From 6f4d3ebc24c6ef92e196ebbd389a3f2bfdc7a144 Mon Sep 17 00:00:00 2001 From: Jim Mattson Date: Fri, 21 Nov 2025 20:48:00 +0000 Subject: [PATCH] KVM: SVM: Allow KVM_SET_NESTED_STATE to clear GIF when SVME==0 GIF==0 together with EFER.SVME==0 is a valid architectural state. Don't return -EINVAL for KVM_SET_NESTED_STATE when this combination is specified. Fixes: cc440cdad5b7 ("KVM: nSVM: implement KVM_GET_NESTED_STATE and KVM_SET_NESTED_STATE") Signed-off-by: Jim Mattson Reviewed-by: Yosry Ahmed Signed-off-by: Yosry Ahmed Link: https://patch.msgid.link/20251121204803.991707-2-yosry.ahmed@linux.dev [sean: disallow KVM_STATE_NESTED_RUN_PENDING with SVME=0] Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/nested.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 47e8ce7d360a7..5b741f8ed1709 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -1821,12 +1821,12 @@ static int svm_set_nested_state(struct kvm_vcpu *vcpu, /* * If in guest mode, vcpu->arch.efer actually refers to the L2 guest's * EFER.SVME, but EFER.SVME still has to be 1 for VMRUN to succeed. + * If SVME is disabled, the only valid states are "none" and GIF=1 + * (clearing SVME does NOT set GIF, i.e. GIF=0 is allowed). */ - if (!(vcpu->arch.efer & EFER_SVME)) { - /* GIF=1 and no guest mode are required if SVME=0. */ - if (kvm_state->flags != KVM_STATE_NESTED_GIF_SET) - return -EINVAL; - } + if (!(vcpu->arch.efer & EFER_SVME) && kvm_state->flags && + kvm_state->flags != KVM_STATE_NESTED_GIF_SET) + return -EINVAL; /* SMM temporarily disables SVM, so we cannot be in guest mode. */ if (is_smm(vcpu) && (kvm_state->flags & KVM_STATE_NESTED_GUEST_MODE)) -- 2.47.3