From nobody Sat Feb 7 22:21:02 2026 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1C3E21E9B1C for ; Tue, 13 Jan 2026 00:30:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768264239; cv=none; b=oFyvIBlPsyc3Vd4YRqsHy3uC+OgOePgYW8QquhF7pKJvSTRosNgWmFCumXdMieSL0hG1oTgzyEM5WvspMoKezmfWeV3BEqzXfbErtesOGH4S9dGzSc4lNwVluXv0Otn3nydoPhzc1VBT+UxctB8/kTYmSA1rSQJg8yot8Wmj/Ow= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768264239; c=relaxed/simple; bh=Qw7/+Bv+ZJMD1kWAfR4J104CN2SSeKSLv6Ry8RHEadY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=HFRssbEUasCgf8o6yA4uELGPFgydFcajZ9RyAo+Z+eVApQTtMZtXu9mtd5nJjSI3zkwjIqdNOJRgk4XnelK6GuQKvV2d7tXNGlKDr6ggxp9l/iOuutOnkl7PsU2Y5aPYIo/0Y9ccmL8KhjfXWby9ACgrzbQ5uxxWm/NoF6JTuRU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=XxyHPfgB; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="XxyHPfgB" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-c552d1f9eafso5559997a12.0 for ; Mon, 12 Jan 2026 16:30:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1768264237; x=1768869037; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=NJJK++kQXOUcZj8a61efcbFZJy/eWmOFKG52r9Uc6nI=; b=XxyHPfgBIJi7r9yQ/TQJtNm85iewA0WxJFyBUiOm/X2KTne5JRi6W8vM1jPUFmsZhz 74Z2fai4DoJ/rSoQEB5sshAJuLfFbpsJ7GpqNOwKhfH0Css2xj3J0f8ZHZPAZHGyZk7P O1bJHQrK3ETkNeusFyADwPIbxQxJ4PDyM76LRRG0MS/W24aksYWhDPY82f2rXAuNhelf PdJFth4TDaCZinVhEAgoC47A69NHlMNYLnZUDWxpUc8M5JXU4Mc1S+enL/iHUj+O1xkp sypge4SyFEcKR8YxbgLoarOc06HTAHMzmDoTOr0aVpSHoZa7rk76HadGZr9ZD2Zq5oe/ pW7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768264237; x=1768869037; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=NJJK++kQXOUcZj8a61efcbFZJy/eWmOFKG52r9Uc6nI=; b=IVL6NSbf6mRfqRlxml1YZpRGxdrI1nf3YlVvHF0T2aOvXt4hKdBROZ5mevIwcBBfZv w8bmNWQtHY9XdsR1qRzRke7YOYOd2yukR2UaxfwxGvfxzlsDv1obS9uX7A5cBak+ZJfn r3QBScOZI8n82/j8nN07dfJ4Vb7wFVO8XPM67m9Bdy3OWy9AdQf7HqUws+Cm6fMmkmmI cBWjk+t4QzDMHwluLTlMt8iLWlJ2h3YffrfTBta/2gUKLuVXudCJqaifeMWW8l0HhrAF 9sc4kX1b6oSn3oHoJAt3CIoXD0n1H54MpJonRSekosnUMg2890ofcpWeqEHC+S1YvZMg f/rg== X-Forwarded-Encrypted: i=1; AJvYcCVnDnppEcIVjakKaSVGKcYuk0d8kTE14AJf8d3BFbTBV8oaToHge1r6vgUyKbLV5Y5BRg5w8JbpFvA+4Hs=@vger.kernel.org X-Gm-Message-State: AOJu0YyJHXN3z+f+7KZHWLJo6sPLe0NjI87rchxK+zmxd9R5Hw11vEUA a8qBlX9IJ8KpXHpGy43SP7DHnV33MCl6Xx2jJtDrhZNf7Drl4nSldV7erHAqHzyWC7HwayLwjmn q1oEh01z5+esFFg== X-Google-Smtp-Source: AGHT+IGlqf3uE+IOk+ACZvlvsBJ+IigHxAa28NV4eSMRzjniHzTxU8YuH79977ClSL3jQcvpvl3/eJaX3Kig8Q== X-Received: from pgeh4.prod.google.com ([2002:a05:6a02:53c4:b0:bd9:a349:94c3]) (user=jmattson job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a21:329e:b0:35f:2293:877f with SMTP id adf61e73a8af0-3898f923821mr19441748637.33.1768264237450; Mon, 12 Jan 2026 16:30:37 -0800 (PST) Date: Mon, 12 Jan 2026 16:29:56 -0800 In-Reply-To: <20260113003016.3511895-1-jmattson@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260113003016.3511895-1-jmattson@google.com> X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog Message-ID: <20260113003016.3511895-2-jmattson@google.com> Subject: [PATCH 01/10] KVM: x86: nSVM: Add g_pat to fields copied by svm_copy_vmrun_state() From: Jim Mattson To: Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Shuah Khan , Joerg Roedel , Avi Kivity , Alexander Graf , "=?