From nobody Sun Feb 8 00:50:14 2026 Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com [209.85.210.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C895027A92E for ; Tue, 6 Jan 2026 04:12:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767672779; cv=none; b=YBihqzudIWJUxhMfTbARH1bEtuFGbpT5U/dMzieNvBgSQDf8UqqVVBJjjuM2KkRVk+7kjR6VA50oW5NjQEJAKf4TzAtXO51Kz09GHFn0UWf5dibIUiWGbxg5acaQZKaBdZis6v37o/K/2L7xax/76n2EuiKdnSAkTVKSTxRSvqM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767672779; c=relaxed/simple; bh=eqO0Kv1lG1xRa9+VK2X+u56SGUxTKyJ5KAP+w6M5lfI=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=V2n0DLVtlWu1OvKjcsGPM3tHabCMygKnO2/2ZswbnIdK18Qp+ANG97DNQAkazCrBgt8BonZQ5yaTCRkQ5owmZy1kxFh2Ipzm6JqtG/uhNORLiAhVHcSYdhgvdWbdman2eOcGsaCQKe6g3VSW1B09+tkk9BV7qShA1M4ARh6vVds= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--chengkev.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=aOZcHvYB; arc=none smtp.client-ip=209.85.210.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--chengkev.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="aOZcHvYB" Received: by mail-pf1-f201.google.com with SMTP id d2e1a72fcca58-7ba92341f38so766089b3a.0 for ; Mon, 05 Jan 2026 20:12:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1767672777; x=1768277577; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=wKBhf00uvhMJ8An/gEVWZfQB7n6tOLhql0zNS2GTY5o=; b=aOZcHvYBIMG1GWF6ic67G0P6pQ5qIu0P+xKVM6GmQilRETZZSbmt+NqIZ5li0bsXyy xzENTsNim83sxkS+bqLfMJNdI8Bs0R32xm6Bh5xl3JiaYlZ7ZzjVA8IFlfKrYgLH5VGK Ua+1DvUdBO0QZe381hYMfxMO19WRxQQwdkvOBtxpMhZ/j6vvw2Ws6qzYRgLU5DVfrDMm UI8qyLtlybVdeHBs1SBB+U4SnOXXWq36P4cdQig78qa0UnRhG3hENQt9cq1cuxnG2tgH Gq+jBrsuCVfrkf+DOz/JvWdn7ZVqUT+vGvocEvRORtWPqK8HCPWBT5Ohd6xxyobJY/ty HAYg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767672777; x=1768277577; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=wKBhf00uvhMJ8An/gEVWZfQB7n6tOLhql0zNS2GTY5o=; b=Du76ZQyPJJJmxe4y+b6J1/46YSfocoTfwmKeMo1dQqO5Ydmfs2SgBu2dYSx1ri2SBZ o+oisA+YdHe75yiWsSla9w19fhcmt+Wf9vzi2GDd80YnmUxT23PbNJuWMpnk71+ifVND rsMbRUknZDstCU+MitKh9OFaKiaVpII/GJ30e4FGSskvf45/HPD37smrYpWODgTQFUls WDrHAjRDUkengI3KmKx2WK2MutvukY7h2h/B9/la5b8XvMdLk+wUOJox0oINXsk5zYBk Eq26v+43IdqGNblRUBkvOT4a6647XsG5d6gLhGf8q9TN/4eOfKLRsLSmpuElyc802rhT qM8g== X-Forwarded-Encrypted: i=1; AJvYcCVdCBIX/4i57UaTnTs3uPMORgmB/71TO15PTq9Pz6id6aQGds/kfr6lvt4E3c+If0mik26IhE+ZEfCUObg=@vger.kernel.org X-Gm-Message-State: AOJu0YzZWZ92F93Bcg/TohNEBRDEbX/VLU/SEv/vnv/hrWZCHd5zwgvF AH7T5Ux1Lb112pXoOHpMLj6WrNlmY8qPTk+suwXI4jIA3A15GhQK5l3ftvTJ1In4TNsqBGYQiB2 BjksTIIReV2Xk8Q== X-Google-Smtp-Source: AGHT+IFe1v5OweSURGlODjjRkxwXogBauJupRDxtS61iYfJHSZPVQ2UqrIx7M5W8Kpfl3LbGkFjbDfPyphhSVQ== X-Received: from pgg7.prod.google.com ([2002:a05:6a02:4d87:b0:c0d:def8:3a1b]) (user=chengkev job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a20:394a:b0:35d:ce99:cc23 with SMTP id adf61e73a8af0-389823c75f4mr1306938637.49.1767672777086; Mon, 05 Jan 2026 20:12:57 -0800 (PST) Date: Tue, 6 Jan 2026 04:12:49 +0000 In-Reply-To: <20260106041250.2125920-1-chengkev@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260106041250.2125920-1-chengkev@google.com> X-Mailer: git-send-email 2.52.0.351.gbe84eed79e-goog Message-ID: <20260106041250.2125920-2-chengkev@google.com> Subject: [PATCH 1/2] KVM: SVM: Generate #UD for certain instructions when SVME.EFER is disabled From: Kevin Cheng To: seanjc@google.com, pbonzini@redhat.com Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, yosry.ahmed@linux.dev, Kevin Cheng Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The AMD APM states that VMRUN, VMLOAD, VMSAVE, CLGI, VMMCALL, and INVLPGA instructions should generate