1. Patchew
  2. linux
  3. View series

[PATCH] KVM: x86: Fix ERAPS RAP clear on INVPCID single-context invalidation

Emily Ehlert posted 1 patch 6 days, 14 hours ago 
arch/x86/kvm/x86.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH] KVM: x86: Fix ERAPS RAP clear on INVPCID single-context invalidation
Posted by Emily Ehlert 6 days, 14 hours ago 
Use kvm_register_mark_dirty() instead of kvm_register_is_dirty() to
actually mark VCPU_EXREG_ERAPS as dirty when emulating
INVPCID_TYPE_SINGLE_CTXT.  kvm_register_is_dirty() is a read-only
predicate whose return value is discarded, making the call a no-op.
Without this fix, a single-context INVPCID will not trigger a RAP clear
on the next VMRUN, breaking the ERAPS security guarantee.

Fixes: db5e82496492 ("KVM: SVM: Virtualize and advertise support for ERAPS")
Signed-off-by: Emily Ehlert <ehemily@amazon.de>
---
Hi,
we recently discovered a SVM bug where ERAPS are not properly cleared,
this may have security implications. I attached an AI assisted security
analysis.

The bug is reachable when INVPCID is intercepted while ERAPS is exposed
to the guest. When NPT is disabled then INVPCID is always intercepted
when shadow paging is acive. ERAPS can I think be active while NPT is
disabled (commit does not guard against it). So when triggered the
consequence is that the guest retains stale RAP entries after the
INVPCID call. A malicious guest could exploit this to speculatively
influence return predictions of another process within the same guest
underminding the ERAP security gurantee that the RAP is cleared in the
PCID invalidation.

Severity: Low-Medium.  Exploitation requires either an unusual host
configuration (npt=0, which is primarily a debugging mode) or a nested
virtualization setup with a cooperative L1 hypervisor.  The attack is
intra-guest (guest process vs. guest kernel), not guest-to-host, since
ERAPS hardware tagging still separates host and guest RAP entries.

 arch/x86/kvm/x86.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index fd1c4a36b5936..181a78c30260d 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -14207,7 +14207,7 @@ int kvm_handle_invpcid(struct kvm_vcpu *vcpu, unsigned long type, gva_t gva)
 		 * the RAP (Return Address Predicator).
 		 */
 		if (guest_cpu_cap_has(vcpu, X86_FEATURE_ERAPS))
-			kvm_register_is_dirty(vcpu, VCPU_EXREG_ERAPS);
+			kvm_register_mark_dirty(vcpu, VCPU_EXREG_ERAPS);
 
 		kvm_invalidate_pcid(vcpu, operand.pcid);
 		return kvm_skip_emulated_instruction(vcpu);
-- 
2.47.3




Amazon Web Services Development Center Germany GmbH
Tamara-Danz-Str. 13
10243 Berlin
Geschaeftsfuehrung: Christof Hellmis, Andreas Stieger
Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B
Sitz: Berlin
Ust-ID: DE 365 538 597

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.