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?=" , David Hildenbrand , Cathy Avery , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: Jim Mattson Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The vmcb01 g_pat field holds the value of L1's IA32_PAT MSR. To preserve this value through virtual SMM and serialization, add g_pat to the fields copied by svm_copy_vmrun_state(). Signed-off-by: Jim Mattson --- arch/x86/kvm/svm/nested.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index f295a41ec659..a0e5bf1aba52 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -1090,6 +1090,7 @@ void svm_copy_vmrun_state(struct vmcb_save_area *to_s= ave, to_save->gdtr =3D from_save->gdtr; to_save->idtr =3D from_save->idtr; to_save->rflags =3D from_save->rflags | X86_EFLAGS_FIXED; + to_save->g_pat =3D from_save->g_pat; to_save->efer =3D from_save->efer; to_save->cr0 =3D from_save->cr0; to_save->cr3 =3D from_save->cr3; --=20 2.52.0.457.g6b5491de43-goog From nobody Sat Feb 7 22:21:02 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 60A9A239567 for ; Tue, 13 Jan 2026 00:30:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768264240; cv=none; b=JfD2Gm03l21ERvdgAWIlEX/LE32h0WYzCYvD91wUKVaUPGVgfAg87uELy6WCzY+u+TyQTf0EPDJQ5XmGlgBjG9oTtUh91Gkotzj3bfKaQRzBN1S5XHGAzKAlB8EL3CyLDnIZf/MfM0LPD/ZPXY0Lk2GLmxhxguSNkxMXhnj52l4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768264240; c=relaxed/simple; bh=Ui/XUDGeY/+Q+sHshnx+alC9tTo/Vg2ztYyLctjToo0=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=U3mhgGZBrgnlXyQMHQQNZ01SdawORs24U/rdUVKNBGrdNxdn6ZAyRuOiHtPb8ffEQOF6aKiDTPbrufgjFHBkKM/PFcUj8LfIlvZExaa37pTFVc2L7Qnu5ciVjJPrKdSSDqnNsPD+eBcr1Lb2Z7AdsqkFMyzKE2XP5aY7tKRkoAk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=GwM/QI3I; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="GwM/QI3I" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-34c5d203988so2567308a91.3 for ; Mon, 12 Jan 2026 16:30:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1768264239; x=1768869039; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=cmQ9PjY09gqi0kYdJAs4HO7SIXa24cDXIcMDQNhHsdk=; b=GwM/QI3I83+sd6HheXvQ9wOUyjn08n0cYYlE4jk+6ln4XlYTD8u4r+k5z7Z3lOBiO8 4AU2lQUjlaSddpXg5YvUoLBozEy8ESX7ysxLhkLfRY+DgD9YZ6ikOrzMKZuUusgwai7X y1PEtmXjMS3g1uS4U7w/zbscL2p/WnjF82ySIlz/7Dv68TdzJSmLQap+gbcBKAqJ5U7H tXTvMfSbED8o/CoAockTW2b+fTkVr3+IpPH6KBR5Ieix9kBQhyIR1XPXB5FVx0/TtsxI BGJG+aZLQDfLs/gv6Ye/HPf/OGvOokPTmbDAdb+32Wsqj50IBddEV16sjKzObcm30s8w Hzgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768264239; x=1768869039; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=cmQ9PjY09gqi0kYdJAs4HO7SIXa24cDXIcMDQNhHsdk=; b=sKu+j02XiklPaCHMwfP2gpfAx3s109zee5AkxOv2D/MQivhANnT4Z/QMDW1j2HUgVM xcSSZYYF7UJyznL8f4U9OqnNv0uCk4NOJbfAgkiYkd0DJIQDvuTI8GLd8AdvOa8CJJJD W3kSCvdUNkzur6NIbt4XqkncUAH+2ARSQkrJzRpUFwNIgoa9Vivpm0VGZMG3jluc49rE g0V8Inq4gO1ZB7GkE3CVsVisyq9MLvRyQCZvtPFbebjsQeJ6ia1KxsoMO9ezzGmHKalI YJt+DnmiJLX/hUYuOpVDP7NME+7xYAVbEWuMZy5W6KMoDa4QiXhxYBFmmXWYaLlKDBNc Jhyg== X-Forwarded-Encrypted: i=1; AJvYcCVtFHMong7Qyghj1EuSQN4bwdsus93ZrV3EESJfKZ4r7rjilWmeK0S6WTk0I1tiowgAVQsZYmpXzFgXaU4=@vger.kernel.org