From nobody Fri Dec 19 21:49:26 2025 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8097530AADB for ; Fri, 7 Nov 2025 20:12:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762546323; cv=none; b=FADgHANz9eMUdbs/o7DG3KuA3e4Uzm9c6ZjsEUI5JsC7qi4mrl9BmqAT0KR+xMzB7Gulq5c1hAUOxkhTeG6eSttf6sdgK2MAuE4jXweMBrorNx7BU41c5TA/UEq2/fAJI1whzgg0CmvkGW71NCf8dIorhFwq/fLQ4BpneBS6qyQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762546323; c=relaxed/simple; bh=sI2clx6m6yDxI8SOWEjPQNsSFN7NbjLqZ0gLeTraeyA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=ZmotkEc1Sq2HQJ6tPspJRGisBLrzWfW8NPTboFYt1kaTUXP3b81vF6VOP1XPwv2oI1PwFJ5GxHogy6AVEBeTD7DQi5qcaxNqgjN85nuSsOflT55Mjn6giQ12bWpAbWAzangXQSbm20SPTQkxMXSJ1//abpJy+uEPg7wBVhNXdik= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=JwJeoGOD; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="JwJeoGOD" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-340562297b9so1070423a91.1 for ; Fri, 07 Nov 2025 12:12:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1762546321; x=1763151121; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=rxGIOgK9FDWxY7r1m8JPVJNrWZHinYe3MXWstZ+fuD0=; b=JwJeoGOD9qkNcqpLN062nDjTalqw+jTVJgVBuKtjy5DPTLgHmte2qyidY1JQtHJj/p zAgkWnAaNJ36Yv8qvu5JeluUEEZZjUaHh32urGLBjnGGlxI0di8xXYPFnU1hIivWnrVA IXbjRfoQxPZRiAB9EueTRULEyVTU+syPkiMnsyZ5f7jxlBAf06C3GgxcjIvlbBAAQB7L H75mDR9zpHbGCZNao13qmuOH5xJTKjureCUV+5p54VQ8D/0BDZVbv0krhTbWW7zno4hZ 1yHiNnUOplBikWum9RQOmtcP3FA5fuhaVU2zTS/vFJRQTYdBEgFeLuzW1/ydOnzOiPUD PhxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1762546321; x=1763151121; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=rxGIOgK9FDWxY7r1m8JPVJNrWZHinYe3MXWstZ+fuD0=; b=TtNmmmzmJyuIsgxVM3+yaZZBpL4n7NqJ0ynbNDO2CedYruiLjUUlFLKwq1rVGRXngM OwCf8kXMeZR6NDGjBHLpOw3O6X/hjGJLvZqS3oOBR8RLZKiMLx5fTNmTjZ6TUGAjuBM8 j43fZs3/5glKv+RPsld2a66gv/dHDjyNKh+F21EbXi8yx4deuBFwzrbYU45+hRDSZpJJ +XrRKq0p/JrHmMkHkjByo/COroaDRbxxx8HGOfZIUQBn7hupjRvU2dymO+rvE+FCqSNf l9sN1PbwveW/w7V8owr0tmaUPZSmwhC+S458KLTf3zmbnNXt2tHLji+W5Ish5su3/LWA Q0DA== X-Forwarded-Encrypted: i=1; AJvYcCU1b0Orai+rFCM0cNDa7PSQi6Kjl1RuKc+JYE0Ank9ANTc4E6i/NN0zaYO05bW6UIr0gbj9eIt4h6hwi44=@vger.kernel.org X-Gm-Message-State: AOJu0YzgOTgrMx3xMPrmM0C9srXVpq9li4d1/nO4Xa/M2vHJAnE7KAF7 YgHUhkICjy9J0OltcaaKY3zgRb1+kWb+iH6N0NA4Nu2TQRNwpmc6jWcc8KnsYoW7msIglWDaS3u DPzs2bCAB9/o/7Q== X-Google-Smtp-Source: AGHT+IGch52OnpzoFrGgut3GHntDyv4eE8MmfDX0ABWgIg6EW1CvmgksElczIbEJwEfGnzU2ioOfmfCMWL/5WQ== X-Received: from pjbcu24.prod.google.com ([2002:a17:90a:fa98:b0:342:b238:e0a5]) (user=jmattson job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:3f85:b0:343:6a63:85d5 with SMTP id 98e67ed59e1d1-3436accd340mr652802a91.16.1762546320755; Fri, 07 Nov 2025 12:12:00 -0800 (PST) Date: Fri, 7 Nov 2025 12:11:25 -0800 In-Reply-To: <20251107201151.3303170-1-jmattson@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20251107201151.3303170-1-jmattson@google.com> X-Mailer: git-send-email 2.51.2.1041.gc1ab5b90ca-goog Message-ID: <20251107201151.3303170-3-jmattson@google.com> Subject: [RFC PATCH 2/6] KVM: x86: nSVM: Redirect PAT MSR accesses to gPAT when NPT is enabled in vmcb12 From: Jim Mattson To: Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Alexander Graf , Joerg Roedel , Avi Kivity , "=?