From nobody Sun Feb 8 05:29:43 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ADCD62BEC34 for ; Thu, 1 Jan 2026 09:05:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767258333; cv=none; b=CHhwlGtIUFfSo5VTmh4rayUFZvDg95cAu8dsFCMe63P6Y9Euismb4QZcgH9gCRdvun4Pm+HBjAjmNXPS5plyIkAxokKlfB1Lwpd2pO0pOKGgskXylMIzDL+PzB02DQ7xcEfougk5Mtv8mGmY85M4Eu0PY8Ei7CzXpJaqaZKK70s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767258333; c=relaxed/simple; bh=3/a9OCUVyU9ScqNZQ0b1YmABoW/17pDAl/TUK/D/XVw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Rw/Y33VRqvBsRuSUaLqxb8ubyQcAReGRM90hHrvom+fPuiz14J1cOH5iShrftn5/kmAePSshxrtJmnBvTC+J2N4qOCF91yQ25epnbnQDTfKP8oM3djfyniRBvh2r/zBjuaxbqN0h/ZeBdpunhB2/d82xgRevOso6SbKSfD6rw08= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=S0J84aLR; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=LUG/s/6O; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="S0J84aLR"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="LUG/s/6O" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1767258330; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=oVrzWg1QLfb+e/xteMN/2PG1AfjCSUiR2/tQXeGIqc4=; b=S0J84aLRpd1g5dqryxHgP774KoRhIMzbCQPOP0lVRB8FZjZTZ1NPWeu2C0voUo0BtHazMo CtzXK6hoKCl5P4bS9b28j4tWoi2iUavYZJw0cL9bpfGKSeO0FHY1FagwumChWdS8JuOVRV Z6Cls5JUfDFqg2wmSSxQhRgNfbuCZIY= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-274-dH7WcyvjOkeeypI5laTomQ-1; Thu, 01 Jan 2026 04:05:29 -0500 X-MC-Unique: dH7WcyvjOkeeypI5laTomQ-1 X-Mimecast-MFC-AGG-ID: dH7WcyvjOkeeypI5laTomQ_1767258328 Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-477c49f273fso140877575e9.3 for ; Thu, 01 Jan 2026 01:05:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1767258328; x=1767863128; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=oVrzWg1QLfb+e/xteMN/2PG1AfjCSUiR2/tQXeGIqc4=; b=LUG/s/6OV0vkHswBFpixutpi5sQfptn9ptOrmRKRdvmeLD1vRo1awbtMkeSOkzo/Vc rNw6RJw1v44ykp63ur0Fx9W5Bb2rbxrK3gp9u63WQt+UXAlJ4bQzXlfli5FYjPASxT8R LiCkIOXyAJ7p7ziyiplaIdtwtnq/Y2vJpkqRDwodlYFopTlWtN02o/jGkQe4iSFWl9e4 Phc9HGOM7Z299ti1iDIlMtrLUC9RJ+uGeBZyUBtOUaX3q2YdpRk/JsEbxox7Hm26Iu5r 5uqu3VBBCBfS5aW4GMhMVBsQOYNT1dDFtM7fWRaaAczr1N8ukXS9j6UCtASGSOBgxMkB gKeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767258328; x=1767863128; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=oVrzWg1QLfb+e/xteMN/2PG1AfjCSUiR2/tQXeGIqc4=; b=hKio7WsA7TSsqAi/l9/y5NsZxtg0L571PF1Ib9JY8fDg59PuIokDI+HuubWcJni7fs hpTbafNApBwnVH+PnKvSO2qFRdA1zFUqc84mZstMI8I8gIHXp3d9YVH2QfVKalvmeOby oOJ8GwRpIKZ7sJo9UKyLXLFITfmCHHAIeCc5pPOh1lgwwAEJ0HTpomLlJ+Y0aq7F0qK1 t31+uP52EnYjg458aMQ4tQVyBJFLQwbX3xlCP3joSOiRghgLy9vj10b+WQ9T9aoKdS2C tZyetsiQMjVT+rd6/jh0kXTd2q2V9e1cg00fCm1wlY2ibqtmiNq3k5g3Zx2Lp/EBG2iU AHmA== X-Gm-Message-State: AOJu0YwWG/nrIIVR06+2I01JCZFAK3svu2CpNBboomC7lakXhe5539J7 x9gmI7lcFcfspUrz7JWJle5jFrGj5n6X6oSX8gpjRGWG1QQ8GHjgmFQtEefuuJU2KQuM9ngvnJ/ IcCGho2WhrFbOtmeXS3ZTH/DJ+9vllwrFzLwYhE9u2ml1Ax7QnIraByRi1qqL5s8urBsDOSQug/ oGDzXZ16Un1eo0qCOy/wvnUGGJbjRx/+sgk/hIOUtZ/CACdXQnfA== X-Gm-Gg: AY/fxX4q5kyR3Am5DJuiMK/ihmJqmSRkd2nzxnvEsG9kRkPdLMEbxpqbFQsoIqO4f0S HxD5e/hFVkwfp04OMbnRY+p8cRls1nwskdCykjWo4PmyU5o4pmkrjbLWmEV7gasLYd8urq0NhkU d2s+MLZ2z/TrP+l9xPoRaxTlA4xiTq/GBimOTTxVfVrFxA8UgzCVb1xdcMj4aXOAVZc6iiX13vK +JseOjaFciUY2QOXf1FU4hAfZc/Okus32DmxFBeNo0sNr5053+UaCvGx5vtUidaDNbij1cWl5x9 mZkTzDuCRr0iDeWPzHB2UKmMyJP5yANHX7vm+ptgJJEsFZkuQTt15fEJJCSXMrpbKVm+kmMkhb8 azbaNK2HY6Cia8vER3ipp2TVw/PmHw61GT3V2bmaNscku6A9At1yYIc+yhcy+GWevQnzDFB6V49 ufUgBYF6bFWH6x0g== X-Received: by 2002:a05:600c:1384:b0:46e:3550:9390 with SMTP id 5b1f17b1804b1-47d39ddee7amr338592245e9.20.1767258322885; Thu, 01 Jan 2026 01:05:22 -0800 (PST) X-Google-Smtp-Source: AGHT+IGIJiRlDf1E7O6XdT4RGGyZlYOteJ7r4qmoeA9C3oj2jnU10v7zPnwjpPk4IhSjXasbvCrsfg== X-Received: by 2002:a05:600c:1384:b0:46e:3550:9390 with SMTP id 5b1f17b1804b1-47d39ddee7amr338590295e9.20.1767258320516; Thu, 01 Jan 2026 01:05:20 -0800 (PST) Received: from [192.168.10.48] ([151.61.26.160]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4324ea22674sm79916544f8f.10.2026.01.01.01.05.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Jan 2026 01:05:19 -0800 (PST) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: seanjc@google.com, x86@kernel.org, stable@vger.kernel.org Subject: [PATCH 1/4] x86/fpu: Clear XSTATE_BV[i] in save state whenever XFD[i]=1 Date: Thu, 1 Jan 2026 10:05:13 +0100 Message-ID: <20260101090516.316883-2-pbonzini@redhat.