From nobody Fri Apr  3 05:13:47 2026
Return-Path: <linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 60CA5ECAAD8
	for <linux-kernel@archiver.kernel.org>; Fri, 16 Sep 2022 04:59:03 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229832AbiIPE7B (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Fri, 16 Sep 2022 00:59:01 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57520 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229637AbiIPE6y (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 16 Sep 2022 00:58:54 -0400
Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com
 [IPv6:2607:f8b0:4864:20::1049])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2BD4E77550
        for <linux-kernel@vger.kernel.org>;
 Thu, 15 Sep 2022 21:58:54 -0700 (PDT)
Received: by mail-pj1-x1049.google.com with SMTP id
 z8-20020a17090a014800b001fac4204c7eso8987857pje.8
        for <linux-kernel@vger.kernel.org>;
 Thu, 15 Sep 2022 21:58:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date;
        bh=7KmHy9e59eVoSueoxg3f9FMizbHT1R3TBZY/FxQb18o=;
        b=S0kR8aRqGLfIuoWgSOPCbfay9hkfcmLaJTniiEy8SDMIt3AsSBj2kdLam9OSWlg/FA
         7CznN2UhCf9KQ1eIdy7rZKlSY5BSgQ9SYhGwBbT5xLDf0Xk82IVJcmo9zqzh3x0qhA+5
         XIyYGtQKLvlJs8tYP/FtjCXKQr88TIScLm43ZQZbh0nFoCxgh+WiNAWVi7EaULaljSJs
         dpw4KL/TYMyQJxOd7EksHiEFP7kHByD6FFdiUU8g62fhU5HUYIiCs+Z2D96prdBoUhLB
         ihG+zkzTaKW3wvp2YcweEab6HHxLdq32RMhqWlL1LHvqGoIQDccc8CO1zdRevLlvIGYb
         Bzlw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date;
        bh=7KmHy9e59eVoSueoxg3f9FMizbHT1R3TBZY/FxQb18o=;
        b=glUMyujqDB/A00QkvB/49E67DDDABtmtDmawErLNVDgxlU3ziTBbRcHuOw3I+M6N5k
         c/VRZGjEFOCCDAYwuKxAkSNwW+s/ehprkbM16chtEWAVDH2PQJEpli5TFXo9OCqRmXc8
         qaRxX6TXo82Vp3vK60jDfzxG/TfRP2iN5DEM96fERaXDRU7Wrd9E0aBDyFLQ3qr8r+2Q
         f9B5JptCsrj0OkC9Cg1uzsF+aTVCydkbatEqC3sayt83rCWi9Qbo/fKou2rz5L1m2Kee
         qbyATh0RD6qFSA3SY1sc19IqAczUiKtgD9OWVb+qI7bo7W8mR4g3W/SI5fqtyiW1oopk
         SsUA==
X-Gm-Message-State: ACrzQf04c+Ot0nyzvWuNGOvFbCvpZOglY0K2qyUWBI4rftOucaKxNbJW
        eddh/PUYKsU2rITMs6zd1wt2RuG/nfs7Tg==
X-Google-Smtp-Source: 
 AMsMyM6vsC5QW2H5IDtqxbXq4QQ2j9p2rtYA2Rsx+YLBuIJm3SCXsGpJ4JdVKURzJ37B6CRXcLGs+UH/oA5vJA==
X-Received: from loggerhead.c.googlers.com
 ([fda3:e722:ac3:cc00:24:72f4:c0a8:29a])
 (user=jmattson job=sendgmr) by 2002:a17:903:11d2:b0:172:6ea1:b6e6 with SMTP
 id q18-20020a17090311d200b001726ea1b6e6mr3047392plh.72.1663304333667; Thu, 15
 Sep 2022 21:58:53 -0700 (PDT)
Date: Thu, 15 Sep 2022 21:58:28 -0700
In-Reply-To: <20220916045832.461395-1-jmattson@google.com>
Mime-Version: 1.0
References: <20220916045832.461395-1-jmattson@google.com>
X-Mailer: git-send-email 2.37.3.968.ga6b4b080e4-goog
Message-ID: <20220916045832.461395-2-jmattson@google.com>
Subject: [PATCH 1/5] x86/cpufeatures: Introduce X86_FEATURE_NO_LMSLE
From: Jim Mattson <jmattson@google.com>
To: Avi Kivity <avi@redhat.com>, Babu Moger <babu.moger@amd.com>,
        Borislav Petkov <bp@alien8.de>,
        "Chang S. Bae" <chang.seok.bae@intel.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        "H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
        Joerg Roedel <joerg.roedel@amd.com>,
        Josh Poimboeuf <jpoimboe@kernel.org>, kvm@vger.kernel.org,
        linux-kernel@vger.kernel.org, Paolo Bonzini <pbonzini@redhat.com>,
        Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Sean Christopherson <seanjc@google.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Wyes Karny <wyes.karny@amd.com>, x86@kernel.org
Cc: Jim Mattson <jmattson@google.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

