In nested virtualization, if L1 sets an EPTP in VMCS12 that points beyond the assigned memory area and initiates a vmlaunch to L2, the existing KVM code handles the vmlaunch, and passes the VMCS consistency check. However, due to EPTP pointing outside accessible memory from the vCPU in mmu_check_root(), it attempts to trigger a triple fault. As a result, the nested_vmx_triple_fault() and nested_vmx_vmexit() are called before the actual vmlaunch to L2 occurs. Despite the vmlaunch not actually being executed in L2, KVM attempts a vmexit to L1, resulting in a warning in nested_vmx_vmexit() due to the nested_run_pending flag. This commit resolves the issue by modifying the nested_vmx_check_eptp() to return false when EPTP points outside the assigned memory area. This effectively prevents a vmlaunch with such an EPTP, thus avoiding the unnecessary warning. Signed-off-by: Reima Ishii <ishiir@xxxxxxxxxxxxxxxxxxx> --- arch/x86/kvm/vmx/nested.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index e35cf0bd0df9..721f98a5dc24 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -2727,6 +2727,10 @@ static bool nested_vmx_check_eptp(struct kvm_vcpu *vcpu, u64 new_eptp) return false; } + /* Check if EPTP points to an assigned memory area */ + if (!kvm_vcpu_is_visible_gfn(vcpu, new_eptp >> PAGE_SHIFT)) + return false; + return true; } -- 2.34.1