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260101090516.316883-1-pbonzini@redhat.com> References: <20260101090516.316883-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Sean Christopherson When loading guest XSAVE state via KVM_SET_XSAVE, and when updating XFD in response to a guest WRMSR, clear XFD-disabled features in the saved (or to be restored) XSTATE_BV to ensure KVM doesn't attempt to load state for features that are disabled via the guest's XFD. Because the kernel executes XRSTOR with the guest's XFD, saving XSTATE_BV[i]=3D1 with XFD[i]= =3D1 will cause XRSTOR to #NM and panic the kernel. E.g. if fpu_update_guest_xfd() sets XFD without clearing XSTATE_BV: ------------[ cut here ]------------ WARNING: arch/x86/kernel/traps.c:1524 at exc_device_not_available+0x101/0= x110, CPU#29: amx_test/848 Modules linked in: kvm_intel kvm irqbypass CPU: 29 UID: 1000 PID: 848 Comm: amx_test Not tainted 6.19.0-rc2-ffa07f7f= d437-x86_amx_nm_xfd_non_init-vm #171 NONE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:exc_device_not_available+0x101/0x110 Call Trace: asm_exc_device_not_available+0x1a/0x20 RIP: 0010:restore_fpregs_from_fpstate+0x36/0x90 switch_fpu_return+0x4a/0xb0 kvm_arch_vcpu_ioctl_run+0x1245/0x1e40 [kvm] kvm_vcpu_ioctl+0x2c3/0x8f0 [kvm] __x64_sys_ioctl+0x8f/0xd0 do_syscall_64+0x62/0x940 entry_SYSCALL_64_after_hwframe+0x4b/0x53 ---[ end trace 0000000000000000 ]--- This can happen if the guest executes WRMSR(MSR_IA32_XFD) to set XFD[18] = =3D 1, and a host IRQ triggers kernel_fpu_begin() prior to the vmexit handler's call to fpu_update_guest_xfd(). and if userspace stuffs XSTATE_BV[i]=3D1 via KVM_SET_XSAVE: ------------[ cut here ]------------ WARNING: arch/x86/kernel/traps.c:1524 at exc_device_not_available+0x101/0= x110, CPU#14: amx_test/867 Modules linked in: kvm_intel kvm irqbypass CPU: 14 UID: 1000 PID: 867 Comm: amx_test Not tainted 6.19.0-rc2-2dace9fa= ccd6-x86_amx_nm_xfd_non_init-vm #168 NONE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:exc_device_not_available+0x101/0x110 Call Trace: asm_exc_device_not_available+0x1a/0x20 RIP: 0010:restore_fpregs_from_fpstate+0x36/0x90 fpu_swap_kvm_fpstate+0x6b/0x120 kvm_load_guest_fpu+0x30/0x80 [kvm] kvm_arch_vcpu_ioctl_run+0x85/0x1e40 [kvm] kvm_vcpu_ioctl+0x2c3/0x8f0 [kvm] __x64_sys_ioctl+0x8f/0xd0 do_syscall_64+0x62/0x940 entry_SYSCALL_64_after_hwframe+0x4b/0x53 ---[ end trace 0000000000000000 ]--- The new behavior is consistent with the AMX architecture. Per Intel's SDM, XSAVE saves XSTATE_BV as '0' for components that are disabled via XFD (and non-compacted XSAVE saves the initial configuration of the state component): If XSAVE, XSAVEC, XSAVEOPT, or XSAVES is saving the state component i, the instruction does not generate #NM when XCR0[i] =3D IA32_XFD[i] =3D 1; instead, it operates as if XINUSE[i] =3D 0 (and the state component was in its initial state): it saves bit i of XSTATE_BV field of the XSAVE header as 0; in addition, XSAVE saves the initial configuration of the state component (the other instructions do not save state component i). Alternatively, KVM could always do XRSTOR with XFD=3D0, e.g. by using a constant XFD based on the set of enabled features when XSAVEing for a struct fpu_guest. However, having XSTATE_BV[i]=3D1 for XFD-disabled features can only happen in the above interrupt case, or in similar scenarios involving preemption on preemptible kernels, because fpu_swap_kvm_fpstate()'s call to save_fpregs_to_fpstate() saves the outgoing FPU state with the current XFD; and that is (on all but the first WRMSR to XFD) the guest XFD. Therefore, XFD can only go out of sync with XSTATE_BV in the above interrupt case, or in similar scenarios involving preemption on preemptible kernels, and it we can consider it (de facto) part of KVM ABI that KVM_GET_XSAVE returns XSTATE_BV[i]=3D0 for XFD-disabled features. Reported-by: Paolo Bonzini Cc: stable@vger.kernel.org Fixes: 820a6ee944e7 ("kvm: x86: Add emulation for IA32_XFD", 2022-01-14) Signed-off-by: Sean Christopherson [Move clearing of XSTATE_BV from fpu_copy_uabi_to_guest_fpstate to kvm_vcpu_ioctl_x86_set_xsave. - Paolo] Signed-off-by: Paolo Bonzini Reviewed-by: Binbin Wu Reviewed-by: Yuan Yao --- arch/x86/kernel/fpu/core.c | 32 +++++++++++++++++++++++++++++--- arch/x86/kvm/x86.c | 9 +++++++++ 2 files changed, 38 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c index da233f20ae6f..166c380b0161 100644 --- a/arch/x86/kernel/fpu/core.c +++ b/arch/x86/kernel/fpu/core.c @@ -319,10 +319,29 @@ EXPORT_SYMBOL_FOR_KVM(fpu_enable_guest_xfd_features); #ifdef CONFIG_X86_64 void fpu_update_guest_xfd(struct fpu_guest *guest_fpu, u64 xfd) { + struct fpstate *fpstate =3D guest_fpu->fpstate; + fpregs_lock(); - guest_fpu->fpstate->xfd =3D xfd; - if (guest_fpu->fpstate->in_use) - xfd_update_state(guest_fpu->fpstate); + + /* + * KVM's guest ABI is that setting XFD[i]=3D1 *can* immediately revert + * the save state to initialized. Likewise, KVM_GET_XSAVE does the + * same as XSAVE and