Use kvm_register_mark_dirty() instead of kvm_register_is_dirty() to actually mark VCPU_EXREG_ERAPS as dirty when emulating INVPCID_TYPE_SINGLE_CTXT. kvm_register_is_dirty() is a read-only predicate whose return value is discarded, making the call a no-op. Without this fix, a single-context INVPCID will not trigger a RAP clear on the next VMRUN, breaking the ERAPS security guarantee. Fixes: db5e82496492 ("KVM: SVM: Virtualize and advertise support for ERAPS") Signed-off-by: Emily Ehlert --- Hi, we recently discovered a SVM bug where ERAPS are not properly cleared, this may have security implications. I attached an AI assisted security analysis. The bug is reachable when INVPCID is intercepted while ERAPS is exposed to the guest. When NPT is disabled then INVPCID is always intercepted when shadow paging is acive. ERAPS can I think be active while NPT is disabled (commit does not guard against it). So when triggered the consequence is that the guest retains stale RAP entries after the INVPCID call. A malicious guest could exploit this to speculatively influence return predictions of another process within the same guest underminding the ERAP security gurantee that the RAP is cleared in the PCID invalidation. Severity: Low-Medium. Exploitation requires either an unusual host configuration (npt=0, which is primarily a debugging mode) or a nested virtualization setup with a cooperative L1 hypervisor. The attack is intra-guest (guest process vs. guest kernel), not guest-to-host, since ERAPS hardware tagging still separates host and guest RAP entries. arch/x86/kvm/x86.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index fd1c4a36b5936..181a78c30260d 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -14207,7 +14207,7 @@ int kvm_handle_invpcid(struct kvm_vcpu *vcpu, unsigned long type, gva_t gva) * the RAP (Return Address Predicator). */ if (guest_cpu_cap_has(vcpu, X86_FEATURE_ERAPS)) - kvm_register_is_dirty(vcpu, VCPU_EXREG_ERAPS); + kvm_register_mark_dirty(vcpu, VCPU_EXREG_ERAPS); kvm_invalidate_pcid(vcpu, operand.pcid); return kvm_skip_emulated_instruction(vcpu); -- 2.47.3 Amazon Web Services Development Center Germany GmbH Tamara-Danz-Str. 13 10243 Berlin Geschaeftsfuehrung: Christof Hellmis, Andreas Stieger Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B Sitz: Berlin Ust-ID: DE 365 538 597