X-Gm-Message-State: AOJu0Yx0xIz5UDVZfd4eM37Z4VaDfCPuKOpCO9QSUNMHxnR4wOhJ8Hq4 w7763AX2CTkUGK1lXcoWbzbCb2+4uqXGMMpUPOzwghyBBNF8FXoH/fX6D0PqxOg0iiXMwlginby i3C4ls/tEBDORGQ== X-Google-Smtp-Source: AGHT+IH/xW0B9YTnUc6Tre/AN51y9XcCmjAIiRBOk0NtxIjZpkCE1FCgRSNgggbRuJfP/HCE+gF4FkdVm16wgQ== X-Received: from pjbqo8.prod.google.com ([2002:a17:90b:3dc8:b0:34c:3239:171f]) (user=jmattson job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:3c09:b0:349:2154:eef4 with SMTP id 98e67ed59e1d1-34f68b83d71mr15324988a91.5.1768264238794; Mon, 12 Jan 2026 16:30:38 -0800 (PST) Date: Mon, 12 Jan 2026 16:29:57 -0800 In-Reply-To: <20260113003016.3511895-1-jmattson@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260113003016.3511895-1-jmattson@google.com> X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog Message-ID: <20260113003016.3511895-3-jmattson@google.com> Subject: [PATCH 02/10] KVM: x86: nSVM: Add VALID_GPAT flag to kvm_svm_nested_state_hdr From: Jim Mattson To: Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Shuah Khan , Joerg Roedel , Avi Kivity , Alexander Graf , "=?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?=" , David Hildenbrand , Cathy Avery , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: Jim Mattson Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Now that the svm_copy_vmrun_state() copies the g_pat field, L1's g_pat will be stored in the serialized nested state. Add a 'flags' field to the SVM nested state header, define a VALID_GPAT flag, and start reporting this flag in the serialized nested state populated by KVM_GET_NESTED_STATE. Note that struct kvm_svm_nested_state_hdr is included in a union padded to 120 bytes, so there is room to add the flags field without changing any offsets. Signed-off-by: Jim Mattson --- arch/x86/include/uapi/asm/kvm.h | 3 +++ arch/x86/kvm/svm/nested.c | 1 + 2 files changed, 4 insertions(+) diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kv= m.h index 7ceff6583652..18581c4b2511 100644 --- a/arch/x86/include/uapi/asm/kvm.h +++ b/arch/x86/include/uapi/asm/kvm.h @@ -495,6 +495,8 @@ struct kvm_sync_regs { =20 #define KVM_STATE_VMX_PREEMPTION_TIMER_DEADLINE 0x00000001 =20 +#define KVM_STATE_SVM_VALID_GPAT 0x00000001 + /* vendor-independent attributes for system fd (group 0) */ #define KVM_X86_GRP_SYSTEM 0 # define KVM_X86_XCOMP_GUEST_SUPP 0 @@ -530,6 +532,7 @@ struct kvm_svm_nested_state_data { =20 struct kvm_svm_nested_state_hdr { __u64 vmcb_pa; + __u32 flags; }; =20 /* for KVM_CAP_NESTED_STATE */ diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index a0e5bf1aba52..ed24e08d2d21 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -1769,6 +1769,7 @@ static int svm_get_nested_state(struct kvm_vcpu *vcpu, /* First fill in the header and copy it out. */ if (is_guest_mode(vcpu)) { kvm_state.hdr.svm.vmcb_pa =3D svm->nested.vmcb12_gpa; + kvm_state.hdr.svm.flags =3D KVM_STATE_SVM_VALID_GPAT; kvm_state.size +=3D KVM_STATE_NESTED_SVM_VMCB_SIZE; kvm_state.flags |=3D KVM_STATE_NESTED_GUEST_MODE; =20 --=20 2.52.0.457.g6b5491de43-goog From nobody Sat Feb 7 22:21:02 2026 Received: from mail-pg1-f201.google.com (mail-pg1-f201.google.com [209.85.215.