returns XSTATE_BV[i]=3D0 whenever XFD[i]=3D1. + * + * If the guest's FPU state is in hardware, just update XFD: the XSAVE + * in fpu_swap_kvm_fpstate will clear XSTATE_BV[i] whenever XFD[i]=3D1. + * + * If however the guest's FPU state is NOT resident in hardware, clear + * disabled components in XSTATE_BV now, or a subsequent XRSTOR will + * attempt to load disabled components and generate #NM _in the host_. + */ + if (xfd && test_thread_flag(TIF_NEED_FPU_LOAD)) + fpstate->regs.xsave.header.xfeatures &=3D ~xfd; + + fpstate->xfd =3D xfd; + if (fpstate->in_use) + xfd_update_state(fpstate); + fpregs_unlock(); } EXPORT_SYMBOL_FOR_KVM(fpu_update_guest_xfd); @@ -430,6 +449,13 @@ int fpu_copy_uabi_to_guest_fpstate(struct fpu_guest *g= fpu, const void *buf, if (ustate->xsave.header.xfeatures & ~xcr0) return -EINVAL; =20 + /* + * Disabled features must be in their initial state, otherwise XRSTOR + * causes an exception. + */ + if (WARN_ON_ONCE(ustate->xsave.header.xfeatures & kstate->xfd)) + return -EINVAL; + /* * Nullify @vpkru to preserve its current value if PKRU's bit isn't set * in the header. KVM's odd ABI is to leave PKRU untouched in this diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index ff8812f3a129..c0416f53b5f5 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -5807,9 +5807,18 @@ static int kvm_vcpu_ioctl_x86_get_xsave(struct kvm_v= cpu *vcpu, static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu, struct kvm_xsave *guest_xsave) { + union fpregs_state *xstate =3D (union fpregs_state *)guest_xsave->region; + if (fpstate_is_confidential(&vcpu->arch.guest_fpu)) return vcpu->kvm->arch.has_protected_state ? -EINVAL : 0; =20 + /* + * Do not reject non-initialized disabled features for backwards + * compatibility, but clear XSTATE_BV[i] whenever XFD[i]=3D1. + * Otherwise, XRSTOR would cause a #NM. + */ + xstate->xsave.header.xfeatures &=3D ~vcpu->arch.guest_fpu.fpstate->xfd; + return fpu_copy_uabi_to_guest_fpstate(&vcpu->arch.guest_fpu, guest_xsave->region, kvm_caps.supported_xcr0, --=20 2.52.0 From nobody Sun Feb 8 05:29:43 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 12EE8290DBB for ; Thu, 1 Jan 2026 09:05:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767258329; cv=none; b=DyHHJfvISE9Gs1PmyscgZRd0odjNhd+ppKEG1Fk5sRQXxpSnjxIlLBA2UZAVemFejxCCkHNY+N+KxiCKm1T0g7WmOrYtS4YvzqQ2QmVqgd9AJPdGx7EiWiU7CW14xCZPP5y/Bc0wk+gmRk4Pi58J5KXZlz1JLtzX8KUM8lYaAAM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767258329; c=relaxed/simple; bh=uJUoC1fqh3nasXV2hJWPwZ4FEafFTmiIA/eN62LUbns=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=br3qjZ0L6THNX/0kESJxKxOmLWEIcBI239OubIJc7Y39mvu73VSO0q00EeWzg2hQw5DH1g2CZFIetHv4fIBQh0QFEV/CW8Z8m71t65X2qmEovnQYJSoV4ss0jJqzKSq7z3skh4ACDPvbkpG+zKj7oUpvF8BuVI0CbXDcrVl/UCI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=OGvAPjni; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=RYpnwz5A; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="OGvAPjni"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="RYpnwz5A" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1767258326; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=iWm1grx6lrYHMd/frQidl905aBaP2UUBVSwZpsXb4ss=; b=OGvAPjnibuJRLIwL6qfw1Q0Bnjf1/LapgitP+bjRjwfU7WRJ7Dwuybzpu74hpZAKdy7hL1 UmWsMKi2P4ocrcspZIEb2bw+JYLeT5mL+FI1lXnMiKKR/ZoX7RL9087zhx6VJzI2zMEBJf bpE+Wg8ekcMUUuyiFmQUOQBlNGGhdiw= Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-146-VXrVTUYKOkCAn-kF1wqAXw-1; Thu, 01 Jan 2026 04:05:25 -0500 X-MC-Unique: VXrVTUYKOkCAn-kF1wqAXw-1 X-Mimecast-MFC-AGG-ID: VXrVTUYKOkCAn-kF1wqAXw_1767258324 Received: by mail-wr1-f70.google.com with SMTP id ffacd0b85a97d-430f5dcd4cdso5903252f8f.2 for ; Thu, 01 Jan 2026 01:05:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1767258323; x=1767863123; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=iWm1grx6lrYHMd/frQidl905aBaP2UUBVSwZpsXb4ss=; b=RYpnwz5AULkgSPrLEeCB0esRGcFu6fJQ0Dq6zfGHuAXnE6m4ZfssIAGsPZmaRF+WNw Kn8ag18bZmtCTjQAqyZH6M2YPS2W1qkRXA7ZGrT1cvqX98l5yNEUr8MzfHD4dp67Lln2 A/jo+BSK+NpcExDmGNFIhrl0mNwxP76XVEMmzh0+wyrZk9uKNwD5V5KvxdLPaT1p1026 +FIk3+BI/iVdxZB0z9gGtJCL7DCFDrBEZSFxxC1PEXRX96SMq7OSJYHlnijy5/oPB/Yv SZSyjvCD7EiXyBsiPf/vSA2mVGDqK7eCKa+jNFOLSdzR9UwVXdisD6RBsuaCSdEg2csp Zkgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767258323; x=1767863123; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=iWm1grx6lrYHMd/frQidl905aBaP2UUBVSwZpsXb4ss=; b=je0NQAOiFIrVtQFHEgdDN5PkvUy7fDAXE+hY2+BBWKkHLuX0/M5Z0eD4XlwihnMDxS Gd4J6qzi874Hnm1FplNl9mMp+hg1FAeqjanQMUa6dckkeR3ApIDuYPagLJwt+Z3m82tQ 8Zxv6SOm34Gzh0V4oRBNj5RP9pNeqvHlh76C5Ngx3iqTmle7kHL2Px2UU3ldXwCf/VPM gthB+gzlCBbNGt9Py6fKcZN69x7BJundd+hwH4CRjX0urjxqLQI/0nFunC3KbRcN3xOJ X03hKa4w0JkXs/UbhvTvF9g0xnYDcjXIEzU+pznl8d5FbACuEem7a7BW0uloLnz2uBk4 G8CQ== X-Gm-Message-State: AOJu0Yz30dzN7H+LZbqBfukFHTXtJzKEjXLVWtXgxyMKcsMhECVQ8lLz Eawy7k/VgdIo+07qwnLXVqaOF1JDJiXZsn+jJU/O3umbQlbKyuxVnQh9pEmsLbTXNp3hzmu54UE d0VYDNjGPWLq5LOg3RW+mV/FMEH08ZtBeFB7hqqdZIliHIaVQaOKtN6brntvYunt1P6OuF+QYgh YpLuK6pJ2WNkQNYDnuF7eamX2BopHPmzwYMvC6CySaqXTk2OH6dw== X-Gm-Gg: AY/fxX46C0UrhfnUbsXbkY6bhZXk3q/uOJeM1166kaR4pEx3JcWm1k17Sc4bbfYJ/ei 7jfS7IBs4eEeIYLXKukQnWLJJ0DVxyRipefZSKzH0Au3cobXcMTupeJtXVed4nTFeY/hkrQq+Yt xYtqU4ftYIPwtMjbnq+Sw/eda97F9ziUyGKy2A4/g7bQznkKLK05ZGlYOUKK35BDp3QMFoh5OoJ kv20dm7hoivA/AQsltV39H7Sx1tSBH9hXM9qSbREStBFJC+b6PQS3KxpzdS9zG1WRTR96nvyJpZ PaGNwLhUo1qkqR/ciBg3kLICm81X+2XTDkB8dZdYJoVGKAogqnxBE8IBeRQSnGa/vBHSdcVL3qF VsgBDXJTLBjarjjUC7k2/eDuiqhq4L+3YeBQ5Ni+SHYW0PXo0foAgg/54xmY36v0YUmCJNt5ZYH tY457Wq6C3ph2PNA== X-Received: by 2002:a05:6000:22c3:b0:431:488:b9a8 with SMTP id ffacd0b85a97d-4324e4faa8fmr52012251f8f.33.1767258322824; Thu, 01 Jan 2026 01:05:22 -0800 (PST) X-Google-Smtp-Source: AGHT+IHK4rSinXKO0GzMCec4k1MO9LSkvX69N11QioqyctAOPuoTwcgEc6vYyjGquBJKrJl4vCa5KA== X-Received: by 2002:a05:6000:22c3:b0:431:488:b9a8 with SMTP id ffacd0b85a97d-4324e4faa8fmr52012206f8f.33.1767258322288; Thu, 01 Jan 2026 01:05:22 -0800 (PST) Received: from [192.168.10.48] ([151.61.26.160]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4324eab2ebfsm77898315f8f.40.2026.01.01.01.05.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Jan 2026 01:05:21 -0800 (PST) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: seanjc@google.com, x86@kernel.org, stable@vger.kernel.org Subject: [PATCH 2/4] selftests: kvm: replace numbered sync points with actions Date: Thu, 1 Jan 2026 10:05:14 +0100 Message-ID: <20260101090516.316883-3-pbonzini@redhat.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260101090516.316883-1-pbonzini@redhat.com> References: <20260101090516.316883-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Rework the guest=3D>host syncs in the AMX test to use named actions instead of arbitrary, incrementing numbers. The "stage" of the test has no real meaning, what matters is what action the test wants the host to perform. The incrementing numbers are somewhat helpful for triaging failures, but fully debugging failures almost always requires a much deeper dive into the test (and KVM). Using named actions not only makes it easier to extend the test without having to shift all sync point numbers, it makes the code easier to read. [Commit message by Sean Christopherson] Cc: stable@vger.kernel.org Signed-off-by: Paolo Bonzini --- I wrote this before seeing your patch... It's obviously similar but different enough that I kept my version. :) Thanks anyway for including it, your commit message was better so I used it. tools/testing/selftests/kvm/x86/amx_test.c | 88 +++++++++++----------- 1 file changed, 43 insertions(+), 45 deletions(-) diff --git a/tools/testing/selftests/kvm/x86/amx_test.c b/tools/testing/sel= ftests/kvm/x86/amx_test.c index f4ce5a185a7d..4ac41c1a7255 100644 --- a/tools/testing/selftests/kvm/x86/amx_test.c +++ b/tools/testing/selftests/kvm/x86/amx_test.c @@ -124,6 +124,14 @@ static void set_tilecfg(struct tile_config *cfg) } } =20 +enum { + /* Check TMM0 against tiledata */ + TEST_COMPARE_TILEDATA =3D 1, + + /* Full VM save/restore */ + TEST_SAVE_RESTORE =3D 2, +}; + static void __attribute__((__flatten__)) guest_code(struct tile_config *am= x_cfg, struct tile_data *tiledata, struct xstate *xstate) @@ -131,20 +139,20 @@ static void __attribute__((__flatten__)) guest_code(s= truct tile_config *amx_cfg, GUEST_ASSERT(this_cpu_has(X86_FEATURE_XSAVE) && this_cpu_has(X86_FEATURE_OSXSAVE)); check_xtile_info(); - GUEST_SYNC(1); + GUEST_SYNC(TEST_SAVE_RESTORE); =20 /* xfd=3D0, enable amx */ wrmsr(MSR_IA32_XFD, 0); - GUEST_SYNC(2); + GUEST_SYNC(TEST_SAVE_RESTORE); GUEST_ASSERT(rdmsr(MSR_IA32_XFD) =3D=3D 0); set_tilecfg(amx_cfg); __ldtilecfg(amx_cfg); - GUEST_SYNC(3); + GUEST_SYNC(TEST_SAVE_RESTORE); /* Check save/restore when trap to userspace */ __tileloadd(tiledata); - GUEST_SYNC(4); + GUEST_SYNC(TEST_COMPARE_TILEDATA | TEST_SAVE_RESTORE); __tilerelease(); - GUEST_SYNC(5); + GUEST_SYNC(TEST_SAVE_RESTORE); /* * After XSAVEC, XTILEDATA is cleared in the xstate_bv but is set in * the xcomp_bv. @@ -154,6 +162,8 @@ static void __attribute__((__flatten__)) guest_code(str= uct tile_config *amx_cfg, GUEST_ASSERT(!(xstate->header.xstate_bv & XFEATURE_MASK_XTILE_DATA)); GUEST_ASSERT(xstate->header.xcomp_bv & XFEATURE_MASK_XTILE_DATA); =20 + /* #NM test */ + /* xfd=3D0x40000, disable amx tiledata */ wrmsr(MSR_IA32_XFD, XFEATURE_MASK_XTILE_DATA); =20 @@ -166,13 +176,13 @@ static void __attribute__((__flatten__)) guest_code(s= truct tile_config *amx_cfg, GUEST_ASSERT(!