From nobody Sat Feb  7 18:20:23 2026
Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com
 [209.85.216.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0846930F556
	for <linux-kernel@vger.kernel.org>; Mon, 12 Jan 2026 17:45:41 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1768239947; cv=none;
 b=e+nhkhV25Dtq1BU+1EwYjyTFZExK5VYozXgaj4ucazWUiO/PO2bcemwfd0ONd1faH9FnaTWEKb64KmQGGiBkBcxfnlBfe1d99+nKlKmdpFGhmvo739J31FXgS7ePdXJUHL1Za5EXSf9Au92c+mkTuBeKJcIMbX1tzQ5AdP8u+xg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1768239947; c=relaxed/simple;
	bh=0Zgeqk6nvVnJdWqLW28/Asgqjv9ht3++oXRwRVKQXu4=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=r/12pR8yJ05RSx7Kg77gqBFRGHkRLA9ciHSNL7uogs1UezKlFZKxGxMTT1FeGw/iA5VbY1Lx/EAHlJyWmRnU6k21a2fBRMaL+JguF8mgNE1WhFNF/5weE70rkQm2wZbpHmppQ5BZPmcjkzC4b+2ngaALdU5LwBfmrz2vejDqkQE=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--chengkev.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=pUtsNEbF; arc=none smtp.client-ip=209.85.216.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--chengkev.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="pUtsNEbF"
Received: by mail-pj1-f73.google.com with SMTP id
 98e67ed59e1d1-34c904a1168so7489679a91.1
        for <linux-kernel@vger.kernel.org>;
 Mon, 12 Jan 2026 09:45:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1768239940; x=1768844740;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=b6BFne1S4FgseBSOPk1COHyA5nUIkO8P89zUv5Rb2gM=;
        b=pUtsNEbFFpX24X7JVxEzUD3T6giafgRqWmHi1yrjtkllEi/Gnw3imJrUc15tFEWvgt
         zfnj1ItNFAp8nH0GDuZHi9W++ektz9/cRm16QHpYl6WNMwNkxp/Hzv08feRVhnPd8RtF
         6NaxOCXrMROh7JSQ79grjTxrqB1rwgRqBowkSuN6l/kIj08UTjXkFH3NA7jHV4Lakd2R
         yAwh/1epb3NHu779gQmINrHgxBjTYWb0dGz8B1JwXUw9XWF5GfGR1D0FLGdpBH1HJYhI
         8baXWMV+hGWaY3VjjJt19hyBL02jC+dCu1wukTCgxhxZ+q14jijfKsu7ODYuIDhWxc+V
         GfSQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768239940; x=1768844740;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=b6BFne1S4FgseBSOPk1COHyA5nUIkO8P89zUv5Rb2gM=;
        b=dYW9QmR+5sQimDEajTivMwF9IliJ1BPeJqANaMzk3dz58T4o+uc2OhittOqBxXa12M
         z+VggU/kEaAQntM3+tOwDKfcTNn9h2KMEYyLD22MzXJzblUSLELZgh+cDZ2LXn1TZ+cK
         ilUKA5uU9352NV3F97Poju72OIl8MG4wGLKm4MDvi9IYwwg6PIXIYVs0aW+FqvXilVCA
         JoANSgH565dziABgr8Fo9Ut6iTZ7+mpOMclutmcX8bTCrSEznQMHDUxO9y2/FK2Yyl0u
         6K++tg7lE5IuLmm0/LnA262wRJrFSmg9LYKUju56lLv9StVPi1JgxawuV+VzThPbSXdb
         2tmw==
X-Forwarded-Encrypted: i=1;
 AJvYcCUp9GdZIFO8q+HdW3RdL1cot2a3pTjiGXG5uAAOUEvAf4DMEZ+uy6XxLkTe4aEa34F0J8oLGLdxQ15n5WU=@vger.kernel.org
X-Gm-Message-State: AOJu0YxfrHopppS76XJM6eNOmyJW74+IufK7Z0Tw5KrTxtYKixIXPcYE
	eRH55ega8MuRu55T+MdIn4ry3j1ARSWxlANsSo/LhM09VIu2qPlKGq5hL8tXfkoFXpcebu980b4
	xmrO4cKFXKEK/3w==
X-Google-Smtp-Source: 
 AGHT+IEsI2icbYhsaK4X1KyC1zLSu2ju/1AzRiF/TSEOp8nhrtSL0A6azxOTDtPe8zbtUddJYq620VW3jnuqkQ==
X-Received: from pjbiq12.prod.google.com
 ([2002:a17:90a:fb4c:b0:34e:9b4f:a5a6])
 (user=chengkev job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:90b:1b08:b0:34c:75d1:6f90 with SMTP id
 98e67ed59e1d1-34f68c0018dmr18551214a91.17.1768239940511;
 Mon, 12 Jan 2026 09:45:40 -0800 (PST)
Date: Mon, 12 Jan 2026 17:45:31 +0000
In-Reply-To: <20260112174535.3132800-1-chengkev@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260112174535.3132800-1-chengkev@google.com>
X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog
Message-ID: <20260112174535.3132800-2-chengkev@google.com>
Subject: [PATCH V2 1/5] KVM: SVM: Move STGI and CLGI intercept handling
From: Kevin Cheng <chengkev@google.com>
To: seanjc@google.com, pbonzini@redhat.com
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, yosry.ahmed@linux.dev,
	Kevin Cheng <chengkev@google.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Similar to VMLOAD/VMSAVE intercept handling, move the STGI/CLGI
intercept handling to svm_recalc_instruction_intercepts().