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 077F025DB1C for ; Tue, 13 Jan 2026 00:30:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768264242; cv=none; b=q9CqenNBXW5l2nR8YA6w0U4LUi7A0PUf6bdWj4hR6acjSHVUAL4uDSjv0VEabU2YZOb4q5y1bgGTZ2e72rOgJZp7k6MGqvIj0pRt5jh/3PXLqcka0TwjTbW2qT459vhjAmTtS3hmh63z/HO748yfmYThNfCqVZj2/slab5UkjXI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768264242; c=relaxed/simple; bh=M1xRSFeASAkknaHx2pD7yI5yUmeOGshWsf8idPh4hcM=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=feFji/n7S887UowBqvRP54IqsVv04kZz2qXgAOVXap1lYivlKkjUMUxfrQL7VKs1qNiE0fReZ5Ysv/XugatZvNehk/2u+8EmB2ySZi89JyQks8oQaTyw6vArMNkRY55XBhu0Q3N33vUuZmxiQx6bE4mtAIvJknBFPnSLpYYyodc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=e26MMq8R; arc=none smtp.client-ip=209.85.215.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="e26MMq8R" Received: by mail-pg1-f201.google.com with SMTP id 41be03b00d2f7-c52ff723c86so2731262a12.0 for ; Mon, 12 Jan 2026 16:30:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1768264240; x=1768869040; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=EZ8nfK2+WZxc9Tarbu87SXdhPaNlwTkuA+n1mGl2Olk=; b=e26MMq8RyOvo0TITp3N2aSfZehroBL8PZZS5f67cUKWqU5qBB0RlIhou5ydoTBkJ2P PL5R0BF5WfmIyl7YaxSLhYfu2hmQjrXEhjtDkmX8WBuCcAR1KCT7An50NmjE86KDLKqx YRZ+Uts37cuXSmt/nVWCeM2aR9g6y1r0/9iJfngHONr5JV48oXr85HYPkua2weGnxSYq fZ8bic2B4r6Rbwrenk/LNUQ/2A/10/Zj3P7FmTtwKqQjbzqvraiQts55Ga8VDOuLkBd4 XLDDDM0h2vFI9WBOohT18W9+MlhJfJMv1GK0pjMLFEJ5IoGJRdn3om2TL7+M9qnGf1ib 3p8Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768264240; x=1768869040; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=EZ8nfK2+WZxc9Tarbu87SXdhPaNlwTkuA+n1mGl2Olk=; b=RRh0K9AooUCiwpirU+47MzQ7heirKdSoCEMOV0ZIwNOzpRn2/1t3Jjp7mY7KvTPgSF 3+hmWiKXiMWxFRS7z6DoAYU/qBKJYdljqSNpyHOE0sb72OYu28HOSkxXgzZjI2QxpPhc vQ4R7QYgJoiICvKHKhFAkdhrKB8Bfq61nBdw2ujGsTQ4PIGz6oekiKJCIox7izlKp/QB fJFBBcX4zcveqtAZ0ndUCi+PTeuw/xVFmqKfd2xU0EnAwN/Qe8R5YHF0s5wCRMCe0alW GXZMyx2ab/hhmTtnMgncwGgCBOgiRbKdPae054Ijh/D4+tFSA4A4+IZ+2U4Oddg4ue5I 5rdw== X-Forwarded-Encrypted: i=1; AJvYcCV61LlFsDa4W0iTGH2PE7lLcJvR/Q52fkYtyHQFUjHLtTO7Pfrhub69wTay2b0IELwAKWl8gqo0H6GP3Bs=@vger.kernel.org X-Gm-Message-State: AOJu0YyuOawL1JXsSS2VIcmsb0pAaU4vNRe3RrK2UOdt5wDMNCVn0uEn nv7OefCq5hnl3GUkFZ69zFowpVXCRv0B0apwgPGqfhxzAYuLKI/Rm7DgdzbjF4LoHqYwrwtr755 OYoLlEQ8mgw8mrA== X-Google-Smtp-Source: AGHT+IGBTu0USgs2IgrjWM+0eXyI/OV+JqV+QgDXs3l8iQbP+Lx+Y73w7Vj4jyNs3uvcMuL5HfQ8ZuYHE8KWkg== X-Received: from plpv8.prod.google.com ([2002:a17:902:9a08:b0:2a3:c667:e0de]) (user=jmattson job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a20:2584:b0:361:3bda:7155 with SMTP id adf61e73a8af0-3898f8481dbmr17008611637.7.1768264240380; Mon, 12 Jan 2026 16:30:40 -0800 (PST) Date: Mon, 12 Jan 2026 16:29:58 -0800 In-Reply-To: <20260113003016.3511895-1-jmattson@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260113003016.3511895-1-jmattson@google.com> X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog Message-ID: <20260113003016.3511895-4-jmattson@google.com> Subject: [PATCH 03/10] KVM: x86: nSVM: Handle legacy SVM nested state in SET_NESTED_STATE From: Jim Mattson To: Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Shuah Khan , Joerg Roedel , Avi Kivity , Alexander Graf , "=?