On an EPT violation, bit 7 of the exit qualification is set if the guest linear-address is valid. The derived page fault error code should not be checked for this bit.
Fixes: f3009482512e ("KVM: VMX: Set PFERR_GUEST_{FINAL,PAGE}_MASK if and only if the GVA is valid") Cc: stable@vger.kernel.org Signed-off-by: Sukrit Bhatnagar Sukrit.Bhatnagar@sony.com Reviewed-by: Xiaoyao Li xiaoyao.li@intel.com Link: https://patch.msgid.link/20251106052853.3071088-1-Sukrit.Bhatnagar@sony.com Signed-off-by: Sean Christopherson seanjc@google.com (cherry picked from commit d0164c161923ac303bd843e04ebe95cfd03c6e19) Signed-off-by: Sukrit Bhatnagar Sukrit.Bhatnagar@sony.com --- arch/x86/kvm/vmx/vmx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 6c185a260c5b..d0387f543107 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -5810,7 +5810,7 @@ static int handle_ept_violation(struct kvm_vcpu *vcpu) error_code |= (exit_qualification & EPT_VIOLATION_RWX_MASK) ? PFERR_PRESENT_MASK : 0;
- if (error_code & EPT_VIOLATION_GVA_IS_VALID) + if (exit_qualification & EPT_VIOLATION_GVA_IS_VALID) error_code |= (exit_qualification & EPT_VIOLATION_GVA_TRANSLATED) ? PFERR_GUEST_FINAL_MASK : PFERR_GUEST_PAGE_MASK;
On Fri, Nov 21, 2025, Sukrit Bhatnagar wrote:
On an EPT violation, bit 7 of the exit qualification is set if the guest linear-address is valid. The derived page fault error code should not be checked for this bit.
Fixes: f3009482512e ("KVM: VMX: Set PFERR_GUEST_{FINAL,PAGE}_MASK if and only if the GVA is valid") Cc: stable@vger.kernel.org Signed-off-by: Sukrit Bhatnagar Sukrit.Bhatnagar@sony.com Reviewed-by: Xiaoyao Li xiaoyao.li@intel.com Link: https://patch.msgid.link/20251106052853.3071088-1-Sukrit.Bhatnagar@sony.com Signed-off-by: Sean Christopherson seanjc@google.com (cherry picked from commit d0164c161923ac303bd843e04ebe95cfd03c6e19) Signed-off-by: Sukrit Bhatnagar Sukrit.Bhatnagar@sony.com
No need for the manual "backport", commits that are tagged for stable@ are automically pulled into LTS kernels so long as they apply cleanly (and obviously don't cause problems).
On 2025-11-22 03:11, Sean Christopherson wrote:
No need for the manual "backport", commits that are tagged for stable@ are automically pulled into LTS kernels so long as they apply cleanly (and obviously don't cause problems).
This commit did not apply cleanly to the 6.12-stable tree, as notified earlier by Greg's mail. 6.17-stable seemed to have no issues.
The function handle_ept_violation got some changes in v6.16 c8563d1b6998 ("KVM: VMX: Split out guts of EPT violation to common/exposed function") which moved the code from vmx/vmx.c to vmx/common.h. So, v6.16+ is ok, but not the earlier ones.
I think this manual backport commit is needed. Please let me know if my understanding is not correct.
-- Thanks Sukrit
linux-stable-mirror@lists.linaro.org
-
Sean Christopherson -
Sukrit Bhatnagar -
Sukrit.Bhatnagar@sony.com