]> git.ipfire.org Git - thirdparty/kernel/linux.git/commit
projects / thirdparty / kernel / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(merge: 1b3090d 052ca58)
Merge tag 'kvm-x86-nested-7.1' of https://github.com/kvm-x86/linux into HEAD
authorPaolo Bonzini <pbonzini@redhat.com>
Mon, 13 Apr 2026 11:01:24 +0000 (13:01 +0200)
committerPaolo Bonzini <pbonzini@redhat.com>
Mon, 13 Apr 2026 11:01:50 +0000 (13:01 +0200)
commitea8bc95fbb75da215b7533c7c46f63423e84ff5e
tree415958be1b51e9ec2d1accaf1ff7732f776bb5eetree | snapshot
parent1b3090da8d25b1dd59744e32e6872c2831fed874commit | diff
parent052ca584bd7c51de0de96e684631570459d46cdacommit | diff
Merge tag 'kvm-x86-nested-7.1' of https://github.com/kvm-x86/linux into HEAD

KVM nested SVM changes for 7.1 (with one common x86 fix)

 - To minimize the probability of corrupting guest state, defer KVM's
   non-architectural delivery of exception payloads (e.g. CR2 and DR6) until
   consumption of the payload is imminent, and force delivery of the payload
   in all paths where userspace saves relevant state.

 - Use vcpu->arch.cr2 when updating vmcb12's CR2 on nested #VMEXIT to fix a
   bug where L2's CR2 can get corrupted after a save/restore, e.g. if the VM
   is migrated while L2 is faulting in memory.

 - Fix a class of nSVM bugs where some fields written by the CPU are not
   synchronized from vmcb02 to cached vmcb12 after VMRUN, and so are not
   up-to-date when saved by KVM_GET_NESTED_STATE.

 - Fix a class of bugs where the ordering between KVM_SET_NESTED_STATE and
   KVM_SET_{S}REGS could cause vmcb02 to be incorrectly initialized after
   save+restore.

 - Add a variety of missing nSVM consistency checks.

 - Fix several bugs where KVM failed to correctly update VMCB fields on nested
   #VMEXIT.

 - Fix several bugs where KVM failed to correctly synthesize #UD or #GP for
   SVM-related instructions.

 - Add support for save+restore of virtualized LBRs (on SVM).

 - Refactor various helpers and macros to improve clarity and (hopefully) make
   the code easier to maintain.

 - Aggressively sanitize fields when copying from vmcb12 to guard against
   unintentionally allowing L1 to utilize yet-to-be-defined features.

 - Fix several bugs where KVM botched rAX legality checks when emulating SVM
   instructions.  Note, KVM is still flawed in that KVM doesn't address size
   prefix overrides for 64-bit guests; this should probably be documented as a
   KVM erratum.

 - Fail emulation of VMRUN/VMLOAD/VMSAVE if mapping vmcb12 fails instead of
   somewhat arbitrarily synthesizing #GP (i.e. don't bastardize AMD's already-
   sketchy behavior of generating #GP if for "unsupported" addresses).

 - Cache all used vmcb12 fields to further harden against TOCTOU bugs.
12 files changed:
arch/x86/include/asm/kvm_host.h diff1 | diff2 | blob | history
arch/x86/kvm/emulate.c diff1 | diff2 | blob | history
arch/x86/kvm/svm/nested.c diff1 | diff2 | blob | history
arch/x86/kvm/svm/sev.c diff1 | diff2 | blob | history
arch/x86/kvm/svm/svm.c diff1 | diff2 | blob | history
arch/x86/kvm/svm/svm.h diff1 | diff2 | blob | history
arch/x86/kvm/vmx/nested.c diff1 | diff2 | blob | history
arch/x86/kvm/vmx/vmx.c diff1 | diff2 | blob | history
arch/x86/kvm/x86.c diff1 | diff2 | blob | history
arch/x86/kvm/x86.h diff1 | diff2 | blob | history
tools/testing/selftests/kvm/Makefile.kvm diff1 | diff2 | blob | history
tools/testing/selftests/kvm/include/x86/processor.h diff1 | diff2 | blob | history
A mirror of Linus' kernel repository