When AMD introduced "Long Mode Segment Limit Enable" (a.k.a. "VMware
mode"), the feature was not enumerated by a CPUID bit. Now that VMware
has abandoned binary translation, AMD has deprecated EFER.LMSLE.

The absence of the feature *is* now enumerated by a CPUID bit (a la
Intel's X86_FEATURE_ZERO_FCS_DCS and X86_FEATURE_FDP_EXCPTN_ONLY).

This defeature bit is already present in feature word 13, but it was
previously anonymous. Name it X86_FEATURE_NO_LMSLE, so that KVM can
reference it when deciding whether or not EFER.LMSLE should be a
reserved bit in a KVM guest.

Since this bit indicates the absence of a feature, don't enumerate it
in /proc/cpuinfo.

Signed-off-by: Jim Mattson <jmattson@google.com>
---
 arch/x86/include/asm/cpufeatures.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpuf=
eatures.h
index ef4775c6db01..0f5a3285d8d8 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -319,6 +319,7 @@
 #define X86_FEATURE_AMD_IBRS		(13*32+14) /* "" Indirect Branch Restricted =
Speculation */
 #define X86_FEATURE_AMD_STIBP		(13*32+15) /* "" Single Thread Indirect Bra=
nch Predictors */
 #define X86_FEATURE_AMD_STIBP_ALWAYS_ON	(13*32+17) /* "" Single Thread Ind=
irect Branch Predictors always-on preferred */
+#define X86_FEATURE_NO_LMSLE		(13*32+20) /* "" EFER_LMSLE is unsupported */
 #define X86_FEATURE_AMD_PPIN		(13*32+23) /* Protected Processor Inventory =
Number */
 #define X86_FEATURE_AMD_SSBD		(13*32+24) /* "" Speculative Store Bypass Di=
sable */
 #define X86_FEATURE_VIRT_SSBD		(13*32+25) /* Virtualized Speculative Store=
 Bypass Disable */
--=20
2.37.3.968.ga6b4b080e4-goog
From nobody Fri Apr  3 05:13:47 2026
Return-Path: <linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id EADCDC54EE9
	for <linux-kernel@archiver.kernel.org>; Fri, 16 Sep 2022 04:59:08 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229697AbiIPE7F (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Fri, 16 Sep 2022 00:59:05 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57572 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229711AbiIPE66 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 16 Sep 2022 00:58:58 -0400
Received: from mail-yw1-x1149.google.com (mail-yw1-x1149.google.com
 [IPv6:2607:f8b0:4864:20::1149])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 286E9A0601
        for <linux-kernel@vger.kernel.org>;
 Thu, 15 Sep 2022 21:58:56 -0700 (PDT)
Received: by mail-yw1-x1149.google.com with SMTP id
 00721157ae682-34546b03773so177971967b3.9
        for <linux-kernel@vger.kernel.org>;
 Thu, 15 Sep 2022 21:58:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date;
        bh=d5LwRjV7DdKcsn5XLPeYFH5ubqhtVVQS6ixOFLlJHpc=;
        b=pjGkeZS1M0pZn5rxAC8u92BEcb2IZzGh+0bZhIqBGD5HIJTKOAhqW8QE1t3WdJLYj+
