From nobody Wed Apr 8 04:25:12 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C2679C32793 for ; Wed, 24 Aug 2022 03:31:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234740AbiHXDbR (ORCPT ); Tue, 23 Aug 2022 23:31:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44252 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234673AbiHXDbD (ORCPT ); Tue, 23 Aug 2022 23:31:03 -0400 Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com [IPv6:2607:f8b0:4864:20::114a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 32DD083043 for ; Tue, 23 Aug 2022 20:31:02 -0700 (PDT) Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-334d894afd8so271883007b3.19 for ; Tue, 23 Aug 2022 20:31:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:reply-to:from:to:cc; bh=9IPC0RZFheCu6HPtQaFzEc+kW9Jmfu38UrDWGGGi5M0=; b=R9TiQdriz832WuZrCwqfZK6ZKXp64ULx9Ynn99liQK/mT6Acni54GKWX+PAxoQRZq0 3P4o6JdnizMfTbNCkcN6bRI1NKsTE4fo6+VoxAd062MZqJT6g5gY/SIFl69JhuUjaXs3 vx7AvbXzjHlg5vO18lvjD5h530tLY5iVqtYWH8eb6C/t/vHn26Ujl70gwKhICu94/0KJ h+PCCbUmGxHtgajkuHBje5QsjT3DfulTPEeCTymf88rKKrMEcecwtYNYWv3iP1/qGkQR BFPL5zRAUMWR8+29cmqBPSihDC3K/YM4cGYLmV3ZSwlhIBjJHDkJu5z6pJc9FZBFUoZT fEyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc; bh=9IPC0RZFheCu6HPtQaFzEc+kW9Jmfu38UrDWGGGi5M0=; b=FFPoeXobaM8yXZIaoTzDQFD8cqSvR7huz55uzZUXARDtelMplY0ftEzBuE3YG2olDp AZ1eL3u6iLb3lkUlAD0wveYuvrfXY+udju6hESZI7T7tPo+BP4q0TILAtzZ4CHq/+m8S 1hMvxwJ5CQT4iaHo+T9v+7yfvpww8A+xIb7wWbOywVBtlJuElHaPlWPNdIEUDkAI4HRP WgMSfyGwaLlqi4DOch1lrn7AlEZ20YhBQA1LrmDtxdEZYmAonkMinz3oHleBHfVYUMyD wX/4NkhcbWLzbUWQ1t/jhrb5AjW6kDQvH47NL6UHvk3G6lVlgp2W7V0/Ntcih2fPtjB3 MKUw== X-Gm-Message-State: ACgBeo2q5/Z7tPZ8Ud6OOvvgT47qtxKDp1u+UwrB4ukc1j8Unj8svWmB 77qPPZmabW+MneTrKA+UHwSGkqBQqIY= X-Google-Smtp-Source: AA6agR6WjjPJdaIIt2w61lrBMNCH6OPOnEj03rNvKg4GYyvMXwahq3iOD390HhM8Xud+KyAyfHcONhRhJ4Y= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a81:39d5:0:b0:33d:a75a:1bdd with SMTP id g204-20020a8139d5000000b0033da75a1bddmr268455ywa.340.1661311861937; Tue, 23 Aug 2022 20:31:01 -0700 (PDT) Reply-To: Sean Christopherson Date: Wed, 24 Aug 2022 03:30:55 +0000 In-Reply-To: <20220824033057.3576315-1-seanjc@google.com> Message-Id: <20220824033057.3576315-2-seanjc@google.com> Mime-Version: 1.0 References: <20220824033057.3576315-1-seanjc@google.com> X-Mailer: git-send-email 2.37.1.595.g718a3a8f04-goog Subject: [PATCH 1/3] KVM: x86: Reinstate kvm_vcpu_arch.guest_supported_xcr0 From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Leonardo Bras , "Dr . David Alan Gilbert" , Vitaly Kuznetsov Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Reinstate the per-vCPU guest_supported_xcr0 by partially reverting commit 988896bb6182; the implicit assessment that guest_supported_xcr0 is always the same as guest_fpu.fpstate->user_xfeatures was incorrect. kvm_vcpu_after_set_cpuid() isn't the only place that sets user_xfeatures, as user_xfeatures is set to fpu_user_cfg.default_features when guest_fpu is allocated via fpu_alloc_guest_fpstate() =3D> __fpstate_reset(). guest_supported_xcr0 on the other hand is zero-allocated. If