KVM: nSVM: Bail early out of VMRUN emulation if advancing RIP fails

If svm_skip_emulation_instruction() fails, then RIP could not be
advanced correctly (e.g. decode failure when NextRIP is not available).
KVM will exit to userspace to handle the emulation failure, but only
after stuffing the wrong RIP into vmcb01 and entering guest mode.

Bail early and exit to userspace before committing any side-effects of
emulating the VMRUN (e.g. entering guest mode).

Fixes: c8e16b78c614 ("x86: KVM: svm: eliminate hardcoded RIP advancement from vmrun_interception()")
Signed-off-by: Yosry Ahmed <yosry@kernel.org>
Link: https://patch.msgid.link/20260527234711.4175166-3-yosry@kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>

diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index a7ed06d88697b7f82efcc3db51ee9d91e01ad9bb..6e26c8e1b7717ca1298453e9707b117f53d40779 100644 (file)
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -1154,9 +1154,10 @@ int nested_svm_vmrun(struct kvm_vcpu *vcpu)
         * FIXME: If TF is set on VMRUN should inject a #DB (or handle guest
         * debugging) right after #VMEXIT, right now it's just ignored.
         */
-       ret = svm_skip_emulated_instruction(vcpu);
-       if (ret)
-               kvm_pmu_instruction_retired(vcpu);
+       if (!svm_skip_emulated_instruction(vcpu))
+               return 0;
+
+       kvm_pmu_instruction_retired(vcpu);
 
        /*
         * Since vmcb01 is not in use, we can use it to store some of the L1
@@ -1186,7 +1187,7 @@ int nested_svm_vmrun(struct kvm_vcpu *vcpu)
                nested_svm_vmexit(svm);
        }
 
-       return ret;
+       return 1;
 }
 
 /* Copy state save area fields which are handled by VMRUN */