         HqitiywleZaCUEF6XMF1qPDqSZMOSCOmScsguwxfTUoZfBe4QwolRcAstG89qMdR0+x4
         4Oa63kdrJdu5kdXhEPi2WMvvXlnbL3Ebd4SAdUYEuLR16gCGEag2ePA7E2FyFF2sTQHM
         x8r9uxORJ5Hd/GJ7zPF4kwl9IkyQoHOw92FFA4xVllzSXErODfNLT6z5hxzXr+Z4Mr0J
         hub6x5qdbg8olJhsoahrPZth6XtMK+9xyVawD7H6EAAp6lE194e5QW/qCI9I65wrRqAf
         y45g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date;
        bh=d5LwRjV7DdKcsn5XLPeYFH5ubqhtVVQS6ixOFLlJHpc=;
        b=dW9sSUGbmbIO+86ZjYb2XqB8yXOJWEtbLsR8CPVPL8xrBQfIsHKhAvg0YKWAC188UR
         FgSRWfsIMYPmEalsq3kMVHVgnq9MVb7GODdAPofgcaSvBYjCg1v4d0DnXmfa552TWzVU
         WGKMqjyvnrMgNaNPl7l0mxzzfl4vOxGWcKyvddjXvHjaedCiOeptHTTONbUm5JBBf7bQ
         vVktOqLuXcBVatcObtDP0BJ2BgDLZ2WnE5Ib13QKAz1YxQrn9ZYzZ5IQ7kAXotZR64s6
         Khd2mw4eU3TKTP05ivVm7bQlJmOfW/pYIX5YS1PL0WAH5Wfd7s6AjgqDbt4Letjnh/kq
         IPEQ==
X-Gm-Message-State: ACrzQf1gv27A8SWzJp4u+5aCM1yJY/EBeoGVSxkMqxDJ+waknSYswtSG
        c6xuKzRZAI4d6Vz7bITQZ269G53G5KM9Iw==
X-Google-Smtp-Source: 
 AMsMyM7taiRNCajYl2BjHFX4O9FQcKsPOvQZQ5+DmV43r3eOLv4usqTCNm2CC2+3WQGNXLYPUnpLia7C4QlMvw==
X-Received: from loggerhead.c.googlers.com
 ([fda3:e722:ac3:cc00:24:72f4:c0a8:29a])
 (user=jmattson job=sendgmr) by 2002:a25:2e50:0:b0:669:9a76:beb with SMTP id
 b16-20020a252e50000000b006699a760bebmr2846065ybn.597.1663304335461; Thu, 15
 Sep 2022 21:58:55 -0700 (PDT)
Date: Thu, 15 Sep 2022 21:58:29 -0700
In-Reply-To: <20220916045832.461395-1-jmattson@google.com>
Mime-Version: 1.0
References: <20220916045832.461395-1-jmattson@google.com>
X-Mailer: git-send-email 2.37.3.968.ga6b4b080e4-goog
Message-ID: <20220916045832.461395-3-jmattson@google.com>
Subject: [PATCH 2/5] KVM: svm: Disallow EFER.LMSLE on hardware that doesn't
 support it
From: Jim Mattson <jmattson@google.com>
To: Avi Kivity <avi@redhat.com>, Babu Moger <babu.moger@amd.com>,
        Borislav Petkov <bp@alien8.de>,
        "Chang S. Bae" <chang.seok.bae@intel.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        "H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
        Joerg Roedel <joerg.roedel@amd.com>,
        Josh Poimboeuf <jpoimboe@kernel.org>, kvm@vger.kernel.org,
        linux-kernel@vger.kernel.org, Paolo Bonzini <pbonzini@redhat.com>,
        Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Sean Christopherson <seanjc@google.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Wyes Karny <wyes.karny@amd.com>, x86@kernel.org
Cc: Jim Mattson <jmattson@google.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

KVM has never properly virtualized EFER.LMSLE. When the "nested"
module parameter is true, it allows an SVM guest to set EFER.LMSLE,
and it passes the bit through in the VMCB, but the KVM emulator
doesn't perform the required data segment limit checks in 64-bit mode.

