From: Paolo Bonzini <pbonzini@redhat.com>
Date: Fri, 12 Jun 2026 08:11:09 +0000 (+0200)
Subject: Merge tag 'kvm-x86-misc-7.2' of https://github.com/kvm-x86/linux into HEAD
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f6d6be78b24426eba424e24d06718f59a860e38a;p=thirdparty%2Fkernel%2Flinux.git

Merge tag 'kvm-x86-misc-7.2' of https://github.com/kvm-x86/linux into HEAD

KVM misc x86 changes for 7.2

 - Handle EXIT_FASTPATH_EXIT_USERSPACE in vendor code to ensure vendor code
   gets a chance to handle things like reaping the PML buffer.

 - Ensure KVM's copy of CR0 and CR3 are up-to-date on SVM prior to invoking
   fastpath handlers.

 - Update KVM's view of PV async enabling if and only if the MSR write fully
   succeeds.

 - Fix a variety of issues where the emulator doesn't honor guest-debug state,
   and clean up related code along the way.

 - Synthesize EPT Violation and #NPF "error code" bits when injecting faults
   into L1 that didn't originate in hardware (in which case the VMCS/VMCB
   doesn't hold relevant information).

 - Add support for virtualizing (well, emulating) AMD's flavor of CPL>0 CPUID
   faulting.

 - Clean up the GPR APIs so that KVM's use of "raw" is consistent, and fix a
   variety of minor bugs along the way.

 - Fix an OOB memory access due to not checking the VP ID when handling a
   Hyper-V PV TLB flush for L2.

 - Fix a bug in the mediated PMU's handling of fixed counters that allowed the
   guest to bypass the PMU event filter.

 - Allow userspace to return EAGAIN when handling SNP and TDX hypercalls, so
   the KVM can forward a "retry" status code to the guest, and reserve all
   unused error codes for future usage.

 - Misc fixes and cleanups.
---

f6d6be78b24426eba424e24d06718f59a860e38a
diff --cc arch/x86/kvm/svm/sev.c
index 0c3962647116e,2cb20fec99743..0fde900ba8dd0
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@@ -3802,9 -3878,14 +3806,13 @@@ static void __snp_complete_one_psc(stru
  
  static int snp_complete_one_psc(struct kvm_vcpu *vcpu)
  {
+ 	u64 hypercall_ret = READ_ONCE(vcpu->run->hypercall.ret);
  	struct vcpu_svm *svm = to_svm(vcpu);
 -	struct psc_buffer *psc = svm->sev_es.ghcb_sa;
  
- 	if (vcpu->run->hypercall.ret) {
+ 	if (!kvm_is_valid_map_gpa_range_ret(hypercall_ret))
+ 		return -EINVAL;
+ 
+ 	if (hypercall_ret) {
  		snp_complete_psc(svm, VMGEXIT_PSC_ERROR_GENERIC);
  		return 1; /* resume guest */
  	}