[PATCH 0/3] KVM: harden and cleanup PDPTR load on forced L1 reload

Next message: Paolo Bonzini: "[PATCH 3/3] KVM: nVMX: remove unnecessary unload on processor-detected VMFail"
Previous message: patchwork-bot+netdevbpf: "Re: [PATCH net v2] rtase: Avoid sleeping in get_stats64()"
Next in thread: Paolo Bonzini: "[PATCH 3/3] KVM: nVMX: remove unnecessary unload on processor-detected VMFail"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Paolo Bonzini

Date: Thu Jun 04 2026 - 12:16:21 EST

Nested VMX tries to detect all possible VMFail cases before committing
to execute VMLAUNCH/VMRESUME, because the steps leading to the VMCS02
VM entry need to load various bits of the L2 processor state into
KVM's software model (vcpu->arch, essentially).

However, there are cases that are not caught or in some cases even
racy because the data comes from memory rather than from the VMCS;
in that case the earlier load of L2 state needs to be unwound, and
nested_vmx_restore_host_state() exists for that purpose. Sashiko
found a hole where L1's CR3 is restored there upon a VM-Entry failure,
but the PDPTRs are only restored if EPT is enabled. If shadow paging
is used, the L2 PDPTRs from the aborted entry attempt will remain in
vcpu->arch.root_mmu->pdptrs.

Fix this by forcing use of nested_vmx_load_cr3(), in the same guise
as load_vmcs12_host_state().

The other two patches are respectively another minor
hardening/clarification, and a small optimization.

Paolo Bonzini (3):
KVM: nVMX: unwind PDPTR load if processor triggers a nested VMFail
KVM: MMU: unconditionally clear MMIO cache on root rebuild
KVM: nVMX: remove unnecessary unload on processor-detected VMFail

arch/x86/kvm/mmu/mmu.c | 1 +
arch/x86/kvm/vmx/nested.c | 15 +++++++--------
2 files changed, 8 insertions(+), 8 deletions(-)

--
2.52.0