Commit c0095ce
KVM: nSVM: Clear EVENTINJ fields in vmcb12 on nested #VMEXIT
commit 69b721a upstream.
According to the APM, from the reference of the VMRUN instruction:
Upon #VMEXIT, the processor performs the following actions in order to
return to the host execution context:
...
clear EVENTINJ field in VMCB
KVM already syncs EVENTINJ fields from vmcb02 to cached vmcb12 on every
L2->L0 #VMEXIT. Since these fields are zeroed by the CPU on #VMEXIT, they
will mostly be zeroed in vmcb12 on nested #VMEXIT by nested_svm_vmexit().
However, this is not the case when:
1. Consistency checks fail, as nested_svm_vmexit() is not called.
2. Entering guest mode fails before L2 runs (e.g. due to failed load of
CR3).
(2) was broken by commit 2d8a42b ("KVM: nSVM: synchronize VMCB
controls updated by the processor on every vmexit"), as prior to that
nested_svm_vmexit() always zeroed EVENTINJ fields.
Explicitly clear the fields in all nested #VMEXIT code paths.
Fixes: 3d6368e ("KVM: SVM: Add VMRUN handler")
Fixes: 2d8a42b ("KVM: nSVM: synchronize VMCB controls updated by the processor on every vmexit")
Cc: stable@vger.kernel.org
Signed-off-by: Yosry Ahmed <yosry@kernel.org>
Link: https://patch.msgid.link/20260303003421.2185681-12-yosry@kernel.org
[sean: massage changelog formatting]
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>1 parent 83754e4 commit c0095ce
1 file changed
Lines changed: 4 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
884 | 884 | | |
885 | 885 | | |
886 | 886 | | |
| 887 | + | |
| 888 | + | |
887 | 889 | | |
888 | 890 | | |
889 | 891 | | |
| |||
1025 | 1027 | | |
1026 | 1028 | | |
1027 | 1029 | | |
| 1030 | + | |
| 1031 | + | |
1028 | 1032 | | |
1029 | | - | |
1030 | | - | |
1031 | 1033 | | |
1032 | 1034 | | |
1033 | 1035 | | |
| |||
0 commit comments