[06/12] KVM: nVMX: Fail on MMIO completion for nested posted interrupts

KVM: nVMX: Fix vmcs02 PID use-after-free issue

Jim Mattson May 20, 2021, 11:03 p.m.
When the kernel has no mapping for the vmcs02 virtual APIC page,
userspace MMIO completion is necessary to process nested posted
interrupts. This is not a configuration that KVM supports. Rather than
silently ignoring the problem, try to exit to userspace with

Note that the event that triggers this error is consumed as a
side-effect of a call to kvm_check_nested_events. On some paths
(notably through kvm_vcpu_check_block), the error is dropped. In any
case, this is an incremental improvement over always ignoring the

Signed-off-by: Jim Mattson <jmattson@google.com>
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index 7646e6e561ad..706c31821362 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -3700,7 +3700,7 @@  static int vmx_complete_nested_posted_interrupt(struct kvm_vcpu *vcpu)
 	if (max_irr != 256) {
 		vapic_page = vmx->nested.virtual_apic_map.hva;
 		if (!vapic_page)
-			return 0;
+			goto mmio_needed;
 			vapic_page, &max_irr);
@@ -3714,6 +3714,10 @@  static int vmx_complete_nested_posted_interrupt(struct kvm_vcpu *vcpu)
 	return 0;
+	kvm_handle_memory_failure(vcpu, X86EMUL_IO_NEEDED, NULL);
+	return -ENXIO;
 static void nested_vmx_inject_exception_vmexit(struct kvm_vcpu *vcpu,