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?=" , David Hildenbrand , Cathy Avery , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: Jim Mattson Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Previously, KVM didn't record the vmcb01 G_PAT (i.e. the IA32_PAT MSR) in the serialized nested state. It didn't have to, because it ignored the vmcb12 g_pat field entirely. L1 and L2 simply shared the same PAT. To preserve legacy behavior, copy the current value of the IA32_PAT MSR to the location of the vmcb01 G_PAT in the serialized nested state. (On restore, KVM_SET_MSRS should be called before KVM_SET_NESTED_STATE, so the value of the shared IA32_PAT MSR should be available.) Signed-off-by: Jim Mattson --- arch/x86/kvm/svm/nested.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index ed24e08d2d21..c751be470364 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -1884,6 +1884,13 @@ static int svm_set_nested_state(struct kvm_vcpu *vcp= u, if (((cr0 & X86_CR0_CD) =3D=3D 0) && (cr0 & X86_CR0_NW)) goto out_free; =20 + /* + * If kvm_state doesn't have a valid saved L1 g_pat, use the + * PAT MSR instead. This preserves the legacy behavior. + */ + if (!(kvm_state->hdr.svm.flags & KVM_STATE_SVM_VALID_GPAT)) + save->g_pat =3D vcpu->arch.pat; + /* * Validate host state saved from before VMRUN (see * nested_svm_check_permissions). --=20 2.52.0.457.g6b5491de43-goog From nobody Sat Feb 7 22:21:02 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B81AC2727E2 for ; Tue, 13 Jan 2026 00:30:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768264244; cv=none; b=qELndYubPZHnXqS835U73M+64Lkr5f8ed3JQ9PdVb74La1Bc397Qe8/SHQ8D3Vs7F6idx1us+vEYWPw3tfbvecNUdfqFnKE6lFqI9pN9N6Ots2ABJ7RU4zcwluQIR83gf79yUTHMy42ezRRgD1I4z0Yfi4pNIyUqfR3aTApwjxk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768264244; c=relaxed/simple; bh=VkCjLytO1ux9i8uRqJqOp4y4po1Gg2Hc+qogiSAqt9g=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=PKSTbw3cWaJTLDNYR8Hz4dqrDA82oSOpTp8NRTsm/3IuQqaWNYSzqQXQrWae+ge0eulyIHLMWpC1/w4r0utISmm8QYxCye5icdxRbCLfG+yUDRtvjTN8HXD+nyODT8xS9oSVoDpqlYd7KRKTPSu4DH+yleeph69Q9QHjFudj/Ls= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=0B9k/6pi; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="0B9k/6pi" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-34c387d3eb6so5110645a91.2 for ; Mon, 12 Jan 2026 16:30:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1768264242; x=1768869042; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=ugtMeXQoG/v0gmSJ0kvlm0/hksPZ0j77UnWX+eyrz3Y=; b=0B9k/6piZusNp3ndTRRDmKtE+u2KbU5pt6QypwX4OMnbw9tPVUx+DC+K8mHhzEB8eV a07re7QBe2l41DgIVGueTX1/WXBUxm+WQpNqxLv1lzU9A9ofUNCNB7APJnHG7IUc+kLu HfWzLPtQC1fLYs4dzKKVNNjxws9WzE3le31Ujj8aPzRcCEiLxpRhDx+EmN0V0PIUbfCz nDPLAAJ0YBHlpL2b++IALna8c1LeBTXqdOML+rOUu0CqdHbV591ZNR7koNOCvHGHz4sf L4sVh4rb98bCahIhoVGaBADZROLrGHci2481TqFfm6/SRsha1jxog8XSSitcdsf1TD89 6Jgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768264242; x=1768869042; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ugtMeXQoG/v0gmSJ0kvlm0/hksPZ0j77UnWX+eyrz3Y=; b=Atf0MotXTH5jMvwdlWZYNvZ4nQ2Q7GWSD+uWZoePKQ6AaP5v8tHj+22byVUy1hO2dH