KVM: nSVM: Always inject a #GP if mapping VMCB12 fails on nested VMRUN

Yosry Ahmed · opsiff · commit 179e33f6ea8c · 2026-05-25T16:45:09.000+08:00
commit 01ddcdc55e097ca38c28ae656711b8e6d1df71f8 upstream. nested_svm_vmrun() currently only injects a #GP if kvm_vcpu_map() fails with -EINVAL. But it could also fail with -EFAULT if creating a host mapping failed. Inject a #GP in all cases, no reason to treat failure modes differently. Fixes: 8c5fbf1 ("KVM/nSVM: Use the new mapping API for mapping guest memory") CC: stable@vger.kernel.org Co-developed-by: Sean Christopherson <seanjc@google.com> Signed-off-by: Yosry Ahmed <yosry@kernel.org> Link: https://patch.msgid.link/20260303003421.2185681-6-yosry@kernel.org Signed-off-by: Sean Christopherson <seanjc@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> (cherry picked from commit ddc242a7bb449a935afdfa877f291e8d958170df) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
@@ -863,12 +863,9 @@ int nested_svm_vmrun(struct kvm_vcpu *vcpu)
 	}
 
 	vmcb12_gpa = svm->vmcb->save.rax;
-	ret = kvm_vcpu_map(vcpu, gpa_to_gfn(vmcb12_gpa), &map);
-	if (ret == -EINVAL) {
+	if (kvm_vcpu_map(vcpu, gpa_to_gfn(vmcb12_gpa), &map)) {
 		kvm_inject_gp(vcpu, 0);
 		return 1;
-	} else if (ret) {
-		return kvm_skip_emulated_instruction(vcpu);
 	}
 
 	ret = kvm_skip_emulated_instruction(vcpu);

Original file line number	Diff line number	Diff line change
`@@ -863,12 +863,9 @@ int nested_svm_vmrun(struct kvm_vcpu *vcpu)`
`863`	`863`	`}`
`864`	`864`
`865`	`865`	`vmcb12_gpa = svm->vmcb->save.rax;`
`866`		`- ret = kvm_vcpu_map(vcpu, gpa_to_gfn(vmcb12_gpa), &map);`
`867`		`- if (ret == -EINVAL) {`
	`866`	`+ if (kvm_vcpu_map(vcpu, gpa_to_gfn(vmcb12_gpa), &map)) {`
`868`	`867`	`kvm_inject_gp(vcpu, 0);`
`869`	`868`	`return 1;`
`870`		`- } else if (ret) {`
`871`		`- return kvm_skip_emulated_instruction(vcpu);`
`872`	`869`	`}`
`873`	`870`
`874`	`871`	`ret = kvm_skip_emulated_instruction(vcpu);`