a #UD when EFER.SVME is cleared. Currently, when VMLOAD, VMSAVE, or CLGI are executed in L1 with EFER.SVME cleared, no #UD is generated in certain cases. This is because the intercepts for these instructions are cleared based on whether or not vls or vgif is enabled. The #UD fails to be generated when the intercepts are absent. INVLPGA is always intercepted, but there is no call to nested_svm_check_permissions() which is responsible for checking EFER.SVME and queuing the #UD exception. Fix the missing #UD generation by ensuring that all relevant instructions have intercepts set when SVME.EFER is disabled and that the exit handlers contain the necessary checks. VMMCALL is special because KVM's ABI is that VMCALL/VMMCALL are always supported for L1 and never fault. Signed-off-by: Kevin Cheng --- arch/x86/kvm/svm/svm.c | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 24d59ccfa40d9..fc1b8707bb00c 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -228,6 +228,14 @@ int svm_set_efer(struct kvm_vcpu *vcpu, u64 efer) if (!is_smm(vcpu)) svm_free_nested(svm); =20 + /* + * If EFER.SVME is being cleared, we must intercept these + * instructions to ensure #UD is generated. + */ + svm_set_intercept(svm, INTERCEPT_CLGI); + svm_set_intercept(svm, INTERCEPT_VMSAVE); + svm_set_intercept(svm, INTERCEPT_VMLOAD); + svm->vmcb->control.virt_ext &=3D ~VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK; } else { int ret =3D svm_allocate_nested(svm); =20 @@ -242,6 +250,15 @@ int svm_set_efer(struct kvm_vcpu *vcpu, u64 efer) */ if (svm_gp_erratum_intercept && !sev_guest(vcpu->kvm)) set_exception_intercept(svm, GP_VECTOR); + + if (vgif) + svm_clr_intercept(svm, INTERCEPT_CLGI); + + if (vls) { + svm_clr_intercept(svm, INTERCEPT_VMSAVE); + svm_clr_intercept(svm, INTERCEPT_VMLOAD); + svm->vmcb->control.virt_ext |=3D VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK; + } } } =20 @@ -2291,8 +2308,14 @@ static int clgi_interception(struct kvm_vcpu *vcpu) =20 static int invlpga_interception(struct kvm_vcpu *vcpu) { - gva_t gva =3D kvm_rax_read(vcpu); - u32 asid =3D kvm_rcx_read(vcpu); + gva_t gva; + u32 asid; + + if (nested_svm_check_permissions(vcpu)) + return 1; + + gva =3D kvm_rax_read(vcpu); + asid =3D kvm_rcx_read(vcpu); =20 /* FIXME: Handle an address size prefix. */ if (!is_long_mode(vcpu)) --=20 2.52.0.351.gbe84eed79e-goog From nobody Sun Feb 8 00:50:14 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1DF3127AC57 for ; Tue, 6 Jan 2026 04:12:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767672783; cv=none; b=Yz2wfG83fP9J9XzmKaciTTYeJPwVjFhYwD17xQnVdfmA1XXcQ5pOj5Lx/c2ZBmjFXt1DLB91eTZ503E4xfXRk8bnPJZySR6oiKVczhKNGVpbZbC1ar0uTAcOmQgPhQ0jauaseRAvwuD7TtnZS6q7kWP3uT+S21eP66a6zI731uY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767672783; c=relaxed/simple; bh=JAlAEtdbo80N7OYe4Cu0PS/PpFRLFX2PISvANkzvpeA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=tFs75dmIRHdZ6Ua6knOit9ADQVYQHRsH5gJzZ2iMeqygnHUuYJy1Uo7ZbCvRmjQtHr2ZjLkLBK39Q7YX2d/xTyORjoJSp/EurGS0RiBfZ7HubPlr7/HW0kZgZQxGaZO602hFpFCm0LLv2DLSiviOkFJjyH6bFED7l/o5hU/LULY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--chengkev.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=yhpbmgfU; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--chengkev.