KVM: nSVM: Triple fault if mapping VMCB12 fails on nested #VMEXIT

KVM currently injects a #GP and hopes for the best if mapping VMCB12
fails on nested #VMEXIT, and only if the failure mode is -EINVAL.
Mapping the VMCB12 could also fail if creating host mappings fails.

After the #GP is injected, nested_svm_vmexit() bails early, without
cleaning up (e.g. KVM_REQ_GET_NESTED_STATE_PAGES is set, is_guest_mode()
is true, etc).

Instead of optionally injecting a #GP, triple fault the guest if mapping
VMCB12 fails since KVM cannot make a sane recovery. The APM states that
a #VMEXIT will triple fault if host state is illegal or an exception
occurs while loading host state, so the behavior is not entirely made
up.

Do not return early from nested_svm_vmexit(), continue cleaning up the
vCPU state (e.g. switch back to vmcb01), to handle the failure as
gracefully as possible.

Fixes: cf74a78b229d ("KVM: SVM: Add VMEXIT handler and intercepts")
CC: stable@vger.kernel.org
Co-developed-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Yosry Ahmed <yosry@kernel.org>
Link: https://patch.msgid.link/20260303003421.2185681-9-yosry@kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>

diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index 8c01916cb1549010e517810b6c38128f6d9da7e0..30c99bbe9927dd2ca46442b587d3cca22eac31df 100644 (file)
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -1199,12 +1199,8 @@ int nested_svm_vmexit(struct vcpu_svm *svm)
        struct vmcb *vmcb02 = svm->nested.vmcb02.ptr;
        int rc;
 
-       rc = nested_svm_vmexit_update_vmcb12(vcpu);
-       if (rc) {
-               if (rc == -EINVAL)
-                       kvm_inject_gp(vcpu, 0);
-               return 1;
-       }
+       if (nested_svm_vmexit_update_vmcb12(vcpu))
+               kvm_make_request(KVM_REQ_TRIPLE_FAULT, vcpu);
 
        /* Exit Guest-Mode */
        leave_guest_mode(vcpu);