---
 arch/x86/kvm/svm/svm.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 24d59ccfa40d9..6373a25d85479 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -1010,6 +1010,11 @@ static void svm_recalc_instruction_intercepts(struct=
 kvm_vcpu *vcpu)
 			svm_clr_intercept(svm, INTERCEPT_VMSAVE);
 			svm->vmcb->control.virt_ext |=3D VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK;
 		}
+
+		if (vgif) {
+			svm_clr_intercept(svm, INTERCEPT_STGI);
+			svm_clr_intercept(svm, INTERCEPT_CLGI);
+		}
 	}
 }
=20
@@ -1147,11 +1152,8 @@ static void init_vmcb(struct kvm_vcpu *vcpu, bool in=
it_event)
 	if (vnmi)
 		svm->vmcb->control.int_ctl |=3D V_NMI_ENABLE_MASK;
=20
-	if (vgif) {
-		svm_clr_intercept(svm, INTERCEPT_STGI);
-		svm_clr_intercept(svm, INTERCEPT_CLGI);
+	if (vgif)
 		svm->vmcb->control.int_ctl |=3D V_GIF_ENABLE_MASK;
-	}
=20
 	if (vcpu->kvm->arch.bus_lock_detection_enabled)
 		svm_set_intercept(svm, INTERCEPT_BUSLOCK);
--=20
2.52.0.457.g6b5491de43-goog
From nobody Sat Feb  7 18:20:23 2026
Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com
 [209.85.214.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 74B6F26B2DA
	for <linux-kernel@vger.kernel.org>; Mon, 12 Jan 2026 17:45:43 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.214.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1768239947; cv=none;
 b=Ox7MFN0TggBRuuthiSDN1xIoIt59E/1aTqXJBzzKrq2VzgfWt0wXh4YFQIrK5qXZ6bD7DDtVGnRyj5kT7lkxqyxLtuMj1xr1lc0YSIG8dTbsTv5aZ5YlrbyMNpbS881Lx8So9adYVKQMjVb2AY3dWAs7FiCyNRdChYJWAgcrNdM=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1768239947; c=relaxed/simple;
	bh=xOfnG1aBwlhT5ExIDBvUxP1adasmDNOg8TXmPnKqN3M=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=mb+7Wk6CjktOGtTHLxOEj4Nanz4x0Uj/C2HaJcx0jxpoX6yH45hRyU+0LEye1dooQPFydesAsgdDJznF7rshlBii+KlxdRhRLGC9KzkamwMuVyWe4y9UEI5IZHznI3l4I06csKwzZeEbNQ49GvzWWjwEyd2IoJDwLwKSVPPsiDQ=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--chengkev.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=T086ZGJv; arc=none smtp.client-ip=209.85.214.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--chengkev.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="T086ZGJv"
Received: by mail-pl1-f202.google.com with SMTP id
 d9443c01a7336-2a08cbeb87eso75489425ad.3
        for <linux-kernel@vger.kernel.org>;
 Mon, 12 Jan 2026 09:45:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1768239943; x=1768844743;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=rLF7+g6UyQ0gURmpyXTkkRtZXO4GkddyPwktknZG6Vc=;
