HBZRrcnw5mc44dIUQQWAs9H4FHsmT1YLdWIzpq1Ku6NiJG6rLrXAvChVJhe KQfX53yF/XKVhPGKpaniP2eeU83UOBj+O4eXcR2Oao8Ig6tnEqTN2LIISWbCYzen/hpC 2YBelC0Ve6HFfDG+ff4mC2h/+yGGDFnNaNagePDexKeFjglIWHeZk/Y4hKUWe6bkYLMt hw+zBduVB44Jl922Hk2OfQ/hrslX6kpKkfGdCk5AzquhWRSbCcO7e5INxr1kRBDXGv4E scNarBMDBN2m3DVcmuv3lV5moVG5hydwssBv7ho9fl9t3EOKEUIC0yQZNMctEyCFXCjT TLeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773174268; x=1773779068; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=A7UyBjZ3bFL2zCPRfYGX2fdYuZKgz++d8DEbJHushfs=; b=rwAqoslO5JbXCPtZr8CdrRpw4HQBHg5Sl9y1THduaHy3IbwXg53fDS+vn3qQb3KFKo fbNopJ+QJp/HjyP1otIT9cgGs65in9tloW/IpAQ8N+koWoEyJbi3Un5JhI0H06n6awMe Ic8Acjnfv5Mto6LAoHVAmN1jigFr8pLMW6SiS2mhenFE5f0H5FxON6IWhDMNNFuA7ppW Qp6YXa90lRhiZpxcvSftbIk8xA/GcgVDy60FgG0JWQGVlmGdqchE7T1pUe41CO8MCaTo 6k/qItCmCSPWExOIOh+WnPGcdThlQs2IemMe3NWnP/8IdUFCYRJ/rZN9k6jgsRaJ0O8f 758A== X-Gm-Message-State: AOJu0YwSVvIdx9Z6zSizfW04lUdLw5M0ynG9Guo5QEAqHiZp9uKg5nyr Mwuxi4PksfwM1xow38OJTb0i0ck3Svv7A8ZsCbFM9pRzTOzq1vlGBpsYVgztS8CVrF0fusZ3tRJ 6OBXVGAyLA/7hBXC7vAbitLSR1/zW4/U+P0+nmaJGSwRLss/Pts1UTObAxCR5MwWMhIVIcTPhvV Se+chrlMreFtA7blKF8bnebAE+hx0qJGxRIYdaMyadWcUnQOHJZg== X-Gm-Gg: ATEYQzxsDe5T5jyjy/ZkH1/mK3ccd4x3jN8FEaFPocrisEmcHrCtD4kJ3jm7SKubzTc MQI4/ujKFC4vkTylnPjXFaNI/SiAIMIYygS+hZuEgznjImFrJFwQ1Z6s6wptcOREGjvC69r/eVu yj/exAjukofdrMAL3se/FxAW9pT/aSlWzNvssMgJDkK85pTWNbPLxlWZNSj3UFv6Iszrp3RgYEP QI+l+xBityvhmCz4G6glnlLH3m0VUM0IElN+ebYJbtwNRAMOME3N1Dtn/CIF1nxTGUGapZXp78N v4PiDyVaVfiqHK9LqLGKodXKkkM6c37nJPq27TOCQBvvHdw56f5h+4ACJbuECspqmf9bZyW5UrK 52BqSGZtb0FA3zY+VFwu77hTx6AbHJjdHXeDTfJ4y3jfBx/MxIQwuqmJORweWA1PtUt473LEGM6 X9wPkOsZHAb1KeVubnVMES0pUqjZs= X-Received: by 2002:a05:600c:8012:b0:485:2fc5:3b0 with SMTP id 5b1f17b1804b1-4854b145662mr1316545e9.27.1773174267608; Tue, 10 Mar 2026 13:24:27 -0700 (PDT) X-Received: by 2002:a05:600c:8012:b0:485:2fc5:3b0 with SMTP id 5b1f17b1804b1-4854b145662mr1316145e9.27.1773174267166; Tue, 10 Mar 2026 13:24:27 -0700 (PDT) Received: from [192.168.10.48] ([151.95.144.138]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48541a9e549sm102081565e9.12.2026.03.10.13.24.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Mar 2026 13:24:26 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: seanjc@google.com, xinyang@anthropic.com Subject: [PATCH 5/5] KVM: x86: clarify leave_smm() return value Date: Tue, 10 Mar 2026 21:24:14 +0100 Message-ID: <20260310202414.406078-6-pbonzini@redhat.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260310202414.406078-1-pbonzini@redhat.com> References: <20260310202414.406078-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The return value of vmx_leave_smm() is unrelated from that of nested_vmx_enter_non_root_mode(). Check explicitly for success (which happens to be 0) and return 1 just like everywhere else in vmx_leave_smm(). Likewise, in svm_leave_smm() return 0/1 instead of the 0/1/-errno returned by enter_svm_guest_mode(). Signed-off-by: Paolo Bonzini --- arch/x86/kvm/svm/svm.c | 6 +++--- arch/x86/kvm/vmx/vmx.c | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 95495048902c..82e1d5526979 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4894,11 +4894,11 @@ static int svm_leave_smm(struct kvm_vcpu *vcpu, con= st union kvm_smram *smram) if (nested_svm_check_cached_vmcb12(vcpu) < 0) goto unmap_save; =20 - ret =3D enter_svm_guest_mode(vcpu, smram64->svm_guest_vmcb_gpa, vmcb12, f= alse); - - if (ret) + if (enter_svm_guest_mode(vcpu, smram64->svm_guest_vmcb_gpa, + vmcb12, false) !=3D 0) goto unmap_save; =20 + ret =3D 0; svm->nested.nested_run_pending =3D 1; =20 unmap_save: diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index e9fa59e92548..21838900f14b 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -8545,8 +8545,8 @@ int vmx_leave_smm(struct kvm_vcpu *vcpu, const union = kvm_smram *smram) return 1; =20 ret =3D nested_vmx_enter_non_root_mode(vcpu, false); - if (ret) - return ret; + if (ret !=3D NVMX_VMENTRY_SUCCESS) + return 1; =20 vmx->nested.nested_run_pending =3D 1; vmx->nested.smm.guest_mode =3D false; --=20 2.53.0