UNbtY3Ikwd52NHqAfAJJVVLrBvFv9pyGfKStMO5QJCGwtiZaf8dO/AfHxCPMnVwVmKGf KXLneUelVISHAEBglVV6o+WM3fuBFHwMJ+6erW2TJaMnAtiSbVlRS56vDMJwEWjDYcK4 PrL56PuOZ9lgM1JDKg3IRL7v0RmwCKPsRSd4Bd8aLZf6DlhiFUSGAGjXbDwWPj/g91jy C18lmWFvP8Xl7/ZHb53xj29zgLTUwHNwebYHqhi7oSSkyKGx9rI+6Yu03ZFrOdH58wQ1 PTzQ== X-Forwarded-Encrypted: i=1; AJvYcCX+OJ2RH/Hkj/c4td5m5ajOaJ0+Lo1AeQU835n8kbatn0mCSJ2PvBH7Xj+RWKNwwxuRCxTlbzuCU6MeSt4=@vger.kernel.org X-Gm-Message-State: AOJu0YwBO+8dKzhxh8MMs+sH0QhX206/FASlKOyd4ywg5AC9F/oPKJVr QNyqrIeK0GvFREJO6XGBPB3AI9c5bXtqd6XVIr9xZ4V9z7Z4P29mSaDd1TBnq/raCrpqiJ+Fg9l RE3TtCh2ShzCoxg== X-Google-Smtp-Source: AGHT+IEccbNQ4GcGL8d7NNWxCrtOXIcCLpkLBB9GNgvN+JQUSY8qIxF0CgKlAWtcyBdkdr3anPQUtQ+G072f4Q== X-Received: from pjbfa5.prod.google.com ([2002:a17:90a:f0c5:b0:34c:bdf1:2a21]) (user=jmattson job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:2251:b0:33e:30e8:81cb with SMTP id 98e67ed59e1d1-34f68b65ff0mr15680469a91.13.1768264242031; Mon, 12 Jan 2026 16:30:42 -0800 (PST) Date: Mon, 12 Jan 2026 16:29:59 -0800 In-Reply-To: <20260113003016.3511895-1-jmattson@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260113003016.3511895-1-jmattson@google.com> X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog Message-ID: <20260113003016.3511895-5-jmattson@google.com> Subject: [PATCH 04/10] KVM: x86: nSVM: Restore L1's PAT on emulated #VMEXIT from L2 to L1 From: Jim Mattson To: Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Shuah Khan , Joerg Roedel , Avi Kivity , Alexander Graf , "=?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?=" , David Hildenbrand , Cathy Avery , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: Jim Mattson Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" KVM doesn't implement a separate G_PAT register to hold the guest's PAT in guest mode with nested NPT enabled. Consequently, L1's IA32_PAT MSR must be restored on emulated #VMEXIT from L2 to L1. Note: if L2 uses shadow paging, L1 and L2 share the same IA32_PAT MSR. Signed-off-by: Jim Mattson --- arch/x86/kvm/svm/nested.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index c751be470364..9aec836ac04c 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -1292,6 +1292,16 @@ int nested_svm_vmexit(struct vcpu_svm *svm) kvm_rsp_write(vcpu, vmcb01->save.rsp); kvm_rip_write(vcpu, vmcb01->save.rip); =20 + /* + * KVM doesn't implement a separate guest PAT + * register. Instead, the guest PAT lives in vcpu->arch.pat + * while in guest mode with nested NPT enabled. Hence, the + * IA32_PAT MSR has to be restored from the vmcb01 g_pat at + * #VMEXIT. + */ + if (nested_npt_enabled(svm)) + vcpu->arch.pat =3D vmcb01->save.g_pat; + svm->vcpu.arch.dr7 =3D DR7_FIXED_1; kvm_update_dr7(&svm->vcpu); =20 --=20 2.52.0.457.g6b5491de43-goog From nobody Sat Feb 7 22:21:02 2026 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2B84426F29B for ; Tue, 13 Jan 2026 