        b=T086ZGJvJz5Y57E7Z18iAZDvsE4vDiEJRJ2MqCu2dwGJSTIPzuu+5cIOZUp+6TCCvj
         ypgYa4nnhGvBf7Rm2N1fx9uWOnZI7XGgPxdMXVGKMiJAhMHoNammOUPNY/G9OLFOXFhE
         Su7cz0NMImPmoq2pR3x0GAvde26D3eHvdDOh2ah4QOuPRMGoI+FmoZEyoFMwdG6yzic1
         2XhA2vHAHWULKvtdKNh3l5uKVhD1hnYTY9difJzUckigSuVi/vaVjQd1JnR+lZDkHumJ
         U0Ptsiq8BJhx72Y5s5PckfPyNbtieUM72oAtiMaLzTJsii4QejD69xxPiVlnTeW6qGgn
         P79w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768239943; x=1768844743;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=rLF7+g6UyQ0gURmpyXTkkRtZXO4GkddyPwktknZG6Vc=;
        b=m38oaWO1qatKDF/onF8ckSy6ne15lDz8o3ktlwPx8ieiCoarrLpCS7uCaRhvxypbMJ
         RZEmm2wVBSTTz5kuWCTHlIP/2x6htitRXQ0KAqjeus51tHyPvOS3ZSyc7H2a0ng7L8BL
         6SxydYAIryt8rI4s1zzBs+c1M5L7zkqfPVYi8XRsNQToB2h7PcXwBV1Frh6Mr5PXkR3a
         XF7Vim9DcvhYKgqOFqEYQUwkXyq4XCWb7unGYcwypFMnU626iDc6ZQARR+UcbYn4lose
         ICMWdH2Y/l/wOrPkTu/tywetSC2l32oI19fEYRUFy8/HcYIlj2Cbi05ECSFy6kawwff2
         u1ww==
X-Forwarded-Encrypted: i=1;
 AJvYcCV4eRLfcbeaX7x2UYWAfejkGf1fnsGJjHLtO9jciRWqxhw3yMKYuNfZKtBGcEjAYpEtKL6oBYNEIFdDQ8Q=@vger.kernel.org
X-Gm-Message-State: AOJu0YwobzOSg6VWamo96faWnnJibFNNnSIFL+RyLkaylhNDgvUCMKZe
	nE9VWoee3zLHcMqBKXb0VgWGrGPt+AtdBoPhggoMv8F/Q6+gyV7yXxIZc6ptPoyuzg4aEwQS91g
	m+BFdlwXMpMye6Q==
X-Google-Smtp-Source: 
 AGHT+IECpF2HOzw9JzJsl2F3AC//WA83P5kTDpeU+O0IZ03XbMpGylx8rPOwlMtlxdgLjmySu9Ft3ZRHV1wpEg==
X-Received: from plch11.prod.google.com ([2002:a17:902:f2cb:b0:29f:1c3a:7fed])
 (user=chengkev job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:903:1108:b0:29e:e925:1aa0 with SMTP id
 d9443c01a7336-2a3ee4a8758mr152795175ad.45.1768239942693;
 Mon, 12 Jan 2026 09:45:42 -0800 (PST)
Date: Mon, 12 Jan 2026 17:45:32 +0000
In-Reply-To: <20260112174535.3132800-1-chengkev@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260112174535.3132800-1-chengkev@google.com>
X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog
Message-ID: <20260112174535.3132800-3-chengkev@google.com>
Subject: [PATCH V2 2/5] KVM: SVM: Inject #UD for STGI if EFER.SVME=0 and SVM
 Lock and DEV are not available
From: Kevin Cheng <chengkev@google.com>
To: seanjc@google.com, pbonzini@redhat.com
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, yosry.ahmed@linux.dev,
	Kevin Cheng <chengkev@google.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

The AMD APM states that STGI causes a #UD if SVM is not enabled and
neither SVM Lock nor the device exclusion vector (DEV) are supported.
Fix the STGI exit handler by injecting #UD when these conditions are
met.

Signed-off-by: Kevin Cheng <chengkev@google.com>
---
 arch/x86/kvm/svm/svm.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 6373a25d85479..557c84a060fc6 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -2271,8 +2271,18 @@ static int stgi_interception(struct kvm_vcpu *vcpu)
 {
 	int ret;
=20
-	if (nested_svm_check_permissions(vcpu))
+	if ((!(vcpu->arch.efer & EFER_SVME) &&
+	     !guest_cpu_cap_has(vcpu, X86_FEATURE_SVML) &&
+	     !guest_cpu_cap_has(vcpu, X86_FEATURE_SKINIT)) ||
+	    !is_paging(vcpu)) {
+		kvm_queue_exception(vcpu, UD_VECTOR);
+		return 1;
+	}
+
+	if (to_svm(vcpu)->vmcb->save.cpl) {
+		kvm_inject_gp(vcpu, 0);
 		return 1;
+	}
=20
 	ret =3D kvm_skip_emulated_instruction(vcpu);
 	svm_set_gif(to_svm(vcpu), true);
--=20
2.52.0.457.g6b5491de43-goog
From nobody Sat Feb  7 18:20:23 2026
Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com
 [209.85.214.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7555C37E30C
	for <linux-kernel@vger.kernel.org>; Mon, 12 Jan 2026 17:45:47 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.214.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1768239951; cv=none;
 b=ReeMNGOMLZEDSoA3+9whu3Hw13QM5qZkPhu/+vCGGT3XP/eowlU++RHeDpE6m/8rtKw29qS89o0l7QTdSXdJUUBQEX8HnO/vMJFwdWYJYl4nkFswJXPp6Kdaic+v3Ge+oofyncwaSIGPl03WlCFGcn4XpBO1jxcgUDQAPV164AI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1768239951; c=relaxed/simple;
	bh=kp2jK6zr4mIn9+6tKF3+TyYc1ZCdNqo89o7bQOtSKw0=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=JmdVbZzI16KyfSuzx80LWfw0jEZtsWZP0sY16GNUFeS+CflWpegWjveVmoqWAV1SAE+hStIe8IKb/nT2mlWSGIjjf6WGIbHbp9qTGuifHgOkenmWYy9dNqav7jm0WPtezHI3oyiIhSB9gv9ZIoIruX8ef5WAycIHNT59RfMVAUk=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--chengkev.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=woJbRchq; arc=none smtp.client-ip=209.85.214.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--chengkev.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="woJbRchq"
Received: by mail-pl1-f201.google.com with SMTP id
 d9443c01a7336-2a090819ed1so44801275ad.2
        for <linux-kernel@vger.kernel.org>;
 Mon, 12 Jan 2026 09:45:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1768239945; x=1768844745;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=DtWYxGviUfVuSB56QpF39Fiy0UYOG6eTR6xOLrjXEgw=;
        b=woJbRchqesWJKbJEspbeUuyRsKhgImpkyWwLiI54NMBSa8toyDiVY8Sf3AYrkLTtWj
         pgBR2Ut0jUkiD9Q28/Ay+E8l/NQbHd08xZ4crz3CVCmCRmx0dmSQlJ9G9EBagmjw6UYt
         HPfR3MHTlN6+dPNRDsAgqoUnkahiV+XjkMPPpOUy9wKcXOAqOScJejS/JNRfyk9E+Dax
         pe+7qY10p00lhOKYqQnZ9kYW7b54qcfzfGP0i4LVT5+M/D5ZjUTQ1d0gnIzrHKSEq8Wg
         xA0dY7inh1NjAQ9DscZwDEuW3NxK9KhNvHxLglDTu1PVaJiyOuqM5fExNYIAzfrnNO22
         CQpw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768239945; x=1768844745;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=DtWYxGviUfVuSB56QpF39Fiy0UYOG6eTR6xOLrjXEgw=;
        b=OLVK7Cs0BnnadfTrIdNqvS/oJENz5OQrKBunINBi2or9LrI8DV2TMsbpf/62aJfscm
         kau7uwk+3U+3QlpzT2KSw2DmDeiL21ToUpHwQw3bskdOhWFrgRcthouYPNmi3++KjSdQ
         IPYCyeMKpY+A2/ISvCNtGuLG029rmvl070ZG+LV0EojEgmZ3ts81a1k0RWy0APkUxAJN
         TxNJIbIXNyZ2l40YpK1RONZxDKqKLFj8Tj9B61/ndFps2cum0J+H0qct8pG+uzYmUTix
         Z7wOWLYZeEjoIVY69hrdztp+r6V+7swTe2gJlfVyS5C76OtMJcihyvLCFht8uSwccN4F
         eISQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCUoTBQAwLNk8qxZLDe/xbIWVIhnY+9VqgnceFFQT+VZNmeHqudlHYPrRTDE5NX05tRgjZhc7HTIK+vsGkw=@vger.kernel.org
X-Gm-Message-State: AOJu0YxsQTsF1buXVETb/TskJ3e1xs8p9e259M93uaIfMz03IRQuo/8Y
	Sczqw9+jPF0vjOn5veq76xSrWc7YEb/N3EJLg1ljaSOSnKR9x5Jg4eRS7KQHvckSRzqEKBIz9Dl
	4RAs9Bnq8WeftGQ==
X-Google-Smtp-Source: 
 AGHT+IFgF8FJPYnB7e+8ftCWYYaXPtH5JLdDI4hu+IyCGEqUJbhPdnq97S24ZckmQdHtVzXwLNoJ4pWTB+QNcQ==
X-Received: from pjbpm6.prod.google.com ([2002:a17:90b:3c46:b0:34a:c039:1428])
 (user=chengkev job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:90b:1dcd:b0:343:87b1:285 with SMTP id
 98e67ed59e1d1-34f68c02239mr16322380a91.18.1768239944735;
 Mon, 12 Jan 2026 09:45:44 -0800 (PST)
Date: Mon, 12 Jan 2026 17:45:33 +0000
In-Reply-To: <20260112174535.3132800-1-chengkev@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260112174535.3132800-1-chengkev@google.com>
X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog
Message-ID: <20260112174535.3132800-4-chengkev@google.com>
Subject: [PATCH V2 3/5] KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0
From: Kevin Cheng <chengkev@google.com>
To: seanjc@google.com, pbonzini@redhat.com
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, yosry.ahmed@linux.dev,
	Kevin Cheng <chengkev@google.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

INVLPGA should cause a #UD when EFER.SVME is not set. Add a check to
properly inject #UD when EFER.SVME=3D0.