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?=" , David Hildenbrand , kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Jim Mattson Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" According to the APM volume 2, section 15.25.2: "Replicated State," While nested paging is enabled, all (guest) references to the state of the paging registers by x86 code (MOV to/from CRn, etc.) read and write the guest copy of the registers. The PAT MSR is explicitly enumerated as a "paging register" in that section of the APM. Implement the architected behavior by redirecting PAT MSR accesses from vcpu->arch.pat to svm->vmcb->save.g_pat when L2 is active and nested paging is enabled in vmcb12. Note that the change in KVM_{GET,SET}_MSRS semantics breaks serialization. Trigger a fixup in svm_set_nested_state() by setting the VALID_GPAT flag in the SVM nested state header. Fixes: 3d6368ef580a ("KVM: SVM: Add VMRUN handler") Signed-off-by: Jim Mattson --- arch/x86/kvm/svm/nested.c | 1 + arch/x86/kvm/svm/svm.c | 25 +++++++++++++++++-------- 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index ad11b11f482e..c68511948501 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -1728,6 +1728,7 @@ static int svm_get_nested_state(struct kvm_vcpu *vcpu, /* First fill in the header and copy it out. */ if (is_guest_mode(vcpu)) { kvm_state.hdr.svm.vmcb_pa =3D svm->nested.vmcb12_gpa; + kvm_state.hdr.svm.flags =3D KVM_STATE_SVM_VALID_GPAT; kvm_state.size +=3D KVM_STATE_NESTED_SVM_VMCB_SIZE; kvm_state.flags |=3D KVM_STATE_NESTED_GUEST_MODE; =20 diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index b4e5a0684f57..7e192fd5fb7f 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2675,6 +2675,12 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct= msr_data *msr_info) return 1; msr_info->data =3D svm->tsc_ratio_msr; break; + case MSR_IA32_CR_PAT: + if (!(is_guest_mode(vcpu) && nested_npt_enabled(svm))) + msr_info->data =3D vcpu->arch.pat; + else + msr_info->data =3D svm->vmcb->save.g_pat; + break; case MSR_STAR: msr_info->data =3D svm->vmcb01.ptr->save.star; break; @@ -2864,14 +2870,17 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struc= t msr_data *msr) =20 break; case MSR_IA32_CR_PAT: - ret =3D kvm_set_msr_common(vcpu, msr); - if (ret) - break; - - svm->vmcb01.ptr->save.g_pat =3D data; - if (is_guest_mode(vcpu)) - nested_vmcb02_compute_g_pat(svm); - vmcb_mark_dirty(svm->vmcb, VMCB_NPT); + if (!kvm_pat_valid(data)) + return 1; + if (!(is_guest_mode(vcpu) && nested_npt_enabled(svm))) { + vcpu->arch.pat =3D data; + svm->vmcb01.ptr->save.g_pat =3D data; + vmcb_mark_dirty(svm->vmcb01.ptr, VMCB_NPT); + } + if (is_guest_mode(vcpu)) { + svm->vmcb->save.g_pat =3D data; + vmcb_mark_dirty(svm->vmcb, VMCB_NPT); + } break; case MSR_IA32_SPEC_CTRL: if (!msr->host_initiated && --=20 2.51.2.1041.gc1ab5b90ca-goog