(xstate->header.xstate_bv & XFEATURE_MASK_XTILE_DATA)); GUEST_ASSERT((xstate->header.xcomp_bv & XFEATURE_MASK_XTILE_DATA)); =20 - GUEST_SYNC(6); + GUEST_SYNC(TEST_SAVE_RESTORE); GUEST_ASSERT(rdmsr(MSR_IA32_XFD) =3D=3D XFEATURE_MASK_XTILE_DATA); set_tilecfg(amx_cfg); __ldtilecfg(amx_cfg); /* Trigger #NM exception */ __tileloadd(tiledata); - GUEST_SYNC(10); + GUEST_SYNC(TEST_COMPARE_TILEDATA | TEST_SAVE_RESTORE); =20 GUEST_DONE(); } @@ -180,18 +190,18 @@ static void __attribute__((__flatten__)) guest_code(s= truct tile_config *amx_cfg, void guest_nm_handler(struct ex_regs *regs) { /* Check if #NM is triggered by XFEATURE_MASK_XTILE_DATA */ - GUEST_SYNC(7); + GUEST_SYNC(TEST_SAVE_RESTORE); GUEST_ASSERT(!(get_cr0() & X86_CR0_TS)); GUEST_ASSERT(rdmsr(MSR_IA32_XFD_ERR) =3D=3D XFEATURE_MASK_XTILE_DATA); GUEST_ASSERT(rdmsr(MSR_IA32_XFD) =3D=3D XFEATURE_MASK_XTILE_DATA); - GUEST_SYNC(8); + GUEST_SYNC(TEST_SAVE_RESTORE); GUEST_ASSERT(rdmsr(MSR_IA32_XFD_ERR) =3D=3D XFEATURE_MASK_XTILE_DATA); GUEST_ASSERT(rdmsr(MSR_IA32_XFD) =3D=3D XFEATURE_MASK_XTILE_DATA); /* Clear xfd_err */ wrmsr(MSR_IA32_XFD_ERR, 0); /* xfd=3D0, enable amx */ wrmsr(MSR_IA32_XFD, 0); - GUEST_SYNC(9); + GUEST_SYNC(TEST_SAVE_RESTORE); } =20 int main(int argc, char *argv[]) @@ -244,6 +254,7 @@ int main(int argc, char *argv[]) memset(addr_gva2hva(vm, xstate), 0, PAGE_SIZE * DIV_ROUND_UP(XSAVE_SIZE, = PAGE_SIZE)); vcpu_args_set(vcpu, 3, amx_cfg, tiledata, xstate); =20 + int iter =3D 0; for (;;) { vcpu_run(vcpu); TEST_ASSERT_KVM_EXIT_REASON(vcpu, KVM_EXIT_IO); @@ -253,20 +264,9 @@ int main(int argc, char *argv[]) REPORT_GUEST_ASSERT(uc); /* NOT REACHED */ case UCALL_SYNC: - switch (uc.args[1]) { - case 1: - case 2: - case 3: - case 5: - case 6: - case 7: - case 8: - fprintf(stderr, "GUEST_SYNC(%ld)\n", uc.args[1]); - break; - case 4: - case 10: - fprintf(stderr, - "GUEST_SYNC(%ld), check save/restore status\n", uc.args[1]); + ++iter; + if (uc.args[1] & TEST_COMPARE_TILEDATA) { + fprintf(stderr, "GUEST_SYNC #%d, check TMM0 contents\n", iter); =20 /* Compacted mode, get amx offset by xsave area * size subtract 8K amx size. @@ -279,11 +279,25 @@ int main(int argc, char *argv[]) ret =3D memcmp(amx_start, tiles_data, TILE_SIZE); TEST_ASSERT(ret =3D=3D 0, "memcmp failed, ret=3D%d", ret); kvm_x86_state_cleanup(state); - break; - case 9: - fprintf(stderr, - "GUEST_SYNC(%ld), #NM exception and enable amx\n", uc.args[1]); - break; + } + if (uc.args[1] & TEST_SAVE_RESTORE) { + fprintf(stderr, "GUEST_SYNC #%d, save/restore VM state\n", iter); + state =3D vcpu_save_state(vcpu); + memset(®s1, 0, sizeof(regs1)); + vcpu_regs_get(vcpu, ®s1); + + kvm_vm_release(vm); + + /* Restore state in a new VM. */ + vcpu =3D vm_recreate_with_one_vcpu(vm); + vcpu_load_state(vcpu, state); + kvm_x86_state_cleanup(state); + + memset(®s2, 0, sizeof(regs2)); + vcpu_regs_get(vcpu, ®s2); + TEST_ASSERT(!memcmp(®s1, ®s2, sizeof(regs2)), + "Unexpected register values after vcpu_load_state; rdi: %lx rsi: = %lx", + (ulong) regs2.rdi, (ulong) regs2.rsi); } break; case UCALL_DONE: @@ -293,22 +307,6 @@ int main(int argc, char *argv[]) TEST_FAIL("Unknown ucall %lu", uc.cmd); } =20 - state =3D vcpu_save_state(vcpu); - memset(®s1, 0, sizeof(regs1)); - vcpu_regs_get(vcpu, ®s1); - - kvm_vm_release(vm); - - /* Restore state in a new VM. */ - vcpu =3D vm_recreate_with_one_vcpu(vm); - vcpu_load_state(vcpu, state); - kvm_x86_state_cleanup(state); - - memset(®s2, 0, sizeof(regs2)); - vcpu_regs_get(vcpu, ®s2); - TEST_ASSERT(!memcmp(®s1, ®s2, sizeof(regs2)), - "Unexpected register values after vcpu_load_state; rdi: %lx rsi: %l= x", - (ulong) regs2.rdi, (ulong) regs2.rsi); } done: kvm_vm_free(vm); --=20 2.52.0 From nobody Sun Feb 8 05:29:43 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EEF232BE7AB for ; Thu, 1 Jan 2026 09:05:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767258331; cv=none; b=VSsFdmR0+O1aHiW1ABofsk4rHOIjY7aIp/W3+tQ5BNj1xWQrYNU0uUUnLhC9lgqBNqYBi5k2wpcSDQXiABJItTm665r7jlNgAv0NUE7ytSO0OWfZVgXP3Tbc1FAsk94HR9JCJbGwhKfQB/zCiBIEH/08G+uKtsDqbypMxf5ZYZ8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767258331; c=relaxed/simple; bh=Hsx0y+DbmN46u/TuVMRMvMafpwW8lChJnxfxXyvlonY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=DpwiVUPtMeHqowyAfQB6uJkP3+kONMLyduiFarAybJmYCfkjQx0fUN6EYL/thQjojwGcls7HpEKaDb5Aq7aCB2PvXZf5t6HXcaSwpaTWAlQ7Je2NokpJt0k2q/vEifTOXo3bV42JSzPGix3XnGx5D4OexRtgdR1xlW2ZPRvaMus= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=dMEWgrMw; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=ckKpStMj; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="dMEWgrMw"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="ckKpStMj" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1767258328; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dv2vXP7l71EPJ3a2syyzSbz7LlQzp2jJ3iF7aDVd9lk=; b=dMEWgrMwqWzCZHlECByXISSQtLkPrbL+egBv8h0BDolxAVim+hZfnUb9GYMBuNLeinY1ls