From nobody Mon Feb 9 02:27:17 2026 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 74B6F26B2DA for ; Mon, 12 Jan 2026 17:45:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768239947; cv=none; b=Ox7MFN0TggBRuuthiSDN1xIoIt59E/1aTqXJBzzKrq2VzgfWt0wXh4YFQIrK5qXZ6bD7DDtVGnRyj5kT7lkxqyxLtuMj1xr1lc0YSIG8dTbsTv5aZ5YlrbyMNpbS881Lx8So9adYVKQMjVb2AY3dWAs7FiCyNRdChYJWAgcrNdM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768239947; c=relaxed/simple; bh=xOfnG1aBwlhT5ExIDBvUxP1adasmDNOg8TXmPnKqN3M=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=mb+7Wk6CjktOGtTHLxOEj4Nanz4x0Uj/C2HaJcx0jxpoX6yH45hRyU+0LEye1dooQPFydesAsgdDJznF7rshlBii+KlxdRhRLGC9KzkamwMuVyWe4y9UEI5IZHznI3l4I06csKwzZeEbNQ49GvzWWjwEyd2IoJDwLwKSVPPsiDQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--chengkev.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=T086ZGJv; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--chengkev.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="T086ZGJv" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-2a08cbeb87eso75489425ad.3 for ; Mon, 12 Jan 2026 09:45:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1768239943; x=1768844743; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=rLF7+g6UyQ0gURmpyXTkkRtZXO4GkddyPwktknZG6Vc=; b=T086ZGJvJz5Y57E7Z18iAZDvsE4vDiEJRJ2MqCu2dwGJSTIPzuu+5cIOZUp+6TCCvj ypgYa4nnhGvBf7Rm2N1fx9uWOnZI7XGgPxdMXVGKMiJAhMHoNammOUPNY/G9OLFOXFhE Su7cz0NMImPmoq2pR3x0GAvde26D3eHvdDOh2ah4QOuPRMGoI+FmoZEyoFMwdG6yzic1 2XhA2vHAHWULKvtdKNh3l5uKVhD1hnYTY9difJzUckigSuVi/vaVjQd1JnR+lZDkHumJ U0Ptsiq8BJhx72Y5s5PckfPyNbtieUM72oAtiMaLzTJsii4QejD69xxPiVlnTeW6qGgn P79w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768239943; x=1768844743; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=rLF7+g6UyQ0gURmpyXTkkRtZXO4GkddyPwktknZG6Vc=; b=m38oaWO1qatKDF/onF8ckSy6ne15lDz8o3ktlwPx8ieiCoarrLpCS7uCaRhvxypbMJ RZEmm2wVBSTTz5kuWCTHlIP/2x6htitRXQ0KAqjeus51tHyPvOS3ZSyc7H2a0ng7L8BL 6SxydYAIryt8rI4s1zzBs+c1M5L7zkqfPVYi8XRsNQToB2h7PcXwBV1Frh6Mr5PXkR3a XF7Vim9DcvhYKgqOFqEYQUwkXyq4XCWb7unGYcwypFMnU626iDc6ZQARR+UcbYn4lose ICMWdH2Y/l/wOrPkTu/tywetSC2l32oI19fEYRUFy8/HcYIlj2Cbi05ECSFy6kawwff2 u1ww== X-Forwarded-Encrypted: i=1; AJvYcCV4eRLfcbeaX7x2UYWAfejkGf1fnsGJjHLtO9jciRWqxhw3yMKYuNfZKtBGcEjAYpEtKL6oBYNEIFdDQ8Q=@vger.kernel.org X-Gm-Message-State: AOJu0YwobzOSg6VWamo96faWnnJibFNNnSIFL+RyLkaylhNDgvUCMKZe nE9VWoee3zLHcMqBKXb0VgWGrGPt+AtdBoPhggoMv8F/Q6+gyV7yXxIZc6ptPoyuzg4aEwQS91g m+BFdlwXMpMye6Q== X-Google-Smtp-Source: AGHT+IECpF2HOzw9JzJsl2F3AC//WA83P5kTDpeU+O0IZ03XbMpGylx8rPOwlMtlxdgLjmySu9Ft3ZRHV1wpEg== X-Received: from plch11.prod.google.com ([2002:a17:902:f2cb:b0:29f:1c3a:7fed]) (user=chengkev job=prod-delivery.src-stubby-dispatcher) by 2002:a17:903:1108:b0:29e:e925:1aa0 with SMTP id d9443c01a7336-2a3ee4a8758mr152795175ad.45.1768239942693; Mon, 12 Jan 2026 09:45:42 -0800 (PST) Date: Mon, 12 Jan 2026 17:45:32 +0000 In-Reply-To: <20260112174535.3132800-1-chengkev@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260112174535.3132800-1-chengkev@google.com> X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog Message-ID: <20260112174535.3132800-3-chengkev@google.com> Subject: [PATCH V2 2/5] KVM: SVM: Inject #UD for STGI if EFER.SVME=0 and SVM Lock and DEV are not available From: Kevin Cheng To: seanjc@google.com, pbonzini@redhat.com Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, yosry.ahmed@linux.dev, Kevin Cheng Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The AMD APM states that STGI causes a #UD if SVM is not enabled and neither SVM Lock nor the device exclusion vector (DEV) are supported. Fix the STGI exit handler by injecting #UD when these conditions are met. Signed-off-by: Kevin Cheng --- arch/x86/kvm/svm/svm.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 6373a25d85479..557c84a060fc6 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2271,8 +2271,18 @@ static int stgi_interception(struct kvm_vcpu *vcpu) { int ret; =20 - if (nested_svm_check_permissions(vcpu)) + if ((!(vcpu->arch.efer & EFER_SVME) && + !guest_cpu_cap_has(vcpu, X86_FEATURE_SVML) && + !guest_cpu_cap_has(vcpu, X86_FEATURE_SKINIT)) || + !is_paging(vcpu)) { + kvm_queue_exception(vcpu, UD_VECTOR); + return 1; + } + + if (to_svm(vcpu)->vmcb->save.cpl) { + kvm_inject_gp(vcpu, 0); return 1; + } =20 ret =3D kvm_skip_emulated_instruction(vcpu); svm_set_gif(to_svm(vcpu), true); --=20 2.52.0.457.g6b5491de43-goog