userspace never invokes KVM_SET_CPUID2, supported XCR0 will be '0', whereas the allowed user XFEATURES will be non-zero. Practically speaking, the edge case likely doesn't matter as no sane userspace will live migrate a VM without ever doing KVM_SET_CPUID2. The primary motivation is to prepare for KVM intentionally and explicitly setting bits in user_xfeatures that are not set in guest_supported_xcr0. Because KVM_{G,S}ET_XSAVE can be used to svae/restore FP+SSE state even if the host doesn't support XSAVE, KVM needs to set the FP+SSE bits in user_xfeatures even if they're not allowed in XCR0, e.g. because XCR0 isn't exposed to the guest. At that point, the simplest fix is to track the two things separately (allowed save/restore vs. allowed XCR0). Fixes: 988896bb6182 ("x86/kvm/fpu: Remove kvm_vcpu_arch.guest_supported_xcr= 0") Cc: stable@vger.kernel.org Cc: Leonardo Bras Signed-off-by: Sean Christopherson --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/cpuid.c | 5 ++--- arch/x86/kvm/x86.c | 9 ++------- 3 files changed, 5 insertions(+), 10 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_hos= t.h index 2c96c43c313a..aa381ab69a19 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -729,6 +729,7 @@ struct kvm_vcpu_arch { struct fpu_guest guest_fpu; =20 u64 xcr0; + u64 guest_supported_xcr0; =20 struct kvm_pio_request pio; void *pio_data; diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 75dcf7a72605..2e0f27ad736a 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -315,7 +315,6 @@ static void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *v= cpu) { struct kvm_lapic *apic =3D vcpu->arch.apic; struct kvm_cpuid_entry2 *best; - u64 guest_supported_xcr0; =20 best =3D kvm_find_cpuid_entry(vcpu, 1); if (best && apic) { @@ -327,10 +326,10 @@ static void kvm_vcpu_after_set_cpuid(struct kvm_vcpu = *vcpu) kvm_apic_set_version(vcpu); } =20 - guest_supported_xcr0 =3D + vcpu->arch.guest_supported_xcr0 =3D cpuid_get_supported_xcr0(vcpu->arch.cpuid_entries, vcpu->arch.cpuid_nent= ); =20 - vcpu->arch.guest_fpu.fpstate->user_xfeatures =3D guest_supported_xcr0; + vcpu->arch.guest_fpu.fpstate->user_xfeatures =3D vcpu->arch.guest_support= ed_xcr0; =20 kvm_update_pv_runtime(vcpu); =20 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index d7374d768296..97ab53046052 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1011,15 +1011,10 @@ void kvm_load_host_xsave_state(struct kvm_vcpu *vcp= u) } EXPORT_SYMBOL_GPL(kvm_load_host_xsave_state); =20 -static inline u64 kvm_guest_supported_xcr0(struct kvm_vcpu *vcpu) -{ - return vcpu->arch.guest_fpu.fpstate->user_xfeatures; -} - #ifdef CONFIG_X86_64 static inline u64 kvm_guest_supported_xfd(struct kvm_vcpu *vcpu) { - return kvm_guest_supported_xcr0(vcpu) & XFEATURE_MASK_USER_DYNAMIC; + return vcpu->arch.guest_supported_xcr0 & XFEATURE_MASK_USER_DYNAMIC; } #endif =20 @@ -1042,7 +1037,7 @@ static int __kvm_set_xcr(struct kvm_vcpu *vcpu, u32 i= ndex, u64 xcr) * saving. However, xcr0 bit 0 is always set, even if the * emulated CPU does not support XSAVE (see kvm_vcpu_reset()). */ - valid_bits =3D kvm_guest_supported_xcr0(vcpu) | XFEATURE_MASK_FP; + valid_bits =3D vcpu->arch.guest_supported_xcr0 | XFEATURE_MASK_FP; if (xcr0 & ~valid_bits) return 1; =20 --=20 2.37.1.595.g718a3a8f04-goog From nobody Wed Apr 8 04:25:12 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 710FBC32774 for ; Wed, 24 Aug 2022 03:31:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234143AbiHXDbX (ORCPT ); Tue, 23 Aug 2022 23:31:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44280 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234700AbiHXDbH (ORCPT ); Tue, 23 Aug 2022 23:31:07 -0400 Received: from mail-pl1-x649.google.com (mail-pl1-x649.google.com [IPv6:2607:f8b0:4864:20::649]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 15ADE82FBE for ; Tue, 23 Aug 2022 20:31:04 -0700 (PDT) Received: by mail-pl1-x649.google.com with SMTP id f1-20020a170902ce8100b001731029cd6bso1162984plg.1 for ; Tue, 23 Aug 2022 20:31:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:reply-to:from:to:cc; bh=2uNZhNlygYfzqtsufi8grh7zfz/isIffnv0kaF6zjFw=; b=nvhkP1quL0nCRBfrxMLWjqyp/MZEExScs2NzyX9rCFcZOgEhFpmYcC/g99s0b6XqRA nGuR76qd67RN6PqoWyhI1pxj5tb9lZMmm5XY8shjy7EM67pdRQEt1cu4d2JvnB7ckkro RL4q45KEi5tCNh0kO0bgc1KefEVe0rbVa9EfeKP55GmIRcE2S9Wp848Ul2fPWaV63EoE iJ0BIcbvr9uC6cKcEOAE4C0KEkSZHCw5csPKhkhqWQgc1kG0m9BTHCHdMZ/wUKCNq1RT wHQZmcnD+6KJV+/NuKz2rJs3kPxkUXRT1Xi3O2uMN1NTxGv3NS3/zKOTDJX57aGdnczS apRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc; bh=2uNZhNlygYfzqtsufi8grh7zfz/isIffnv0kaF6zjFw=; b=zVd3WBgJsdPKNjJjdQBBeX6IfjxjWw2GBwgfSmymXRgtUbe5jcRKQgj2n6VAWjEW1V MZ1q85FxAC3q3eBKPCR+JxD8lq5gnQrkH0VoTwl+MD+qB7P0VfL7GXKJm5gEqVQ+IjcO t2WM0EyynjXHR6W7RzaLHKaU+ZSwYz1yxurNlEso0L5aFHTX40atHEYRa6qhI0RN6fsG OfH40vnkJSLqVXdWQJlN2LJhrGEPBrWaS8Z2tWJQTFWcEibUTlBem89p0BUqT27ZxlsK j0pxzWwBkJsR7VlSOCdciZHdAeuK9rTnGn8UlHXRXhbfdzZYHH5DhmkICKycTBmafzVt y83w== X-Gm-Message-State: ACgBeo3cnH3FCaNafQB3ScEEOhwx/3lrcFvmmcUUTyMO2ieNQ3jeMUCU HJzCtNuB8bjeMtTHjTxsMfU5vxclOH0= X-Google-Smtp-Source: AA6agR4TQFp6F/x/VzAI7SFXRkCI9AJwEpueV0cQacS/3VkifY18ZPF87EIFebk2tUIH/i2uTHCN+oCv0D0= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:902:e94c:b0:171:3df0:c886 with SMTP id b12-20020a170902e94c00b001713df0c886mr27423263pll.39.1661311863609; Tue, 23 Aug 2022 20:31:03 -0700 (PDT) Reply-To: Sean Christopherson Date: Wed, 24 Aug 2022 03:30:56 +0000 In-Reply-To: <20220824033057.3576315-1-seanjc@google.com> Message-Id: <20220824033057.3576315-3-seanjc@google.com> Mime-Version: 1.0 References: <20220824033057.3576315-1-seanjc@google.com> X-Mailer: git-send-email 2.37.1.595.g718a3a8f04-goog Subject: [PATCH 2/3] KVM: x86: Always enable legacy FP/SSE in allowed user XFEATURES From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Leonardo Bras , "Dr . David Alan Gilbert" , Vitaly Kuznetsov Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Dr. David Alan Gilbert Allow FP and SSE state to be saved and restored via KVM_{G,SET}_XSAVE on XSAVE-capable hosts even if their bits are not exposed to the guest via XCR0. Failing to allow FP+SSE first showed up as a