]> git.ipfire.org Git - thirdparty/linux.git/commit
KVM: SVM: Triple fault L1 on unintercepted EFER.SVME clear by L2
authorYosry Ahmed <yosry.ahmed@linux.dev>
Mon, 9 Feb 2026 19:51:41 +0000 (19:51 +0000)
committerSean Christopherson <seanjc@google.com>
Thu, 5 Mar 2026 00:09:10 +0000 (16:09 -0800)
commitcdc69269b18a19cb76eaf7bf4fa47fe270dcaf11
tree561352b31c2d7c5588f344d1f4533ab0e78b1dc4
parent66b207f175f1cd52b083c4d90d03cc1c15b8ae6a
KVM: SVM: Triple fault L1 on unintercepted EFER.SVME clear by L2

KVM tracks when EFER.SVME is set and cleared to initialize and tear down
nested state. However, it doesn't differentiate if EFER.SVME is getting
toggled in L1 or L2+. If L2 clears EFER.SVME, and L1 does not intercept
the EFER write, KVM exits guest mode and tears down nested state while
L2 is running, executing L1 without injecting a proper #VMEXIT.

According to the APM:

    The effect of turning off EFER.SVME while a guest is running is
    undefined; therefore, the VMM should always prevent guests from
    writing EFER.

Since the behavior is architecturally undefined, KVM gets to choose what
to do. Inject a triple fault into L1 as a more graceful option that
running L1 with corrupted state.

Co-developed-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Yosry Ahmed <yosry.ahmed@linux.dev>
base-commit: 95deaec3557dced322e2540bfa426e60e5373d46
Link: https://patch.msgid.link/20260209195142.2554532-2-yosry.ahmed@linux.dev
Signed-off-by: Sean Christopherson <seanjc@google.com>
arch/x86/kvm/svm/svm.c