KVM: x86: Fastpath userspace exit fix and hardening

[PATCH 0/2] KVM: x86: Fastpath userspace exit fix and hardening

Posted by Sean Christopherson 1 month, 3 weeks ago

Fix a found-by-inspection bug where KVM could fail to flush the PML buffer
(VMX) or fail to grab the most recet CR0/CR3 (SVM) prior to exiting to
userspace, which could prove to be fatal if that exit is that last exit prior
to save/restore, e.g. the last exit before userspace commits to migrating the
VM.

Patch 2 is related hardening, i.e. isn't fixing any existing bugs (AFAIK).

Sean Christopherson (2):
  KVM: x86: Ensure vendor's exit handler runs before fastpath userspace
    exits
  KVM: SVM: Refresh vcpu->arch.cr{0,3} prior to invoking fastpath
    handler

 arch/x86/kvm/svm/svm.c | 15 ++++++++-------
 arch/x86/kvm/vmx/vmx.c |  3 +++
 arch/x86/kvm/x86.c     |  3 ---
 3 files changed, 11 insertions(+), 10 deletions(-)


base-commit: 85f871f6ba46f20d7fbc0b016b4db648c33220dd
-- 
2.54.0.545.g6539524ca2-goog

Re: [PATCH 0/2] KVM: x86: Fastpath userspace exit fix and hardening

Posted by Sean Christopherson 4 weeks, 1 day ago

On Thu, 23 Apr 2026 09:26:26 -0700, Sean Christopherson wrote:
> Fix a found-by-inspection bug where KVM could fail to flush the PML buffer
> (VMX) or fail to grab the most recet CR0/CR3 (SVM) prior to exiting to
> userspace, which could prove to be fatal if that exit is that last exit prior
> to save/restore, e.g. the last exit before userspace commits to migrating the
> VM.
> 
> Patch 2 is related hardening, i.e. isn't fixing any existing bugs (AFAIK).
> 
> [...]

Applied to kvm-x86 misc, thanks!

[1/2] KVM: x86: Ensure vendor's exit handler runs before fastpath userspace exits
      https://github.com/kvm-x86/linux/commit/0ffedf43910e
[2/2] KVM: SVM: Refresh vcpu->arch.cr{0,3} prior to invoking fastpath handler
      https://github.com/kvm-x86/linux/commit/b21525756e82

--
https://github.com/kvm-x86/linux/tree/next