QEMU live migration failure, where migrating a VM from a pre-XSAVE host, e.g. Nehalem, to an XSAVE host failed due to KVM rejecting KVM_SET_XSAVE. However, the bug also causes problems even when migrating between XSAVE-capable hosts as KVM_GET_SAVE won't set any bits in user_xfeatures if XSAVE isn't exposed to the guest, i.e. KVM will fail to actually migrate FP+SSE. Because KVM_{G,S}ET_XSAVE are designed to allowing migrating between hosts with and without XSAVE, KVM_GET_XSAVE on a non-XSAVE (by way of fpu_copy_guest_fpstate_to_uabi()) always sets the FP+SSE bits in the header so that KVM_SET_XSAVE will work even if the new host supports XSAVE. Fixes: ad856280ddea ("x86/kvm/fpu: Limit guest user_xfeatures to supported = bits of XCR0") bz: https://bugzilla.redhat.com/show_bug.cgi?id=3D2079311 Cc: stable@vger.kernel.org Cc: Leonardo Bras Signed-off-by: Dr. David Alan Gilbert [sean: add comment, massage changelog] Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 2e0f27ad736a..4c1c2c06e96b 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -329,7 +329,13 @@ static void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *= vcpu) vcpu->arch.guest_supported_xcr0 =3D cpuid_get_supported_xcr0(vcpu->arch.cpuid_entries, vcpu->arch.cpuid_nent= ); =20 - vcpu->arch.guest_fpu.fpstate->user_xfeatures =3D vcpu->arch.guest_support= ed_xcr0; + /* + * FP+SSE can always be saved/restored via KVM_{G,S}ET_XSAVE, even if + * XSAVE/XCRO are not exposed to the guest, and even if XSAVE isn't + * supported by the host. + */ + vcpu->arch.guest_fpu.fpstate->user_xfeatures =3D vcpu->arch.guest_support= ed_xcr0 | + XFEATURE_MASK_FPSSE; =20 kvm_update_pv_runtime(vcpu); =20 --=20 2.37.1.595.g718a3a8f04-goog From nobody Wed Apr 8 04:25:12 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 19AB3C32774 for ; Wed, 24 Aug 2022 03:31:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234664AbiHXDba (ORCPT ); Tue, 23 Aug 2022 23:31:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44292 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234712AbiHXDbH (ORCPT ); Tue, 23 Aug 2022 23:31:07 -0400 Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com [IPv6:2607:f8b0:4864:20::1049]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E0DB183043 for ; Tue, 23 Aug 2022 20:31:05 -0700 (PDT) Received: by mail-pj1-x1049.google.com with SMTP id s17-20020a17090aad9100b001faf81f9654so198236pjq.5 for ; Tue, 23 Aug 2022 20:31:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:reply-to:from:to:cc; bh=8csu3CnKhbEs6Rc2o35KyWXX/h9ze9GUtfv0VR2tlfk=; b=miuX7jBFU/oCEUHgHQuycGX9dMPreQn027qut3yvNU5ZgenW+OmPRxtR4HZlBjOhcg POhM4rytcBwcaTU3faOywuzVhkT31be4949ibbCDgYN/mZ3u7lPzNtKCmuiF74a6pSGt K0MUxdplq7oPEoFQafJsw8K+tGjIQl+mamx/RBYQXdpCnitvswuu6JdHVOMSRCLt2AfM hnJg2Fxe8sb3RX0PmwmMhmR7/p5UEzLVAjWtviWVKuoCcvRwwUmOC4UDZN6AIVjZTmml YPKdULKVF+6KJ0xVxzAqW1qEwmdHOYD42dV24ze6TYs6LG57SqSLaQe9sttYP/YqHhhP 65jg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc; bh=8csu3CnKhbEs6Rc2o35KyWXX/h9ze9GUtfv0VR2tlfk=; b=7g9aA8TaMv6nBn4Cc6/Vy2PnCya6+0uMRilXwgK6din6ATsUXhuoWHUnFlmX+Z1sME