From 8e5d793fc7173587cfdc075d2bb4a8d016fa050f Mon Sep 17 00:00:00 2001 From: Sean Christopherson Date: Thu, 18 Jun 2026 11:56:41 -0700 Subject: [PATCH] KVM: x86/mmu: Bug the VM, not the host kernel, if KVM write-protects upper SPTEs Instead of bugging the host kernel, WARN and terminate the VM if KVM attempts to write-protect at a level that cannot use leaf SPTEs. There is no reason to bring down the entire host; even termininating the VM is likely overkill, but in theory a missed write could corrupt guest memory, so play it safe. Signed-off-by: Sean Christopherson Reviewed-by: Kai Huang Message-ID: <20260618185641.2022368-1-seanjc@google.com> Signed-off-by: Paolo Bonzini --- arch/x86/kvm/mmu/tdp_mmu.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/mmu/tdp_mmu.c b/arch/x86/kvm/mmu/tdp_mmu.c index 5b3041138301b..c1cbae65d239f 100644 --- a/arch/x86/kvm/mmu/tdp_mmu.c +++ b/arch/x86/kvm/mmu/tdp_mmu.c @@ -1410,9 +1410,10 @@ static bool wrprot_gfn_range(struct kvm *kvm, struct kvm_mmu_page *root, u64 new_spte; bool spte_set = false; - rcu_read_lock(); + if (KVM_BUG_ON(min_level > KVM_MAX_HUGEPAGE_LEVEL, kvm)) + return false; - BUG_ON(min_level > KVM_MAX_HUGEPAGE_LEVEL); + rcu_read_lock(); for_each_tdp_pte_min_level(iter, kvm, root, min_level, start, end) { retry: @@ -1844,7 +1845,8 @@ static bool write_protect_gfn(struct kvm *kvm, struct kvm_mmu_page *root, u64 new_spte; bool spte_set = false; - BUG_ON(min_level > KVM_MAX_HUGEPAGE_LEVEL); + if (KVM_BUG_ON(min_level > KVM_MAX_HUGEPAGE_LEVEL, kvm)) + return false; rcu_read_lock(); -- 2.47.3