With Zen3, AMD has dropped support for EFER.LMSLE. Hence, if a Zen3
guest sets EFER.LMSLE, the next VMRUN will fail with "invalid VMCB."

When the host reports X86_FEATURE_NO_LMSLE, treat EFER.LMSLE as a
reserved bit in the guest. Now, if a guest tries to set EFER.LMSLE on
a host without support for EFER.LMSLE, the WRMSR will raise a #GP.

At the moment, the #GP may come as a surprise, but it's an improvement
over the failed VMRUN. The #GP will be vindicated anon.

Fixes: eec4b140c924 ("KVM: SVM: Allow EFER.LMSLE to be set with nested svm")
Signed-off-by: Jim Mattson <jmattson@google.com>
---
 arch/x86/kvm/svm/svm.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index f3813dbacb9f..7c4fd594166c 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -5012,7 +5012,9 @@ static __init int svm_hardware_setup(void)
=20
 	if (nested) {
 		printk(KERN_INFO "kvm: Nested Virtualization enabled\n");
-		kvm_enable_efer_bits(EFER_SVME | EFER_LMSLE);
+		kvm_enable_efer_bits(EFER_SVME);
+		if (!boot_cpu_has(X86_FEATURE_NO_LMSLE))
+			kvm_enable_efer_bits(EFER_LMSLE);
 	}
=20
 	/*
--=20
2.37.3.968.ga6b4b080e4-goog
From nobody Fri Apr  3 05:13:47 2026
Return-Path: <linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1F2E8C54EE9
	for <linux-kernel@archiver.kernel.org>; Fri, 16 Sep 2022 04:59:12 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229553AbiIPE7K (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Fri, 16 Sep 2022 00:59:10 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57656 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229758AbiIPE7A (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 16 Sep 2022 00:59:00 -0400
Received: from mail-pl1-x64a.google.com (mail-pl1-x64a.google.com
 [IPv6:2607:f8b0:4864:20::64a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DDBC6A1D1A
        for <linux-kernel@vger.kernel.org>;
 Thu, 15 Sep 2022 21:58:57 -0700 (PDT)
Received: by mail-pl1-x64a.google.com with SMTP id
 j3-20020a170902da8300b001782a6fbc87so10358202plx.5
        for <linux-kernel@vger.kernel.org>;
 Thu, 15 Sep 2022 21:58:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date;
        bh=7tZtbYb4b1WkABBBL7k03zVW6CHmPIA8CRpYxtt3dU4=;
        b=iB5PxJYEAA0x/1haaI/7S9TwcOIBOOzjGR31ZHeCB55hkaUE9xPGs6EoFssfP+Xy0n
         s3W7PfvEnr/zQ9kWhOfk03Ye3Uls2qrOXPDKxUQInX5UoeRZw6hytIPjdHgDSC6QRGy8
         7daxj6hjkqbkdZTLGteg4l29iVNwINa70vUjYh083Rh0/RrUQOXz8MG2dnZSQ8r+XQ0D