00:30:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768264245; cv=none; b=eLJ7kOvYJAlXy7M3hVqVovx2UJvbsu7juB4F+GjvSZV2IAeVpj+Q4Z/P0e9mxSfdji3TM42tNBhfTpYi2MJVOOxLwy6misxX4tMxpm2CWsWgdZbuClqItjnnJJjhv77TBrN2v/i2Nt7ETl9u2IOhpM+ND1fWBK4h96yXZVtleKU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768264245; c=relaxed/simple; bh=BV4yn4uZgD22pI4OXIPgJursM5Yw9qJXgqtuIVOlWXI=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=iLOMIk4g9gUQPnpKbY+Kr0AIvKAYGbi+fAIOovhJfp6bmC7hgnlOEehNsKNIFHQHgoPazPc/KOskUTaLuME4VIvXGP9Si9l19raKD4hhRcIoX5GZn4uw8V50aTy9p1s5nxBJAPqXqMTGTlE0pNC4jHOEWOBECf0umn9Pq4yf9JE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=PlLv602+; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="PlLv602+" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-c551e6fe4b4so2077363a12.3 for ; Mon, 12 Jan 2026 16:30:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1768264243; x=1768869043; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=6fb2Z9AbVgMs6TJY4TZ71z6j+l7Y9Wd/VbX+6nslSBY=; b=PlLv602+j3BhfTrI5Prlo3JSwI1p4lDeRwY5QOX0hO9EO5NMHryCYxfyPQvTp3PnAA vSxR2CbhcYD7PxqJvxjoQgEMxrrujLXu5S1ifoqnCGooDoAe/ro2N1S/5PZhkgOww6Gk CAUFE0worDAJj92sjcC/he3/iK3R+DVInZdGZX2fxBCaDjSmATeXl9qswBkMgjiZdfBH lS+qNa69/f0jJQqjO2aQmEmPCwUqkFLhCKt/oS3A9qi81x2Wx4Cs7vSc/dyIjjK311D8 bHyP1KTeV1QG6aIgfFPtJNctqzvP42g95Fta17cCGKTYC2wbP1S0dYIWGjFJc9De5rOm SzxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768264243; x=1768869043; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=6fb2Z9AbVgMs6TJY4TZ71z6j+l7Y9Wd/VbX+6nslSBY=; b=ePf2p9DoOCUZdzXeUndvvacBHBfqzg6xtgXNhOpyOXMgF70u+QU9zHC48CUpAy462F TPs0BCkmA+Ci5Ifd9QlsJWxs8O6zfbBB4VKHT6wLq3w9lrlH/C8yFOl5M+JiRAAeMaam xxQuSAQcJOFk8ZbNautOYd9Lf9BlWCS9EzFqnzt9DH6B8ajtjFrIgN99IZKkGAPCZIwg TkuV+yPqJUT8sUH3xJiaMsIa0bPGS7YDlbOk9ZJB6j6Hx7WeAS/Qa+c3K9knJmm1WqqD A64stkc/H7Xa8WjRYXDtXAmAhJ6zaRskbaFCKHfhSZ2fw1A0ISaUDqEDrblRAjlzuHni GwyQ== X-Forwarded-Encrypted: i=1; AJvYcCVFhYcO+K2b/6Y1KnkFbekFX/8GuFtGgaT9UduyUKx8PICO4e2oJY9OVko3/fXmVLOykTKLE0q8Bdjw0SE=@vger.kernel.org X-Gm-Message-State: AOJu0YwuF8vfzF0AK45JIzh5ZyTFFxy3b8fwaQXeVJ++I3MYLYKAxM94 YI+9AMG3lJpW0i/1647CSjgJG5usLb6vEGpCaMJBVcqEG9JHcxd+3974MBvZiAFoiAG2qsZDWP+ y+yrk1Er3XK/iHA== X-Google-Smtp-Source: AGHT+IEi1EtH6A0ZdyIGNglJfjm/gcYEekRFqMDdkAJ75tY+z3Sz51psYSn3Yg2rlzFiSIyo8YCI7Muvi3kfwA== X-Received: from pgdg6.prod.google.com ([2002:a05:6a02:51c6:b0:c0e:5fe1:6295]) (user=jmattson job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a21:99a9:b0:384:d0be:9f7c with SMTP id adf61e73a8af0-3898f9b9442mr17140251637.39.1768264243374; Mon, 12 Jan 2026 16:30:43 -0800 (PST) Date: Mon, 12 Jan 2026 16:30:00 -0800 In-Reply-To: <20260113003016.3511895-1-jmattson@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260113003016.3511895-1-jmattson@google.com> X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog Message-ID: <20260113003016.3511895-6-jmattson@google.com> Subject: [PATCH 05/10] KVM: x86: nSVM: Cache g_pat in vmcb_save_area_cached From: Jim Mattson To: Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Shuah Khan , Joerg Roedel , Avi Kivity , Alexander Graf , "=?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?