Signed-off-by: Kevin Cheng <chengkev@google.com>
Reviewed-by: Yosry Ahmed <yosry.ahmed@linux.dev>
---
 arch/x86/kvm/svm/svm.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 557c84a060fc6..92a2faff1ccc8 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -2306,6 +2306,9 @@ static int invlpga_interception(struct kvm_vcpu *vcpu)
 	gva_t gva =3D kvm_rax_read(vcpu);
 	u32 asid =3D kvm_rcx_read(vcpu);
=20
+	if (nested_svm_check_permissions(vcpu))
+		return 1;
+
 	/* FIXME: Handle an address size prefix. */
 	if (!is_long_mode(vcpu))
 		gva =3D (u32)gva;
--=20
2.52.0.457.g6b5491de43-goog
From nobody Sat Feb  7 18:20:23 2026
Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com
 [209.85.215.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id B9E6137BE8B
	for <linux-kernel@vger.kernel.org>; Mon, 12 Jan 2026 17:45:49 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.215.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1768239952; cv=none;
 b=GO0/L1dNrlVrckCYNC0Ph/tdsutaLB2rDP2i3NoWL1xcqTbl4sGi/SfUkHjRgaKUay34Rgc0fNZeUp8BeeIfaLymn03T1kVE3xqu/E8wT85sMeAc1mjnfFBQNPqO9h4++gDOY947hMF08WbqOu6o8dFp1ErzfHRTQ6L7ft1IcAk=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1768239952; c=relaxed/simple;
	bh=9dxDLq6/qAbthmcYVLL6UpPvQimXHGVn+my1jHf4ajs=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=eB4fENMN83p3ZPaZcOkdNSJ+6F9kMZcDjEoSOhz4fCZqWNiFKvDRP6r7l9FYwUhEe5e1J9MU51aR5pB/svpYyOu3IXY6HpMBfixRbHHP27QEevvGTqj4gRfidFsNpEMn3gjyviU+dO8fMLcc6kxtR26NqM/XI7l2wARXlpVRu+M=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--chengkev.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=xabDZH0C; arc=none smtp.client-ip=209.85.215.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--chengkev.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="xabDZH0C"
Received: by mail-pg1-f202.google.com with SMTP id
 41be03b00d2f7-bce224720d8so4874316a12.1
        for <linux-kernel@vger.kernel.org>;
 Mon, 12 Jan 2026 09:45:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1768239947; x=1768844747;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=Z9mYJ7s1EdI2aCs8/LY1HGP2jLg2izSehk1J5fh5cOc=;
        b=xabDZH0Cwrs9jzvfGlyzajmKwkNAAU59OmT4GnNkP0Tj2dPj9kZCg00nyK17XS5hiZ
         QkHJbFwk/tgfE9+HpNFc/Egx8uanGI8boaAFwf+bGApeiwDeeYunyYjnX+ELq+fPIfEP
         X1B0sY8RnElviNY79+Jxe8zz35+NY+HdduGbsc+sNC9f0h726ONTmNFiWRFHxNUZ2zmo
         asXzOfeOX5CXhkL58a4VL9HO/HuVFATWSY6EADYrNGSj10860fsph+fmQzsqmURZd65n
         bRaCmMQEyGplckvj48TbBfCVw6PX75Txr2JKokmU1zRlJLWbzbRE6PTjwLvzxJODWgG0
         rb8A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768239947; x=1768844747;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=Z9mYJ7s1EdI2aCs8/LY1HGP2jLg2izSehk1J5fh5cOc=;
        b=Is/SGHsBj4KwwWvkLyfWrAzxk/E64SRW4Ob6vinQ2nLDhkM00/yNU6c+WJMqEJeVpx
         bsoaZOdRaivLOpg/LXOYPTa8rxCkebEJVWO4UTXEZ2dBJorOB7BHwdhGmAGWWm2W7HDr
         QosttLHtGARlTRyeXZYeIiGQdzVUjbrR3UO791esdQ6cVCn3x8z6y2JNPNhmEp5Fi6MC
         A0UI5c0052IKorqK98hjvP/sk5+BQyV16MR724ux1CzgKyjoJLxP/mtc9Nst/JXUHPo+
         ZV0InrJ/dcFrXE/w6PTVA6scmPYrX24dllymr6s4muv5M/u0tsrw7IxL9veZFBwyJFQ3
