KVM: SVM: Aggressively clear vmcb02 clean bits

[PATCH 0/2] KVM: SVM: Aggressively clear vmcb02 clean bits

Posted by Jim Mattson 4 months, 2 weeks ago

It is unlikely that L1 will toggle the MSR intercept bit in vmcb02,
or that L1 will change its own IA32_PAT MSR. However, if it does,
the affected fields in vmcb02 should not be marked clean.

An alternative approach would be to implement a set of mutators for
vmcb02 fields, and to clear the associated clean bit whenever a field
is modified.

Jim Mattson (2):
  KVM: SVM: Mark VMCB_PERM_MAP as dirty on nested VMRUN
  KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN

 arch/x86/kvm/svm/nested.c | 2 ++
 1 file changed, 2 insertions(+)

-- 
2.51.0.470.ga7dc726c21-goog

Re: [PATCH 0/2] KVM: SVM: Aggressively clear vmcb02 clean bits

Posted by Sean Christopherson 3 months, 3 weeks ago

On Mon, 22 Sep 2025 09:29:21 -0700, Jim Mattson wrote:
> It is unlikely that L1 will toggle the MSR intercept bit in vmcb02,
> or that L1 will change its own IA32_PAT MSR. However, if it does,
> the affected fields in vmcb02 should not be marked clean.
> 
> An alternative approach would be to implement a set of mutators for
> vmcb02 fields, and to clear the associated clean bit whenever a field
> is modified.
> 
> [...]

Applied to kvm-x86 svm, thanks!

[1/2] KVM: SVM: Mark VMCB_PERM_MAP as dirty on nested VMRUN
      https://github.com/kvm-x86/linux/commit/93c9e107386d
[2/2] KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN
      https://github.com/kvm-x86/linux/commit/7c8b465a1c91

--
https://github.com/kvm-x86/linux/tree/next

Re: [PATCH 0/2] KVM: SVM: Aggressively clear vmcb02 clean bits

Posted by Sean Christopherson 3 months, 3 weeks ago

On Mon, Sep 22, 2025, Jim Mattson wrote:
> It is unlikely that L1 will toggle the MSR intercept bit in vmcb02,
> or that L1 will change its own IA32_PAT MSR. However, if it does,
> the affected fields in vmcb02 should not be marked clean.
> 
> An alternative approach would be to implement a set of mutators for
> vmcb02 fields, and to clear the associated clean bit whenever a field
> is modified.

Any reason not to tag these for stable@?  I can't think of any meaningful
downsides, so erring on the side of caution seems prudent.

Re: [PATCH 0/2] KVM: SVM: Aggressively clear vmcb02 clean bits

Posted by Jim Mattson 3 months, 3 weeks ago

On Mon, Oct 13, 2025 at 2:54 PM Sean Christopherson <seanjc@google.com> wrote:
>
> On Mon, Sep 22, 2025, Jim Mattson wrote:
> > It is unlikely that L1 will toggle the MSR intercept bit in vmcb02,
> > or that L1 will change its own IA32_PAT MSR. However, if it does,
> > the affected fields in vmcb02 should not be marked clean.
> >
> > An alternative approach would be to implement a set of mutators for
> > vmcb02 fields, and to clear the associated clean bit whenever a field
> > is modified.
>
> Any reason not to tag these for stable@?  I can't think of any meaningful
> downsides, so erring on the side of caution seems prudent.

SGTM. Do you want a new version?

Re: [PATCH 0/2] KVM: SVM: Aggressively clear vmcb02 clean bits

Posted by Sean Christopherson 3 months, 3 weeks ago

On Mon, Oct 13, 2025, Jim Mattson wrote:
> On Mon, Oct 13, 2025 at 2:54 PM Sean Christopherson <seanjc@google.com> wrote:
> >
> > On Mon, Sep 22, 2025, Jim Mattson wrote:
> > > It is unlikely that L1 will toggle the MSR intercept bit in vmcb02,
> > > or that L1 will change its own IA32_PAT MSR. However, if it does,
> > > the affected fields in vmcb02 should not be marked clean.
> > >
> > > An alternative approach would be to implement a set of mutators for
> > > vmcb02 fields, and to clear the associated clean bit whenever a field
> > > is modified.
> >
> > Any reason not to tag these for stable@?  I can't think of any meaningful
> > downsides, so erring on the side of caution seems prudent.
> 
> SGTM. Do you want a new version?

Good gravy, no.  :-)