AANsP1f3EpY6cBOTHSV4zTtv/1fOlhpNLCLibiudMSG2es+uRp3qWvZJfTyDVhguYIkS2Y ANUJLclWC0tvQNtaF2hSDBRQigor954= Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-161-2VjwDvDqMYa5USqcPubIqA-1; Thu, 01 Jan 2026 04:05:27 -0500 X-MC-Unique: 2VjwDvDqMYa5USqcPubIqA-1 X-Mimecast-MFC-AGG-ID: 2VjwDvDqMYa5USqcPubIqA_1767258327 Received: by mail-wr1-f72.google.com with SMTP id ffacd0b85a97d-430f5dcd4d3so6149676f8f.1 for ; Thu, 01 Jan 2026 01:05:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1767258325; x=1767863125; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=dv2vXP7l71EPJ3a2syyzSbz7LlQzp2jJ3iF7aDVd9lk=; b=ckKpStMjNpS+wan6drbcpjHb/zKY7iZtX5J8CwjEShs6iBU+nwETNJSPeVwKHbzLR8 W7w1MtVw6rKflZWuPVnSh9DyDHys+uXk26HuAWDFHQcj3PylUsSG4jcVVoDcskcW6cOY H7QOoQOi6wEg+IGNE/dDSvvz/W4XnlAWaaGffEsKA7XMtf8DweG2Z1SVtG7jduu7Z/BV xXm7XrmqwZmrq5Pod6CPVjD61T1W6PYryiL3WRmdnN+JS8thnJgpZPzo+lCOnt6NwHwu 4AcZT8DgiULlBwcJJQ1KqixjIk+79rA7JJJnM51mGe9tAmtC30A2y4hE9AfqE+PNonnV R6Sw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767258325; x=1767863125; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=dv2vXP7l71EPJ3a2syyzSbz7LlQzp2jJ3iF7aDVd9lk=; b=KsitAzPx0VQluuA1AuuZWvDP6vOvxJJNdJ6Vb2J309NqPeVA3EIWR4fCx4k3FdN91U h7xDX2kgW5g3/9nOmTpVjOqbX+b8Iko7eurw9mAW4UaU4Vzx/tT6uYgZaaaspu0EDh6L iI7HRrATACsmR5lbUXNB/w1oQA6PjNUnhdolhuytDkcN7J8Hb5RsRknTHCjhJNpiBEky cEf2/8FFZ1u6HrMYNyvrT1oO0OHoTP0B2uB6MpN03dyRUjCC0fRJSOTzRo+irfoHLOrx fDgl7fIJpSLou/Xf1BEYP6XfRwPZucU4xTZDNc7+VvVpDG3vE8GgIBBWsIMVRrV1Yqcj l+9w== X-Gm-Message-State: AOJu0YxjZm8uMViWy43xw4WRGzz6anyKMhk3pNyRKglg28eyy6HSQxB9 ukBLZK8YucRzyD17Ejw8FNybYiAtr2O+uT6FlUiJPxQE4dpUI1NZYQKPVUitaHboCUY5b/QiKfU 1oC/g84bFM8cjs8UkaqErBUb2QISId1nlolHOQAsXUFB9fzHYEqkac47oqfghk6W/6DKrVhirYF HGloQiskojgFWPw+Mk4M6TiHCe58peJ2IBwEWT2zSC+7A6w3C3fg== X-Gm-Gg: AY/fxX6Ah97Qa0BC39PgmLI344pp07XBINAEU+H+q0lw68sbnum5zDC4OJCiXuqhzYr 8tuHb2SCClFgyJGUrLyRfijqoTPLligMYAXGyCCkUBWAwi+svzGaylwMZ03RO/UGWGgLnKDY7BP mCicXpLK55KPOGFDLpLxSkUz8wtw9mQ4S4E1MEt7PaoSKV4pmhEzEvA4Bf2iz6eIipYzEZdbVIy 3rUgiTH3w4JqsdWp9R1nrzw89c89NNeIzPGglmLGZGy4NgZZ/ALOsAGzLItw8G7vcdOlTK8e9GA Kz8/FvUGI6Wmt4+iUJpWE1Bnnrh1mtycZsydXJNhge5jMg1q/L1y2K33RmtyD6lBEp48C2IqDYV /kGGnWYQwCwZRsxaNcKM8+Lji+j7hYL4uHkorXYDuIEcdCRQvZehGaHAD7PPXTlByIC2DxDprgK Kg0VqBLyDJONRs6Q== X-Received: by 2002:a5d:64e9:0:b0:431:382:f141 with SMTP id ffacd0b85a97d-4324e3f5da3mr60213168f8f.12.1767258325339; Thu, 01 Jan 2026 01:05:25 -0800 (PST) X-Google-Smtp-Source: AGHT+IE4WAOxBJTLEpMN3jGlnx3z7h44fd/Ys6O2ejcU9i7fcmeDx6jvrwYWYXW2AgjJFsozrXROrA== X-Received: by 2002:a5d:64e9:0:b0:431:382:f141 with SMTP id ffacd0b85a97d-4324e3f5da3mr60213121f8f.12.1767258324894; Thu, 01 Jan 2026 01:05:24 -0800 (PST) Received: from [192.168.10.48] ([151.61.26.160]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4324eab2c4fsm78890215f8f.42.2026.01.01.01.05.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Jan 2026 01:05:23 -0800 (PST) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: seanjc@google.com, x86@kernel.org, stable@vger.kernel.org Subject: [PATCH 3/4] selftests: kvm: try getting XFD and XSAVE state out of sync Date: Thu, 1 Jan 2026 10:05:15 +0100 Message-ID: <20260101090516.316883-4-pbonzini@redhat.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260101090516.316883-1-pbonzini@redhat.com> References: <20260101090516.316883-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The host is allowed to set FPU state that includes a disabled xstate component. Check that this does not cause bad effects. Cc: stable@vger.kernel.org Signed-off-by: Paolo Bonzini --- tools/testing/selftests/kvm/x86/amx_test.c | 38 +++++++++++++++++----- 1 file changed, 30 insertions(+), 8 deletions(-) diff --git a/tools/testing/selftests/kvm/x86/amx_test.c b/tools/testing/sel= ftests/kvm/x86/amx_test.c index 4ac41c1a7255..00a42a592a37 100644 --- a/tools/testing/selftests/kvm/x86/amx_test.c +++ b/tools/testing/selftests/kvm/x86/amx_test.c @@ -125,11 +125,17 @@ static void set_tilecfg(struct tile_config *cfg) } =20 enum { + /* Retrieve TMM0 from guest, stash it for TEST_RESTORE_TILEDATA */ + TEST_SAVE_TILEDATA =3D 1, + /* Check TMM0 against tiledata */ - TEST_COMPARE_TILEDATA =3D 1, + TEST_COMPARE_TILEDATA =3D 2, + + /* Restore TMM0 from earlier save */ + TEST_RESTORE_TILEDATA =3D 4, =20 /* Full VM save/restore */ - TEST_SAVE_RESTORE =3D 2, + TEST_SAVE_RESTORE =3D 8, }; =20 static void __attribute__((__flatten__)) guest_code(struct tile_config *am= x_cfg, @@ -150,7 +156,16 @@ static void __attribute__((__flatten__)) guest_code(st= ruct tile_config *amx_cfg, GUEST_SYNC(TEST_SAVE_RESTORE); /* Check save/restore when trap to userspace */ __tileloadd(tiledata); - GUEST_SYNC(TEST_COMPARE_TILEDATA | TEST_SAVE_RESTORE); + GUEST_SYNC(TEST_SAVE_TILEDATA | TEST_COMPARE_TILEDATA | TEST_SAVE_RESTORE= ); + + /* xfd=3D0x40000, disable amx tiledata */ + wrmsr(MSR_IA32_XFD, XFEATURE_MASK_XTILE_DATA); + + /* host tries setting tiledata while guest XFD is set */ + GUEST_SYNC(TEST_RESTORE_TILEDATA); + GUEST_SYNC(TEST_SAVE_RESTORE); + + wrmsr(MSR_IA32_XFD, 0); __tilerelease(); GUEST_SYNC(TEST_SAVE_RESTORE); /* @@ -210,10 +225,10 @@ int main(int argc, char *argv[]) struct kvm_vcpu *vcpu; struct kvm_vm *vm; struct kvm_x86_state *state; + struct kvm_x86_state *tile_state =3D NULL; int xsave_restore_size; vm_vaddr_t amx_cfg, tiledata, xstate; struct ucall uc; - u32 amx_offset; int ret; =20 /* @@ -265,20 +280,27 @@ int main(int argc, char *argv[]) /* NOT REACHED */ case UCALL_SYNC: ++iter; + if (uc.args[1] & TEST_SAVE_TILEDATA) { + fprintf(stderr, "GUEST_SYNC #%d, save tiledata\n", iter); + tile_state =3D vcpu_save_state(vcpu); + } if (uc.args[1] & TEST_COMPARE_TILEDATA) { fprintf(stderr, "GUEST_SYNC #%d, check TMM0 contents\n", iter); =20 /* Compacted mode, get amx offset by xsave area * size subtract 8K amx size. */ - amx_offset =3D xsave_restore_size - NUM_TILES*TILE_SIZE; - state =3D vcpu_save_state(vcpu); - void *amx_start =3D (void *)state->xsave + amx_offset; + u32 amx_offset =3D xsave_restore_size - NUM_TILES*TILE_SIZE; + void *amx_start =3D (void *)tile_state->xsave + amx_offset; void *tiles_data =3D (void *)addr_gva2hva(vm, tiledata); /* Only check TMM0 register, 1 tile */ ret =3D memcmp(amx_start, tiles_data, TILE_SIZE); TEST_ASSERT(ret =3D=3D 0, "memcmp failed, ret=3D%d", ret); - kvm_x86_state_cleanup(state); + } + if (uc.args[1] & TEST_RESTORE_TILEDATA) { + fprintf(stderr, "GUEST_SYNC #%d, before KVM_SET_XSAVE\n", iter); + vcpu_xsave_set(vcpu, tile_state->xsave); + fprintf(stderr, "GUEST_SYNC #%d, after KVM_SET_XSAVE\n", iter); } if (uc.args[1] & TEST_SAVE_RESTORE) { fprintf(stderr, "GUEST_SYNC #%d, save/restore VM state\n", iter); --=20 2.52.0 From nobody Sun Feb 8 05:29:43 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 49F382BEFE8 for ; Thu, 1 Jan 2026 09:05:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767258334; cv=none; b=AP5Bc19N/CWjVtmnCJZ/jN4XbaT+Y7MAoP9woE7qEG4sB+oKkskHFHOsacGA+7lWw973bMw92HUtDKXS4+I1Mw8Fu0IE3wltisxv6UiXT1Eo2bM0sqD6uadYKL5XkoSuHaUI9IPUqpilBBFybk+xTs0FSJrXmJDNoet0k9DqJ54= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767258334; c=relaxed/simple; bh=HIN6QlfVhZ4iSbowtVUzS1M4y8SBEv60XuhX6Cf8bms=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=OL2b+FMeyd7bLu9r8jI8HU33hrRvYx0BhvUcQP9WLSOY2fAi9TqjT6rhH/0tXcWBQBF1Fu6+4y6Xw0gGvAyjtwg7IOyXVQ1golk6D+BSnT8Ek4NStk/bSfpWarRXDCN71UCTl1jDdi4bVR0d9HrC9gdRhXOzzQ6hCgjBbp61iJ8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=hkMj415l; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=ZWqwi8vG; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="hkMj415l"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="ZWqwi8vG" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1767258331; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=QTE9pNuMeO2V67xpWkcGk7SdONFO3mBmobXIG/f1Hmo=; b=hkMj415lIFlyuuHHRbN20BKxR3jc7sBJ3VS+RX4FdBAUrH66xhsUQMYMVkrWW3Cz8nBEGC 4iCwvDlE4y8IAgZUAZhXRPRXBymhSd8bGqIhgiIOTaD4ztfIYJP+bzcoRq5Zp4znu47zDv 89rf8Mwy6a/wyeHLhVrGP7FxNwxUo38= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-79-ihPL1695P9uyvWS622Gksg-1; Thu, 01 Jan 2026 04:05:30 -0500 X-MC-Unique: ihPL1695P9uyvWS622Gksg-1 X-Mimecast-MFC-AGG-ID: ihPL1695P9uyvWS622Gksg_1767258329 Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-47d5bd981c8so18170075e9.0 for ; Thu, 01 Jan 2026 01:05:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1767258328; x=1767863128; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=QTE9pNuMeO2V67xpWkcGk7SdONFO3mBmobXIG/f1Hmo=; b=ZWqwi8vGnnusemr4ekiEnYZsTDG0jX4DAFYfojl93J+SauqEpqTqLWUJBdNpFFq4Vf /7r2O6JaFrUSOrZFi3YnbeTtxMW0SIt2VBiNsgoB95LG2uTLPIfoo1efsNnkubCyie1S YPtUiMIpFvjMVB8XmHdoeMHe3LASByE+gG7GjulrW+hTWiNqwFgooIJmWQRSzSoPVRtP IEtR3Jd0jORx7J2JuDoZzTHQEYm6Y/WV7/3mnMJoKX+A/JcoyAMWXawlZf1kYiEGGMPX 54IYH3nFMPMr3H4uim1cPnq99WRgY996T0hEHesTQaJWZmpngO6EeE3us7jdXdGkA3IK 84YA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767258328; x=1767863128; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=QTE9pNuMeO2V67xpWkcGk7SdONFO3mBmobXIG/f1Hmo=; b=i8dpzjeRuYSCUpbRdGWL1x6BXa6zCacqSJO+Bb3D0kPvvtGFiU4IHyGQqNOjuJyCE3 qIO58JYIuYBSn/od5kVPdMZkqgqromcFWOI7VYZcJWNcL44j1EIwNaLEt2jS7+s8Imc7 