         Y0sQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCVBwmXZFS/BSzLJsF/9bAs4uMKC6ogEFoKApWaRTRTwOUjcsgceGf9oLLt3zvcpuZ3/gVnZaP1ssvZUvlM=@vger.kernel.org
X-Gm-Message-State: AOJu0YxguZ0hJFPUZcwF5AnakpOJSRQbukEmxjGQHai/ebwN4LM3qkk3
	0mwBs23B1vqNWXiB7YTqt3bovoNWEf5bpzWOp7OlQ3gRBojPub3CgGRKP9CJ46dcPVVXwu5fLkC
	S5nFhTicNEksqhQ==
X-Google-Smtp-Source: 
 AGHT+IHZLWinKl0nXEQlsM/Y2+fQq9S0C1TX1a/ig3aUG4pOqNvEjoIehuB27rxhWrnVV4X7V9ruCvf18/saHw==
X-Received: from pjbcc4.prod.google.com ([2002:a17:90a:f104:b0:34e:8f5a:9197])
 (user=chengkev job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:90b:1c05:b0:340:bb51:17eb with SMTP id
 98e67ed59e1d1-34f68c286c8mr16880247a91.15.1768239946859;
 Mon, 12 Jan 2026 09:45:46 -0800 (PST)
Date: Mon, 12 Jan 2026 17:45:34 +0000
In-Reply-To: <20260112174535.3132800-1-chengkev@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260112174535.3132800-1-chengkev@google.com>
X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog
Message-ID: <20260112174535.3132800-5-chengkev@google.com>
Subject: [PATCH V2 4/5] KVM: SVM: Recalc instructions intercepts when
 EFER.SVME is toggled
From: Kevin Cheng <chengkev@google.com>
To: seanjc@google.com, pbonzini@redhat.com
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, yosry.ahmed@linux.dev,
	Kevin Cheng <chengkev@google.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

The AMD APM states that VMRUN, VMLOAD, VMSAVE, CLGI, VMMCALL, and
INVLPGA instructions should generate a #UD when EFER.SVME is cleared.
Currently, when VMLOAD, VMSAVE, or CLGI are executed in L1 with
EFER.SVME cleared, no #UD is generated in certain cases. This is because
the intercepts for these instructions are cleared based on whether or
not vls or vgif is enabled. The #UD fails to be generated when the
intercepts are absent.

Fix the missing #UD generation by ensuring that all relevant
instructions have intercepts set when SVME.EFER is disabled.

VMMCALL is special because KVM's ABI is that VMCALL/VMMCALL are always
supported for L1 and never fault.

Signed-off-by: Kevin Cheng <chengkev@google.com>
---
 arch/x86/kvm/svm/svm.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 92a2faff1ccc8..92a66b62cfabd 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -243,6 +243,8 @@ int svm_set_efer(struct kvm_vcpu *vcpu, u64 efer)
 			if (svm_gp_erratum_intercept && !sev_guest(vcpu->kvm))
 				set_exception_intercept(svm, GP_VECTOR);
 		}
+
+		kvm_make_request(KVM_REQ_RECALC_INTERCEPTS, vcpu);
 	}
=20
 	svm->vmcb->save.efer =3D efer | EFER_SVME;
@@ -976,6 +978,7 @@ void svm_write_tsc_multiplier(struct kvm_vcpu *vcpu)
 static void svm_recalc_instruction_intercepts(struct kvm_vcpu *vcpu)
 {
 	struct vcpu_svm *svm =3D to_svm(vcpu);
+	u64 efer =3D vcpu->arch.efer;
=20
 	/*
 	 * Intercept INVPCID if shadow paging is enabled to sync/free shadow
@@ -996,7 +999,13 @@ static void svm_recalc_instruction_intercepts(struct k=
vm_vcpu *vcpu)
 			svm_set_intercept(svm, INTERCEPT_RDTSCP);
 	}
=20
-	if (guest_cpuid_is_intel_compatible(vcpu)) {
+	/*
+	 * Intercept instructions that #UD if EFER.SVME=3D0, as SVME must be set =
even
+	 * when running the guest, i.e. hardware will only ever see EFER.SVME=3D1.
