KVM: x86: Replace BUG_ON() with WARN_ON_ONCE() on "bad" nested GPA translation

If KVM attempts to translate what it thinks is an L2 GPA with a non-nested
MMU, simply WARN and return the GPA, i.e. trust the MMU more than the
caller, as there is zero reason to potentially panic the host kernel just
because KVM misused an API.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Kai Huang <kai.huang@intel.com>
Message-ID: <20260618185746.2023283-1-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index 9aedb88c832d74172436d924facc8994eb540403..3e6c671a8dc265f67c51abe7d97c161e2060289d 100644 (file)
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -2152,7 +2152,8 @@ static gpa_t svm_translate_nested_gpa(struct kvm_vcpu *vcpu, gpa_t gpa,
        struct vcpu_svm *svm = to_svm(vcpu);
        struct kvm_mmu *mmu = vcpu->arch.mmu;
 
-       BUG_ON(!mmu_is_nested(vcpu));
+       if (WARN_ON_ONCE(!mmu_is_nested(vcpu)))
+               return gpa;
 
        /* Non-GMET walks are always user-walks */
        if (!(svm->nested.ctl.misc_ctl & SVM_MISC_ENABLE_GMET))

diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index 3a293640d58c29f8ecf9177efaea36fdb2d654ca..6957bb6f5cf7ebe2d7b4c9a34db5d36c36b6fd0e 100644 (file)
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -7470,7 +7470,8 @@ static gpa_t vmx_translate_nested_gpa(struct kvm_vcpu *vcpu, gpa_t gpa,
 {
        struct kvm_mmu *mmu = vcpu->arch.mmu;
 
-       BUG_ON(!mmu_is_nested(vcpu));
+       if (WARN_ON_ONCE(!mmu_is_nested(vcpu)))
+               return gpa;
 
        /*
         * MBEC differentiates based on the effective U/S bit of