Commit fe0ff7d8 authored Mar 24, 2025 by Chao Gao Committed by Greg Kroah-Hartman Jun 27, 2025

KVM: VMX: Flush shadow VMCS on emergency reboot



commit a0ee1d5f upstream.

Ensure the shadow VMCS cache is evicted during an emergency reboot to
prevent potential memory corruption if the cache is evicted after reboot.

This issue was identified through code inspection, as __loaded_vmcs_clear()
flushes both the normal VMCS and the shadow VMCS.

Avoid checking the "launched" state during an emergency reboot, unlike the
behavior in __loaded_vmcs_clear(). This is important because reboot NMIs
can interfere with operations like copy_shadow_to_vmcs12(), where shadow
VMCSes are loaded directly using VMPTRLD. In such cases, if NMIs occur
right after the VMCS load, the shadow VMCSes will be active but the
"launched" state may not be set.

Fixes: 16f5b903 ("KVM: nVMX: Copy processor-specific shadow-vmcs to VMCS12")
Cc: stable@vger.kernel.org
Signed-off-by: Chao Gao <chao.gao@intel.com>
Reviewed-by: Kai Huang <kai.huang@intel.com>
Link: https://lore.kernel.org/r/20250324140849.2099723-1-chao.gao@intel.com


Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 0d7a2ea4

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit 98aebd30
· Nov 05, 2025

mentioned in commit 98aebd30

mentioned in commit 98aebd3013cb357a788f3e37c99926e557da36c8

Toggle commit list

Please to comment