+	 */
+	if (guest_cpuid_is_intel_compatible(vcpu) || !(efer & EFER_SVME)) {
+		svm_set_intercept(svm, INTERCEPT_CLGI);
+		svm_set_intercept(svm, INTERCEPT_STGI);
 		svm_set_intercept(svm, INTERCEPT_VMLOAD);
 		svm_set_intercept(svm, INTERCEPT_VMSAVE);
 		svm->vmcb->control.virt_ext &=3D ~VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK;
--=20
2.52.0.457.g6b5491de43-goog
From nobody Sat Feb  7 18:20:23 2026
Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com
 [209.85.216.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id A5F45374188
	for <linux-kernel@vger.kernel.org>; Mon, 12 Jan 2026 17:45:49 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1768239952; cv=none;
 b=rYDR4eakc4FsgojB8Dcytw4dl1ta94yreJeAjlnftJIsNb0NTu11QJDYzUYNWN2neYL1XU1S+Nl9zQYQ90I7E1wMCYx1Rkby96zONxFiaU9BdiXbZPHfxIYJhYQj3erRVYLERc0DDr4zOMErLqkO+ugim71r7V25AU3BiSuEk2g=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1768239952; c=relaxed/simple;
	bh=SRn/8LkmaiDx4mbVxdInxzII+UnuGlGMzo2ATeYcp5o=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=qldiMI5xpNSJKT+VVuk5d3Y0/Ge1wlIyFihtltzhpeYZ5RZ5i8f8/I+R73v9cjnX1uJyu+nPjIxNzFwsX3LyDhWVs1FxAEjYkoOlG3QxuCZyv1RS68dNyFXsddRyiiSPv8e4Yv95ahJ/ROnxqlebsaOeDoF5TjkhYEtcAl0qDoM=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--chengkev.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=hlbxr/0l; arc=none smtp.client-ip=209.85.216.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--chengkev.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="hlbxr/0l"
Received: by mail-pj1-f73.google.com with SMTP id
 98e67ed59e1d1-34ab459c051so2755990a91.0
        for <linux-kernel@vger.kernel.org>;
 Mon, 12 Jan 2026 09:45:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1768239949; x=1768844749;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=24RTjXW0RUIu3mbeBBuCS6+SaZyDve2lWE6uRECn1KA=;
        b=hlbxr/0lTFVl0DgOiIfM25GdVIgj02xHAIkz5ckR+iawUH7LBwPrvpnhm4zpUFaIT6
         bnEMlTceM2eEQAc7VMVCORljeOWoV3OJDgbmjFkcaO6z25k8z2iOQzE2cet5Tpj+KaGl
         f4IwqErMiqfoQ+CVzDdCL5IIKRmbAeProoJ+ceqX5URbBnoM6Z2YOp0pzlCP3CbcuclI
         hFlqmiTzFtnpEOzb85PWXs0GhOwgoeq2LJeuhx43Em/KJCF49Odd7gkh8DxMulKtP14h
         yPFkIUT5pYD5jLm+ofUVviuK7URlNl41CukCmNEBmqCDUtGEK4wl7UZLR2EcYGx30Qkj
         Fsjg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768239949; x=1768844749;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=24RTjXW0RUIu3mbeBBuCS6+SaZyDve2lWE6uRECn1KA=;
        b=S0e3IaHEZSw849brmJaNHb7s9LpP/zyoi1dy9sftb+r3D3XSt2UZSDk0SQo+JJd4fg
         E4iVMu1KgTQNkA2WvQTIfhfaCjZek0Flvr7oa+cu2gsjJFNdYFUI3XriPlE67KYZZyDF
         /EzwEYayiRn5dZi0NcNOuauZ1CwvJBiuQxYk3SEUN05/S92zjcm4pns6G3px5KbkBcbz
         11Sn35Idg3WEoXGq19+LN/vKiE9DfsaQnC6lZC1rX1BedC6QJ4R56mnRSFsc9wwqPvIP
         YHc0IB1vKX2EzXdL1IaGDMlio+tYXrd+mjIicDGT0IlGhMqHGAOlbCVfa6Ho4WeDfGoC
         0yUw==
X-Forwarded-Encrypted: i=1;
 AJvYcCW5zOZcuc//Xi1zKF2phfSwRPuGCD9SqlNnv3ko6pK+IhrH6QTdWvmRzAUeEm+dBV+lqZZAQLyhGRcqwPY=@vger.kernel.org