         Mvyz6BetTRtXAXCogRWOO29Oq4r73POIonZAJC2kr6AeOclnPhiK3rP5oNXnvKDPy5uC
         qNQtLaJrpojQ80eZ0YAdlulDnMeOINrmqMgCINGR2SzXZzUzO/qxck61VwnJdfViL17m
         Xtnw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date;
        bh=7tZtbYb4b1WkABBBL7k03zVW6CHmPIA8CRpYxtt3dU4=;
        b=QpcQBQb9u8+L8XZV5KHDSZUdSHd8/riOZ5aqS2UJeDjKVTaK3z1I6smPG6WYEao++c
         zcJyRMeOkM6ABD59a/NyCEulwUtC9JACm7SK92AIAF78luoMw95EDGqGzmQhQNLKzCj6
         +vRGnIuhYJlxU+q8Iy1gnZbp78A91W+vyaaGylAHyzRv4N5O4BJz1vtdkHzRwv0shnLh
         LkGOt1SCMI7EKa3LyJqsHpHCER5Lv88tsqtpTmOskmA2nPww2FHKYnzjgyDvI8XTmvPg
         /mUev0spGZch4z2nKAm60Dhv+QcIQ7dAZdp8DXHxRkbj2trBJ5yccskrezP5qpipf+Lw
         NnoQ==
X-Gm-Message-State: ACrzQf2ZFxuSUQpRAqwa4zWwE7600rhl2SuOEgEDHEQwQbh7Om0j3jgb
        UQqvxvKizIQ6y1ixsGEdGmd5HGmdHn//4Q==
X-Google-Smtp-Source: 
 AMsMyM4wo0CzzhLsz2BITZ7VZo82qOIK7eXiC+AwYqy4ZpaKh07ByJS2/cGX7S5FHQJxNgCEIm9aBIQq8sGnKg==
X-Received: from loggerhead.c.googlers.com
 ([fda3:e722:ac3:cc00:24:72f4:c0a8:29a])
 (user=jmattson job=sendgmr) by 2002:a05:6a00:1d9b:b0:541:1894:d5db with SMTP
 id z27-20020a056a001d9b00b005411894d5dbmr3278996pfw.78.1663304337274; Thu, 15
 Sep 2022 21:58:57 -0700 (PDT)
Date: Thu, 15 Sep 2022 21:58:30 -0700
In-Reply-To: <20220916045832.461395-1-jmattson@google.com>
Mime-Version: 1.0
References: <20220916045832.461395-1-jmattson@google.com>
X-Mailer: git-send-email 2.37.3.968.ga6b4b080e4-goog
Message-ID: <20220916045832.461395-4-jmattson@google.com>
Subject: [PATCH 3/5] KVM: x86: Report host's X86_FEATURE_NO_LMSLE in
 KVM_GET_SUPPORTED_CPUID
From: Jim Mattson <jmattson@google.com>
To: Avi Kivity <avi@redhat.com>, Babu Moger <babu.moger@amd.com>,
        Borislav Petkov <bp@alien8.de>,
        "Chang S. Bae" <chang.seok.bae@intel.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        "H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
        Joerg Roedel <joerg.roedel@amd.com>,
        Josh Poimboeuf <jpoimboe@kernel.org>, kvm@vger.kernel.org,
        linux-kernel@vger.kernel.org, Paolo Bonzini <pbonzini@redhat.com>,
        Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Sean Christopherson <seanjc@google.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Wyes Karny <wyes.karny@amd.com>, x86@kernel.org
Cc: Jim Mattson <jmattson@google.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

