git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Yosry Ahmed <yosry@kernel.org>
	Tue, 3 Mar 2026 00:34:03 +0000 (00:34 +0000)
committer	Sean Christopherson <seanjc@google.com>
	Thu, 5 Mar 2026 00:08:48 +0000 (16:08 -0800)
commit	5d291ef0585ed880ed4dd71ea1a5965e0a65fb53
tree	ae1a3f1b64706df9b77391ecc2c5f6eca45a4863	tree \| snapshot
parent	1b30e7551767cb95b3e49bb169c72bbd76b56e05	commit \| diff

KVM: nSVM: Triple fault if restore host CR3 fails on nested #VMEXIT

If loading L1's CR3 fails on a nested #VMEXIT, nested_svm_vmexit()
returns an error code that is ignored by most callers, and continues to
run L1 with corrupted state. A sane recovery is not possible in this
case, and HW behavior is to cause a shutdown. Inject a triple fault
instead, and do not return early from nested_svm_vmexit(). Continue
cleaning up the vCPU state (e.g. clear pending exceptions), to handle
the failure as gracefully as possible.

From the APM:

  Upon #VMEXIT, the processor performs the following actions in order to
  return to the host execution context:

  ...

  if (illegal host state loaded, or exception while loading host state)
      shutdown
  else
      execute first host instruction following the VMRUN

Remove the return value of nested_svm_vmexit(), which is mostly
unchecked anyway.

Fixes: d82aaef9c88a ("KVM: nSVM: use nested_svm_load_cr3() on guest->host switch")
CC: stable@vger.kernel.org
Signed-off-by: Yosry Ahmed <yosry@kernel.org>
Link: https://patch.msgid.link/20260303003421.2185681-10-yosry@kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>

arch/x86/kvm/svm/nested.c		diff \| blob \| blame \| history
arch/x86/kvm/svm/svm.c		diff \| blob \| blame \| history
arch/x86/kvm/svm/svm.h		diff \| blob \| blame \| history