git.ipfire.org Git - thirdparty/linux.git/commit

author	Yosry Ahmed <yosry@kernel.org>
	Tue, 3 Mar 2026 00:34:11 +0000 (00:34 +0000)
committer	Sean Christopherson <seanjc@google.com>
	Thu, 5 Mar 2026 00:08:54 +0000 (16:08 -0800)
commit	7e79f71bca5cf536f92effc7227bd044c2722c11
tree	1cbeea73dea363900235e2a8ba17daf1b57012d2	tree \| snapshot
parent	96bd3e76a171a8e21a6387e54e4c420a81968492	commit \| diff

KVM: nSVM: Add missing consistency check for EVENTINJ

According to the APM Volume #2, 15.20 (24593—Rev. 3.42—March 2024):

  VMRUN exits with VMEXIT_INVALID error code if either:
  • Reserved values of TYPE have been specified, or
  • TYPE = 3 (exception) has been specified with a vector that does not
    correspond to an exception (this includes vector 2, which is an NMI,
    not an exception).

Add the missing consistency checks to KVM. For the second point, inject
VMEXIT_INVALID if the vector is anything but the vectors defined by the
APM for exceptions. Reserved vectors are also considered invalid, which
matches the HW behavior. Vector 9 (i.e. #CSO) is considered invalid
because it is reserved on modern CPUs, and according to LLMs no CPUs
exist supporting SVM and producing #CSOs.

Defined exceptions could be different between virtual CPUs as new CPUs
define new vectors. In a best effort to dynamically define the valid
vectors, make all currently defined vectors as valid except those
obviously tied to a CPU feature: SHSTK -> #CP and SEV-ES -> #VC. As new
vectors are defined, they can similarly be tied to corresponding CPU
features.

Invalid vectors on specific (e.g. old) CPUs that are missed by KVM
should be rejected by HW anyway.

Fixes: 3d6368ef580a ("KVM: SVM: Add VMRUN handler")
CC: stable@vger.kernel.org
Signed-off-by: Yosry Ahmed <yosry@kernel.org>
Link: https://patch.msgid.link/20260303003421.2185681-18-yosry@kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>