diff options
| author | Emily Ehlert <ehemily@amazon.de> | 2026-05-18 13:59:56 +0000 |
|---|---|---|
| committer | Sean Christopherson <seanjc@google.com> | 2026-05-21 14:20:24 -0700 |
| commit | b60621c5121c9435eda99af7dc2100f5c0f88695 (patch) | |
| tree | e51b334ab428135af126e1676ba750a0d764c9ef /arch/x86/kvm | |
| parent | 34065a5f3cf94886e59e2a8b5db00515f32d6cf2 (diff) | |
| download | lwn-b60621c5121c9435eda99af7dc2100f5c0f88695.tar.gz lwn-b60621c5121c9435eda99af7dc2100f5c0f88695.zip | |
KVM: x86: Fix ERAPS RAP clear on INVPCID single-context invalidation
Use kvm_register_mark_dirty() instead of kvm_register_is_dirty() to
actually mark VCPU_EXREG_ERAPS as dirty when emulating
INVPCID_TYPE_SINGLE_CTXT. kvm_register_is_dirty() is a read-only
predicate whose return value is discarded, making the call a no-op.
Without this fix, a single-context INVPCID will not trigger a RAP clear
on the next VMRUN, breaking the ERAPS security guarantee.
Fixes: db5e82496492 ("KVM: SVM: Virtualize and advertise support for ERAPS")
Signed-off-by: Emily Ehlert <ehemily@amazon.de>
Link: https://patch.msgid.link/20260518135956.82569-1-ehemily@amazon.de
Signed-off-by: Sean Christopherson <seanjc@google.com>
Diffstat (limited to 'arch/x86/kvm')
| -rw-r--r-- | arch/x86/kvm/x86.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index e01d6984ed04..108318e1b3f0 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -14330,7 +14330,7 @@ int kvm_handle_invpcid(struct kvm_vcpu *vcpu, unsigned long type, gva_t gva) * the RAP (Return Address Predicator). */ if (guest_cpu_cap_has(vcpu, X86_FEATURE_ERAPS)) - kvm_register_is_dirty(vcpu, VCPU_EXREG_ERAPS); + kvm_register_mark_dirty(vcpu, VCPU_EXREG_ERAPS); kvm_invalidate_pcid(vcpu, operand.pcid); return kvm_skip_emulated_instruction(vcpu); |