diff options
| author | Yosry Ahmed <yosry.ahmed@linux.dev> | 2026-02-18 15:09:53 -0800 |
|---|---|---|
| committer | Sean Christopherson <seanjc@google.com> | 2026-03-04 16:08:59 -0800 |
| commit | a367b6e10372b46fa10debd889e89aa65ca65aee (patch) | |
| tree | 6d08564e3b163351fb7a90a16ad620fdde608559 | |
| parent | 0b97f929831a70e7ad6d9dbd30ae1f65dd43526d (diff) | |
| download | linux-a367b6e10372b46fa10debd889e89aa65ca65aee.tar.gz linux-a367b6e10372b46fa10debd889e89aa65ca65aee.zip | |
KVM: nSVM: WARN and abort vmcb02 intercepts recalc if vmcb02 isn't active
WARN and bail early from nested_vmcb02_recalc_intercepts() if vmcb02 isn't
the active/current VMCB, as recalculating intercepts for vmcb01 using logic
intended for merging vmcb12 and vmcb01 intercepts can yield unexpected and
unwanted results.
In addition to hardening against general bugs, this will provide additional
safeguards "if" nested_vmcb02_recalc_intercepts() is invoked directly from
nested_vmcb02_prepare_control().
Signed-off-by: Yosry Ahmed <yosry.ahmed@linux.dev>
[sean: split to separate patch, bail early on "failure"]
Link: https://patch.msgid.link/20260218230958.2877682-4-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
| -rw-r--r-- | arch/x86/kvm/svm/nested.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 21ee75d6cdff..75e7deef51a5 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -128,6 +128,9 @@ void nested_vmcb02_recalc_intercepts(struct vcpu_svm *svm) struct vmcb_ctrl_area_cached *g; unsigned int i; + if (WARN_ON_ONCE(svm->vmcb != svm->nested.vmcb02.ptr)) + return; + vmcb_mark_dirty(svm->vmcb, VMCB_INTERCEPTS); c = &svm->vmcb->control; |