EFER.LMSLE is not supported in a KVM guest if it is not supported on
the underlying hardware. Inform the guest by exposing the host's value
of X86_FEATURE_NO_LMSLE in KVM_GET_SUPPORTED_CPUID.

Signed-off-by: Jim Mattson <jmattson@google.com>
---
 arch/x86/kvm/cpuid.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index 75dcf7a72605..b4975467d686 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -670,7 +670,7 @@ void kvm_set_cpu_caps(void)
 		kvm_cpu_cap_set(X86_FEATURE_GBPAGES);
=20
 	kvm_cpu_cap_mask(CPUID_8000_0008_EBX,
-		F(CLZERO) | F(XSAVEERPTR) |
+		F(CLZERO) | F(XSAVEERPTR) | F(NO_LMSLE) |
 		F(WBNOINVD) | F(AMD_IBPB) | F(AMD_IBRS) | F(AMD_SSBD) | F(VIRT_SSBD) |
 		F(AMD_SSB_NO) | F(AMD_STIBP) | F(AMD_STIBP_ALWAYS_ON) |
 		__feature_bit(KVM_X86_FEATURE_PSFD)
--=20
2.37.3.968.ga6b4b080e4-goog
From nobody Fri Apr  3 05:13:47 2026
Return-Path: <linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 81325ECAAD8
	for <linux-kernel@archiver.kernel.org>; Fri, 16 Sep 2022 04:59:20 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229978AbiIPE7S (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Fri, 16 Sep 2022 00:59:18 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57654 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229712AbiIPE7C (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 16 Sep 2022 00:59:02 -0400
Received: from mail-pg1-x549.google.com (mail-pg1-x549.google.com
 [IPv6:2607:f8b0:4864:20::549])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D413EA1D02
        for <linux-kernel@vger.kernel.org>;
 Thu, 15 Sep 2022 21:58:59 -0700 (PDT)
Received: by mail-pg1-x549.google.com with SMTP id
 i25-20020a635859000000b0042bbb74be8bso10233768pgm.5
        for <linux-kernel@vger.kernel.org>;
 Thu, 15 Sep 2022 21:58:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date;
        bh=s+f6iuFPnTWt8Fk8zpSmfYnRtMxwV4Pi8oGvt18dXLQ=;
        b=DeFnP+9pacpvMxfyB7Lr8mY3ehpEKqyz7/yVgaleePB7AVlM5bt0YdDZSTpFzpj3mO
         xuyu/aNFVr7lxTnqIYlNjQKP5lmqTms2Yg/cB3S0VVZCO9qi1QqS02sT5uFvi6NMVUUD
         lb2TTl7ZxCbyxWohXgSmi/jvgFaf1NV2O6AYJ7G3Lu6hlTUaJEvrTp2zhu1Jb8NP16Cx
         Y77GPZ/EmEQWTtXQwzQ1HN+ng5UqA39TuJQcmpEDa36Av2qb8n0SKrhKiUXLBe2DceVA
         ZBJMhasC8eikXk/+svzKZVV4i1x07j/d4uTCUOmFmr8mLZCgoYhZKifxto/c3nyJ33uB
         W7zw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date;
        bh=s+f6iuFPnTWt8Fk8zpSmfYnRtMxwV4Pi8oGvt18dXLQ=;
        b=EsBUifpi+CBhpY2XhmIHvxn4ZEil9yhZi5MjiO1PBeRctYCqkN4VUE5Wz5i0sL/G/u
         yV9P6R7qw8IERorkqbfUWkh6Kv2Recci6aFfmMIHsz2CpmXL3qcwsll7w3CDjtz1MXNa
         Ttg12q+6fWT/9YyMkr0FCZhcn+M8YBKuH5o4uEmFLw58WerXULh9VIP0xZ4tl1h2kE+q
         YmhALjMlH+8uL1XIkqogBxtpKEVsFGWph95ovK9Ez5/xyTo9p1h8TEArbEmpKtyeDsJF
         uIQC6/qIuoGHL4Uao0A8iFvnFQMNyQzvLtF7ZmdhF8x+/th4CapbGmsf/8nuDS1XsHUr
         73Gw==
X-Gm-Message-State: ACrzQf09obpJ//M8ovjwCpKLZVY1b90epdKjE80G/zJz8PKTC1IMqhhj
        C++6ow1i4bXt+BNBn1RIqpBBi5NN9l+3ng==
X-Google-Smtp-Source: 
 AMsMyM52qpAlEtbK9ix5lLb2qOF8X1z11EAIwtjk7BaIAbcNFJQFz4AMGZhhH3LrUtVCM0atswfdG2M/IYIC+w==
X-Received: from loggerhead.c.googlers.com
 ([fda3:e722:ac3:cc00:24:72f4:c0a8:29a])
 (user=jmattson job=sendgmr) by 2002:a17:902:848e:b0:178:54ce:c108 with SMTP
 id c14-20020a170902848e00b0017854cec108mr3098215plo.134.1663304339152; Thu,
 15 Sep 2022 21:58:59 -0700 (PDT)
Date: Thu, 15 Sep 2022 21:58:31 -0700
In-Reply-To: <20220916045832.461395-1-jmattson@google.com>
Mime-Version: 1.0
References: <20220916045832.461395-1-jmattson@google.com>
X-Mailer: git-send-email 2.37.3.968.ga6b4b080e4-goog
Message-ID: <20220916045832.461395-5-jmattson@google.com>
Subject: [PATCH 4/5] KVM: x86: Enforce X86_FEATURE_NO_LMSLE in guest cpuid
From: Jim Mattson <jmattson@google.com>
To: Avi Kivity <avi@redhat.com>, Babu Moger <babu.moger@amd.com>,
        Borislav Petkov <bp@alien8.de>,
        "Chang S. Bae" <chang.seok.bae@intel.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        "H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
        Joerg Roedel <joerg.roedel@amd.com>,
        Josh Poimboeuf <jpoimboe@kernel.org>, kvm@vger.kernel.org,
        linux-kernel@vger.kernel.org, Paolo Bonzini <pbonzini@redhat.com>,
        Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Sean Christopherson <seanjc@google.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Wyes Karny <wyes.karny@amd.com>, x86@kernel.org
Cc: Jim Mattson <jmattson@google.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

