On Mon, Apr 04, 2022, Maciej S. Szmigiero wrote:
> > @@ -1606,7 +1622,7 @@ static int svm_set_nested_state(struct kvm_vcpu *vcpu,
> > nested_copy_vmcb_control_to_cache(svm, ctl);
> > svm_switch_vmcb(svm, &svm->nested.vmcb02);
> > - nested_vmcb02_prepare_control(svm);
> > + nested_vmcb02_prepare_control(svm, save->rip);
>
> ^
> I guess this should be "svm->vmcb->save.rip", since
> KVM_{GET,SET}_NESTED_STATE "save" field contains vmcb01 data,
> not vmcb{0,1}2 (in contrast to the "control" field).
Argh, yes. Is userspace required to set L2 guest state prior to KVM_SET_NESTED_STATE?
If not, this will result in garbage being loaded into vmcb02.