X-Gm-Message-State: AOJu0Yz0CLlr/HkYs2NzWjPDs4qlgu2xFn+mtQbdZeD8JHVwCkWcafKN
	VX5X0pLj3t/OqcxFkuNGplWNhoJGQ0t0yKQhaXJKHbw3T9tdHa8wLf+N88Kb1VQgSaVwpqAcHiv
	sX0ngv4np6stUtw==
X-Google-Smtp-Source: 
 AGHT+IHJL4gsPR2YUXI6J7F9iMrruLFSR8LmSuYPPLBbIXHlG9kM+3w07TqUZ3x+3X2RlYrnCrIw8LKbY0DrKA==
X-Received: from pjbrs15.prod.google.com
 ([2002:a17:90b:2b8f:b0:34a:b143:87d7])
 (user=chengkev job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:90b:4e:b0:330:82b1:ef76 with SMTP id
 98e67ed59e1d1-34f68c62a25mr14612405a91.28.1768239948999;
 Mon, 12 Jan 2026 09:45:48 -0800 (PST)
Date: Mon, 12 Jan 2026 17:45:35 +0000
In-Reply-To: <20260112174535.3132800-1-chengkev@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260112174535.3132800-1-chengkev@google.com>
X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog
Message-ID: <20260112174535.3132800-6-chengkev@google.com>
Subject: [PATCH V2 5/5] KVM: SVM: Raise #UD if VMMCALL instruction is not
 intercepted
From: Kevin Cheng <chengkev@google.com>
To: seanjc@google.com, pbonzini@redhat.com
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, yosry.ahmed@linux.dev,
	Kevin Cheng <chengkev@google.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

The AMD APM states that if VMMCALL instruction is not intercepted, the
instruction raises a #UD exception.

Create a vmmcall exit handler that generates a #UD if a VMMCALL exit
from L2 is being handled by L0, which means that L1 did not intercept
the VMMCALL instruction.

Suggested-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Kevin Cheng <chengkev@google.com>
Reviewed-by: Manali Shukla <manali.shukla@amd.com>
Reviewed-by: Yosry Ahmed <yosry.ahmed@linux.dev>
Tested-by: Manali Shukla <manali.shukla@amd.com>
---
 arch/x86/kvm/svm/svm.c | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 92a66b62cfabd..805267a5106ac 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -3180,6 +3180,20 @@ static int bus_lock_exit(struct kvm_vcpu *vcpu)
 	return 0;
 }
=20
+static int vmmcall_interception(struct kvm_vcpu *vcpu)
+{
+	/*
+	 * VMMCALL #UDs if it's not intercepted, and KVM reaches this point if
+	 * and only if the VMMCALL intercept is not set in vmcb12.
+	 */
+	if (is_guest_mode(vcpu)) {
+		kvm_queue_exception(vcpu, UD_VECTOR);
+		return 1;
+	}
+
+	return kvm_emulate_hypercall(vcpu);
+}
+
 static int (*const svm_exit_handlers[])(struct kvm_vcpu *vcpu) =3D {
 	[SVM_EXIT_READ_CR0]			=3D cr_interception,
 	[SVM_EXIT_READ_CR3]			=3D cr_interception,
@@ -3230,7 +3244,7 @@ static int (*const svm_exit_handlers[])(struct kvm_vc=
pu *vcpu) =3D {
 	[SVM_EXIT_TASK_SWITCH]			=3D task_switch_interception,
 	[SVM_EXIT_SHUTDOWN]			=3D shutdown_interception,
 	[SVM_EXIT_VMRUN]			=3D vmrun_interception,
-	[SVM_EXIT_VMMCALL]			=3D kvm_emulate_hypercall,
+	[SVM_EXIT_VMMCALL]			=3D vmmcall_interception,
 	[SVM_EXIT_VMLOAD]			=3D vmload_interception,
 	[SVM_EXIT_VMSAVE]			=3D vmsave_interception,
 	[SVM_EXIT_STGI]				=3D stgi_interception,
--=20
2.52.0.457.g6b5491de43-goog