When the guest CPUID reports that EFER.LMSLE is not supported, treat the
bit as reserved.

Signed-off-by: Jim Mattson <jmattson@google.com>
---
 arch/x86/kvm/x86.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 43a6a7efc6ec..26c4ca73e389 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -1686,6 +1686,9 @@ static bool __kvm_valid_efer(struct kvm_vcpu *vcpu, u=
64 efer)
 	if (efer & EFER_NX && !guest_cpuid_has(vcpu, X86_FEATURE_NX))
 		return false;
=20
+	if (efer & EFER_LMSLE && guest_cpuid_has(vcpu, X86_FEATURE_NO_LMSLE))
+		return false;
+
 	return true;
=20
 }
--=20
2.37.3.968.ga6b4b080e4-goog
From nobody Fri Apr  3 05:13:47 2026
Return-Path: <linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id D1053ECAAD8
	for <linux-kernel@archiver.kernel.org>; Fri, 16 Sep 2022 04:59:23 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230023AbiIPE7V (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Fri, 16 Sep 2022 00:59:21 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57802 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229884AbiIPE7D (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 16 Sep 2022 00:59:03 -0400
Received: from mail-pg1-x549.google.com (mail-pg1-x549.google.com
 [IPv6:2607:f8b0:4864:20::549])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 82810A1D4F
        for <linux-kernel@vger.kernel.org>;
 Thu, 15 Sep 2022 21:59:01 -0700 (PDT)
Received: by mail-pg1-x549.google.com with SMTP id
 k16-20020a635a50000000b0042986056df6so10274516pgm.2
        for <linux-kernel@vger.kernel.org>;
 Thu, 15 Sep 2022 21:59:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date;
        bh=5sbTEFvzRr7GbC/X6PZeq7okuS0vSIgMoswqUqyuUqc=;
        b=HMBxt0pVNHCYNbxDc8VigBQ1MXR7A+42pRZxXF2slNCnNQZ+6f5rRNNuBLP386Sh1I
         /xpXiblZaqt2Zw/oMm275rNOy7gxR5ESOhvXOrh3Xs9/jW9D+/1iNhcZY5IyiTicaUkm
         vdsRXzItacxSB6z3HdidM9p8wAhXKp7qkPuwr1QZFBuAZTTHewolt3wy8YhP+O6KUZsa
         0gYQ3wFQBolHX3xKaCmoHM77d07g5ZzVOppnYoMu0GmqiRRzTgAVwH7EKg5F7lMYyYXH
         EzXgmLPeSb+K7mdu32DZMPuF4dZzYVMWH6/NKixpzRxtozPZUeSXdTIHgh6YMbQkrS4D
         K00g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date;
        bh=5sbTEFvzRr7GbC/X6PZeq7okuS0vSIgMoswqUqyuUqc=;
        b=VrQBvykYyPtZwq638wD+fZOWizCjN0CagorzciaAgkXyYFSRZuvEuZcxDxHIIWQJTM
         pVwzvYquTh/f2/xE1vsOxz2x3N1+ccF/j9PJnK9IbUc/qHP7nzyU/Kw1OpApMuOARqWa
         HJ53yhDPVDDjWK+Uxa6DzaDBrX1cvGYQVfwu9U/aD4lxo1In08fjyM9UjQnX4Kaqdb2P
         LZI7euSlJymrahLFKJazpt8WfkqzAWYrJfCiHFfgkucoWfxkoa4AAr9nL/J5hPM020Oc
         FN96ggkt0prtCivHrj495NKrqW0llVeKXDkkSBei0Jg2ptWllTxci2GaUO+MOb7uyDBk