FF2ULwITaaznDKLKlLggr2fvSQ9pp8NOyig4ODbftVRbEmAwX7STmenNYEo+3XJbwAqr NsfzQSmwTWkIdj0lk66vfpfHYNafC6yaOiLXDTD6Ptefq4TwJec5yNU7PhHju9xC18uz luvCXELW7OQJLQtyFZPB0QVJWHLDjkuvhsK/QXzr4KIj14MsaXbK31DqRRgw82d+ogVT QqwA== X-Gm-Message-State: AOJu0YzoKztMennicE9ZDyk3Tt2uGP8vuiyxE9QPaJZcN5l/3m2yraG7 6MnkCxqqAPU9e6yirki2dayV9StggYc3HYQUcGz2P8gtrCOSvrnLsdhIIE8x704U63puEF9TT00 Lfc+xOAznUJvHDMFvHOErJha57bZEcXYh3FR81SaJHSAb7ZLq0fVq/GXp70Od4AmusUu5kbFnHn 3FID+qrJXNyedRF/jbDOZVrDR/9bxeTIqzxk3/2aAGIxY3RCxoDA== X-Gm-Gg: AY/fxX6hTJncWoXX7gicDKjyVCGdx4MDc1PTYQds4JkbU0L8H5nD+Fdwyqf6fsfcixt nnMOQNwpepXZ/uWz8PGJuagj6EXt++sKw2BpBatjuKAqMSUPB1a/qp2SbpkfHDYzYROfYOjOz6w ep5iKgq18S7DLnA1pkyIC4YdnrfoX/oHOYvKDLztLK1BgGNYTOlI85NXcuN5/qxx4eTrGbpMCpN iXzUqBKgsaJuMtjsyJjhlZN/mObGso540MWZJ21ZwxL/6uCiMMYHvo51edBkkQ1KOpAwGIms9KB O7jA26BilVPUpqGhCd1KNK5G0UZr7NMaaAmlqaFMl7Br9O/6x7cWc0BBBrx7H1beKaPSuF5774Y a/3+VTZWwyxxhDSrWxg/fi3bxpyCoN4A6/XtKpI3PUZ7ySEBHZq2YHrOkhBIiIozX22JrKcMr9l 2lnd3WHYS8NF3STw== X-Received: by 2002:a05:600c:468f:b0:45c:4470:271c with SMTP id 5b1f17b1804b1-47d269c7019mr429028455e9.18.1767258328336; Thu, 01 Jan 2026 01:05:28 -0800 (PST) X-Google-Smtp-Source: AGHT+IEBmL9IKTWaJ4XtgqdZRB2G/c+eVr1WEScolURdqAQ/qGjBC7KkISj0FN8QL1kAXg0awIdr+g== X-Received: by 2002:a05:600c:468f:b0:45c:4470:271c with SMTP id 5b1f17b1804b1-47d269c7019mr429028105e9.18.1767258327943; Thu, 01 Jan 2026 01:05:27 -0800 (PST) Received: from [192.168.10.48] ([151.61.26.160]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be27c2260sm719923195e9.15.2026.01.01.01.05.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Jan 2026 01:05:25 -0800 (PST) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: seanjc@google.com, x86@kernel.org Subject: [PATCH 4/4] selftests: kvm: Verify TILELOADD actually #NM faults when XFD[18]=1 Date: Thu, 1 Jan 2026 10:05:16 +0100 Message-ID: <20260101090516.316883-5-pbonzini@redhat.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260101090516.316883-1-pbonzini@redhat.com> References: <20260101090516.316883-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Sean Christopherson Rework the AMX test's #NM handling to use kvm_asm_safe() to verify an #NM actually occurs. As is, a completely missing #NM could go unnoticed. Signed-off-by: Sean Christopherson Signed-off-by: Paolo Bonzini --- tools/testing/selftests/kvm/x86/amx_test.c | 30 +++++++++++++--------- 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/tools/testing/selftests/kvm/x86/amx_test.c b/tools/testing/sel= ftests/kvm/x86/amx_test.c index 00a42a592a37..371355bde54e 100644 --- a/tools/testing/selftests/kvm/x86/amx_test.c +++ b/tools/testing/selftests/kvm/x86/amx_test.c @@ -69,6 +69,12 @@ static inline void __tileloadd(void *tile) : : "a"(tile), "d"(0)); } =20 +static inline int tileloadd_safe(void *tile) +{ + return kvm_asm_safe(".byte 0xc4,0xe2,0x7b,0x4b,0x04,0x10", + "a"(tile), "d"(0)); +} + static inline void __tilerelease(void) { asm volatile(".byte 0xc4, 0xe2, 0x78, 0x49, 0xc0" ::); @@ -142,6 +148,8 @@ static void __attribute__((__flatten__)) guest_code(str= uct tile_config *amx_cfg, struct tile_data *tiledata, struct xstate *xstate) { + int vector; + GUEST_ASSERT(this_cpu_has(X86_FEATURE_XSAVE) && this_cpu_has(X86_FEATURE_OSXSAVE)); check_xtile_info(); @@ -195,17 +203,13 @@ static void __attribute__((__flatten__)) guest_code(s= truct tile_config *amx_cfg, GUEST_ASSERT(rdmsr(MSR_IA32_XFD) =3D=3D XFEATURE_MASK_XTILE_DATA); set_tilecfg(amx_cfg); __ldtilecfg(amx_cfg); + /* Trigger #NM exception */ - __tileloadd(tiledata); - GUEST_SYNC(TEST_COMPARE_TILEDATA | TEST_SAVE_RESTORE); + vector =3D tileloadd_safe(tiledata); + __GUEST_ASSERT(vector =3D=3D NM_VECTOR, + "Wanted #NM on tileloadd with XFD[18]=3D1, got %s", + ex_str(vector)); =20 - GUEST_DONE(); -} - -void guest_nm_handler(struct ex_regs *regs) -{ - /* Check if #NM is triggered by XFEATURE_MASK_XTILE_DATA */ - GUEST_SYNC(TEST_SAVE_RESTORE); GUEST_ASSERT(!(get_cr0() & X86_CR0_TS)); GUEST_ASSERT(rdmsr(MSR_IA32_XFD_ERR) =3D=3D XFEATURE_MASK_XTILE_DATA); GUEST_ASSERT(rdmsr(MSR_IA32_XFD) =3D=3D XFEATURE_MASK_XTILE_DATA); @@ -217,6 +221,11 @@ void guest_nm_handler(struct ex_regs *regs) /* xfd=3D0, enable amx */ wrmsr(MSR_IA32_XFD, 0); GUEST_SYNC(TEST_SAVE_RESTORE); + + __tileloadd(tiledata); + GUEST_SYNC(TEST_COMPARE_TILEDATA | TEST_SAVE_RESTORE); + + GUEST_DONE(); } =20 int main(int argc, char *argv[]) @@ -253,9 +262,6 @@ int main(int argc, char *argv[]) =20 vcpu_regs_get(vcpu, ®s1); =20 - /* Register #NM handler */ - vm_install_exception_handler(vm, NM_VECTOR, guest_nm_handler); - /* amx cfg for guest_code */ amx_cfg =3D vm_vaddr_alloc_page(vm); memset(addr_gva2hva(vm, amx_cfg), 0x0, getpagesize()); --=20 2.52.0