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="yhpbmgfU" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-34ac819b2f2so678776a91.0 for ; Mon, 05 Jan 2026 20:12:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1767672779; x=1768277579; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=6LH3hLDiZ3ov0lC1gcsWvC0RzXwXYlG/q9OQvvLs1Xs=; b=yhpbmgfUsqKvXbPlnBshw1dOVVj/BvWP2Cg69fM3fyqhdfln+9UoEHkl1l+A1/p0CO ys12fLjbCAYoZy0QQTDC9ssrnQTKZwgDTlPFe4xwhgMTkdBgHsfhAJ8th6cJnElRJloh G98IYlf3ak99wQ4YNrwYGGlhbcmz0O4fQE/H8yokgobVIFb1zD5soWWPXl7yVgPvQMo9 0qfuuSBpv2uF2vp7IPHNiBjxxmAlSN3miwYTjMChxGiCFKyj0OKZ5qqWypgBM/IbgsbH nF/p9NY/qnDKlyn0vH87b1WfQ4xAtKyaRd+F+3m4mQszzGB/spX1/2qgZDdveak8ihUj URhg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767672779; x=1768277579; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=6LH3hLDiZ3ov0lC1gcsWvC0RzXwXYlG/q9OQvvLs1Xs=; b=KBnfH0OQ8BCmXg/jC+G9Htp3GeZ7G5NU1ulSKyucvpO7Y7M5V98M/qNsBZZsei2lE/ yqC6MomitPJDZFqUMkDZqrbBq+hO3+7gntrLQsJyj/wCF8UkPuLeVFG8IvtyKF74ksfN QdTH/RLJKNti/l4vmiqa6GHCm/WYLu/qJcnoyFV1RWFN5uYimo8lMpWvn0q3BOUQ/qOB ENfNGUZ+WJLNkw1WgzHEm6t1B/Pso4OvIdHE3VKWoaJrszu427e7PltDgkJycvkoP94G l/peMCrD/larRU6r6NhFYoCXeczwveIIPOlYBBD5CL0T2ZnQEUoPwxUJEssnV6JkeKiz UEhw== X-Forwarded-Encrypted: i=1; AJvYcCVPvinxBtEB2wrLHbaXJ8/fVjuZb4aaJt+3dukeLWo8cXx6zJ+1Y88Xl7Jl4flra7WHN48HYGBdtPTWZPE=@vger.kernel.org X-Gm-Message-State: AOJu0YwY0l+SVoGGbjp0+B9yr4j4FjzfV9JLwsdXtsqGTjVEbA4LQv66 wFZcIUM4xukdFJYErFehzrjUio2fOFqoHV7dnlDpsjszSdE6nK1UyDxB0EapTFo33p5UrVXz/KS 1Bx0vG7DBLuhjpQ== X-Google-Smtp-Source: AGHT+IHcPJlLz/huni8seshB7udOPPqBmPg7WhGHOUJcqy2MpxEI82MXE0JD6sf8Tn4XFXiVjrrbfZ56BlB5Dg== X-Received: from pjbrs7.prod.google.com ([2002:a17:90b:2b87:b0:34a:bebf:c162]) (user=chengkev job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:1f82:b0:33f:f22c:8602 with SMTP id 98e67ed59e1d1-34f5f32c3ffmr1274852a91.26.1767672779370; Mon, 05 Jan 2026 20:12:59 -0800 (PST) Date: Tue, 6 Jan 2026 04:12:50 +0000 In-Reply-To: <20260106041250.2125920-1-chengkev@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260106041250.2125920-1-chengkev@google.com> X-Mailer: git-send-email 2.52.0.351.gbe84eed79e-goog Message-ID: <20260106041250.2125920-3-chengkev@google.com> Subject: [PATCH 2/2] KVM: SVM: Raise #UD if VMMCALL instruction is not intercepted From: Kevin Cheng To: seanjc@google.com, pbonzini@redhat.com Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, yosry.ahmed@linux.dev, Kevin Cheng Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The AMD APM states that if VMMCALL instruction is not intercepted, the instruction raises a #UD exception. Create a vmmcall exit handler that generates a #UD if a VMMCALL exit from L2 is being handled by L0, which means that L1 did not intercept the VMMCALL instruction. Co-developed-by: Sean Christopherson Co-developed-by: Yosry Ahmed Signed-off-by: Kevin Cheng --- arch/x86/kvm/svm/svm.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index fc1b8707bb00c..482495ad72d22 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -3179,6 +3179,20 @@ static int bus_lock_exit(struct kvm_vcpu *vcpu) return 0; } =20 +static int vmmcall_interception(struct kvm_vcpu *vcpu) +{ + /* + * If VMMCALL from L2 is not intercepted by L1, the instruction raises a + * #UD exception + */ + if (is_guest_mode(vcpu)) { + kvm_queue_exception(vcpu, UD_VECTOR); + return 1; + } + + return kvm_emulate_hypercall(vcpu); +} + static int (*const svm_exit_handlers[])(struct kvm_vcpu *vcpu) =3D { [SVM_EXIT_READ_CR0] =3D cr_interception, [SVM_EXIT_READ_CR3] =3D cr_interception, @@ -3229,7 +3243,7 @@ static int (*const svm_exit_handlers[])(struct kvm_vc= pu *vcpu) =3D { [SVM_EXIT_TASK_SWITCH] =3D task_switch_interception, [SVM_EXIT_SHUTDOWN] =3D shutdown_interception, [SVM_EXIT_VMRUN] =3D vmrun_interception, - [SVM_EXIT_VMMCALL] =3D kvm_emulate_hypercall, + [SVM_EXIT_VMMCALL] =3D vmmcall_interception, [SVM_EXIT_VMLOAD] =3D vmload_interception, [SVM_EXIT_VMSAVE] =3D vmsave_interception, [SVM_EXIT_STGI] =3D stgi_interception, --=20 2.52.0.351.gbe84eed79e-goog