TXkQhSdcCEAyLYbehajNI+sk2V9eCyhp1pKAZv1c0yxq4tbsa7Hey43390iwN+TV4B8Y WKEDerlOKsLfg6p8UIVphjhxgWZJhpD1sqoDHs/5xbbuDyVuX9v25glkanZo+Y2Y8007 0GOXsQAgoELVJK6bPyn6sqSl3aWuwxN86BIYUpWvSU+iH/uwPa42d1B1XYFkqNWqL4mV ZrO0vxWIbP9lTJbPnVBmdmhAZWbQksQDdi5aTo+9uOTd7ZF/biyJO3Fg6sVCg3iPpvFn mahw== X-Gm-Message-State: ACgBeo0s63xahlErltWzM4dPhOZXnj/JbLJV/qMZBopzk6qWpBJwAtTn ji/h7OzoQvEf7MKBhKPwM39dWiuNSuk= X-Google-Smtp-Source: AA6agR4kVHAY+Am1kSmdEMreZvp9bp5EQs25Woq2sCdu7BvQj0Sy3+WtYhhjdZaliLvjM7+Ca6VOt2cZzk0= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:90b:918:b0:1fa:ad32:57f3 with SMTP id bo24-20020a17090b091800b001faad3257f3mr6501379pjb.28.1661311865482; Tue, 23 Aug 2022 20:31:05 -0700 (PDT) Reply-To: Sean Christopherson Date: Wed, 24 Aug 2022 03:30:57 +0000 In-Reply-To: <20220824033057.3576315-1-seanjc@google.com> Message-Id: <20220824033057.3576315-4-seanjc@google.com> Mime-Version: 1.0 References: <20220824033057.3576315-1-seanjc@google.com> X-Mailer: git-send-email 2.37.1.595.g718a3a8f04-goog Subject: [PATCH 3/3] KVM: x86: Inject #UD on emulated XSETBV if XSAVES isn't enabled From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Leonardo Bras , "Dr . David Alan Gilbert" , Vitaly Kuznetsov Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Inject #UD when emulating XSETBV if CR4.OSXSAVE is not set. This also covers the "XSAVE not supported" check, as setting CR4.OSXSAVE=3D1 #GPs if XSAVE is not supported (and userspace gets to keep the pieces if it forces incoherent vCPU state). Add a comment to kvm_emulate_xsetbv() to call out that the CPU checks CR4.OSXSAVE before checking for intercepts. AMD'S APM implies that #UD has priority (says that intercepts are checked before #GP exceptions), while Intel's SDM says nothing about interception priority. However, testing on hardware shows that both AMD and Intel CPUs prioritize the #UD over interception. Fixes: 02d4160fbd76 ("x86: KVM: add xsetbv to the emulator") Cc: stable@vger.kernel.org Cc: Vitaly Kuznetsov Signed-off-by: Sean Christopherson --- arch/x86/kvm/emulate.c | 3 +++ arch/x86/kvm/x86.c | 1 + 2 files changed, 4 insertions(+) diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c index f092c54d1a2f..8ce5ae61fc41 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -4132,6 +4132,9 @@ static int em_xsetbv(struct x86_emulate_ctxt *ctxt) { u32 eax, ecx, edx; =20 + if (!(ctxt->ops->get_cr(ctxt, 4) & X86_CR4_OSXSAVE)) + return emulate_ud(ctxt); + eax =3D reg_read(ctxt, VCPU_REGS_RAX); edx =3D reg_read(ctxt, VCPU_REGS_RDX); ecx =3D reg_read(ctxt, VCPU_REGS_RCX); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 97ab53046052..356d0475ab6d 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1065,6 +1065,7 @@ static int __kvm_set_xcr(struct kvm_vcpu *vcpu, u32 i= ndex, u64 xcr) =20 int kvm_emulate_xsetbv(struct kvm_vcpu *vcpu) { + /* Note, #UD due to CR4.OSXSAVE=3D0 has priority over the intercept. */ if (static_call(kvm_x86_get_cpl)(vcpu) !=3D 0 || __kvm_set_xcr(vcpu, kvm_rcx_read(vcpu), kvm_read_edx_eax(vcpu))) { kvm_inject_gp(vcpu, 0); --=20 2.37.1.595.g718a3a8f04-goog