KVM: x86: Fix ERAPS RAP clear on INVPCID single-context invalidation

Use kvm_register_mark_dirty() instead of kvm_register_is_dirty() to
actually mark VCPU_EXREG_ERAPS as dirty when emulating
INVPCID_TYPE_SINGLE_CTXT.  kvm_register_is_dirty() is a read-only
predicate whose return value is discarded, making the call a no-op.
Without this fix, a single-context INVPCID will not trigger a RAP clear
on the next VMRUN, breaking the ERAPS security guarantee.

Fixes: db5e82496492 ("KVM: SVM: Virtualize and advertise support for ERAPS")
Signed-off-by: Emily Ehlert <ehemily@amazon.de>
Link: https://patch.msgid.link/20260518135956.82569-1-ehemily@amazon.de
Signed-off-by: Sean Christopherson <seanjc@google.com>

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index e01d6984ed04f175d877ad160378fbd4a1f09d3d..108318e1b3f0b3c0889fd32a19c8ad5bb3d879f3 100644 (file)
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -14330,7 +14330,7 @@ int kvm_handle_invpcid(struct kvm_vcpu *vcpu, unsigned long type, gva_t gva)
                 * the RAP (Return Address Predicator).
                 */
                if (guest_cpu_cap_has(vcpu, X86_FEATURE_ERAPS))
-                       kvm_register_is_dirty(vcpu, VCPU_EXREG_ERAPS);
+                       kvm_register_mark_dirty(vcpu, VCPU_EXREG_ERAPS);
 
                kvm_invalidate_pcid(vcpu, operand.pcid);
                return kvm_skip_emulated_instruction(vcpu);