         R5JQ==
X-Gm-Message-State: ACrzQf05XblBgG+xApDUWcHOKgohYXYdeXRWMM+TF8NUT4YizfETnH5z
        adKuOglYaee6BwW3wwp9HtGWweGhegShiQ==
X-Google-Smtp-Source: 
 AMsMyM7lej8pA2zAcVKJ6uuHmUlBJhtH7xJC3YODVQ9Y2cN9cfo4/QAh/md/oFPO6DRkDPfYzJ58987yAYNHtw==
X-Received: from loggerhead.c.googlers.com
 ([fda3:e722:ac3:cc00:24:72f4:c0a8:29a])
 (user=jmattson job=sendgmr) by 2002:a05:6a00:10c2:b0:547:4991:c985 with SMTP
 id d2-20020a056a0010c200b005474991c985mr2959344pfu.67.1663304340786; Thu, 15
 Sep 2022 21:59:00 -0700 (PDT)
Date: Thu, 15 Sep 2022 21:58:32 -0700
In-Reply-To: <20220916045832.461395-1-jmattson@google.com>
Mime-Version: 1.0
References: <20220916045832.461395-1-jmattson@google.com>
X-Mailer: git-send-email 2.37.3.968.ga6b4b080e4-goog
Message-ID: <20220916045832.461395-6-jmattson@google.com>
Subject: [PATCH 5/5] KVM: svm: Set X86_FEATURE_NO_LMSLE when !nested
From: Jim Mattson <jmattson@google.com>
To: Avi Kivity <avi@redhat.com>, Babu Moger <babu.moger@amd.com>,
        Borislav Petkov <bp@alien8.de>,
        "Chang S. Bae" <chang.seok.bae@intel.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        "H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
        Joerg Roedel <joerg.roedel@amd.com>,
        Josh Poimboeuf <jpoimboe@kernel.org>, kvm@vger.kernel.org,
        linux-kernel@vger.kernel.org, Paolo Bonzini <pbonzini@redhat.com>,
        Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Sean Christopherson <seanjc@google.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Wyes Karny <wyes.karny@amd.com>, x86@kernel.org
Cc: Jim Mattson <jmattson@google.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

KVM has never allowed a guest to set EFER.LMSLE when the "nested"
module parameter was false. In the past, there was no way for a guest
to know whether or not this was a legal EFER bit. Now, we can let the
guest know this bit is illegal by reporting X86_FEATURE_NO_LMSLE in
KVM_GET_SUPPORTED_CPUID.

Signed-off-by: Jim Mattson <jmattson@google.com>
---
 arch/x86/kvm/svm/svm.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 7c4fd594166c..942602d503ad 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -4945,6 +4945,8 @@ static __init void svm_set_cpu_caps(void)
 	if (boot_cpu_has(X86_FEATURE_LS_CFG_SSBD) ||
 	    boot_cpu_has(X86_FEATURE_AMD_SSBD))
 		kvm_cpu_cap_set(X86_FEATURE_VIRT_SSBD);
+	if (!nested)
+		kvm_cpu_cap_set(X86_FEATURE_NO_LMSLE);
=20
 	/* AMD PMU PERFCTR_CORE CPUID */
 	if (enable_pmu && boot_cpu_has(X86_FEATURE_PERFCTR_CORE))
--=20
2.37.3.968.ga6b4b080e4-goog