=" , David Hildenbrand , Cathy Avery , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: Jim Mattson Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The g_pat field from the vmcb12 save state area must be validated. To accommodate validation without TOCTTOU issues, add a g_pat field to the vmcb_save_area_cached struct, and include it in the fields copied by __nested_copy_vmcb_save_to_cache(). Fixes: 3d6368ef580a ("KVM: SVM: Add VMRUN handler") Signed-off-by: Jim Mattson --- arch/x86/kvm/svm/nested.c | 2 ++ arch/x86/kvm/svm/svm.h | 1 + 2 files changed, 3 insertions(+) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 9aec836ac04c..ad9272aae908 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -506,6 +506,8 @@ static void __nested_copy_vmcb_save_to_cache(struct vmc= b_save_area_cached *to, =20 to->dr6 =3D from->dr6; to->dr7 =3D from->dr7; + + to->g_pat =3D from->g_pat; } =20 void nested_copy_vmcb_save_to_cache(struct vcpu_svm *svm, diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 7d28a739865f..39138378531e 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -145,6 +145,7 @@ struct vmcb_save_area_cached { u64 cr0; u64 dr7; u64 dr6; + u64 g_pat; }; =20 struct vmcb_ctrl_area_cached { --=20 2.52.0.457.g6b5491de43-goog From nobody Sat Feb 7 22:21:02 2026 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8212827F163 for ; Tue, 13 Jan 2026 00:30:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768264246; cv=none; b=iM3m6/3SQnemDz9fB0ibRuKJoyrLR+LtV/DOVs39LKV0BDS9y2n+PGvbx8zAxJhONOr2st0e08oez4CL7IIKYLpGRNeqjsa4xMDvy2pA5K7R3YZQNWXyVOQMt6bmyxZBJZSB0Hz52EVO8Unq+oClkyn7xmklXbvDUjx+V+5kyfo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768264246; c=relaxed/simple; bh=8ohubJfSSIGOHbF9QvJ9OM9WGWtPjCtGiMvy3iiTUfs=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=FThJoDbowyMuGhb/C1EvxRDP3GxjhaX8skJACdqpVSkdX/uuoKwCODPnEIUVU79VfPsFOxDpjf3ZgAsHCGnd/RBf3SELD/fVrBHGQYudcx5AzSfQ2eGyZZnTR+xvV9crZuX4xM0NxXbGU348EaVA8qN3NzaOETdj/cK771ZYcC0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=bKOIwGp5; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="bKOIwGp5" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-2a13cd9a784so61731715ad.2 for ; Mon, 12 Jan 2026 16:30:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1768264245; x=1768869045; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=V759ctxKOPBWxlGUqocasSXfPjVLuxnctmfzspXRRJ4=; b=bKOIwGp58DVDRdFew+B9JNZ+jwgY7ie8iBpSQUgybMS0ISyy18eVoLfU7yy0fb+ij5 txlI6O7+uXKUk3XrEdf+SrNdzW7n2AtEDRRTtFrlDtwD5A8gnjG/5lOAy/TR8QHT5Npb oXCOac7H2VR3tuVDLqW+AAyr2KE2HGnwdN6+1W+f4fZOtVZa6FLyiP++V8J3gXn6m7fW QKel6/z5neeF2u3PA6fc/r5/qQR3q5h1175L+Cn8zFrbD1UH/1q2mvnO903pYrfO/M1c SiwlDW8KyZBhgBV+4LRGY1dcC61Xf4gWegt2/DHwJd2041ADHT00oMyo4NjadhzOm1bT xdlg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768264245; x=1768869045; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=V759ctxKOPBWxlGUqocasSXfPjVLuxnctmfzspXRRJ4=; b=Q4+m7eb9O2T8+fQ/hOebHxwOWVn3FZHW4lkzYQxExiazXcOQNvE0tnf4rovZcae0Kd /BHYWMqD6ZQYIFGn2+8Qt5RkBSCtx9os/54MeEy32SE9vhNFvQ8gCnwHE1khlpZdzAY7 gfgw5wN8/lH7wgd5OMILO9NuFftfb+gBe6CefK64+Ff/CC/uC0KwtXZlKvW8M1ojg6VZ 2fHW09w+Qcr/doiLG6hhE+EY4M7BPOmsSyLEcIWivSjFZ7W/g3eqwD67BWppC6dMpuP2 NEag7eX/rIsEF1e/5Moh0Nlgv56fykrdLI7xheKcDbKO27SJxNTXWMrh7w4FRTszW3tt Hb8A== X-Forwarded-Encrypted: i=1; AJvYcCV8Uwwcy+EZCUi0hco5lpD9/q2ga+KpneNwV3OYW8HnsPwzUvgBU6enBSdT7kiWGZCAdMjkEwTWKRYg+p4=@vger.kernel.org X-Gm-Message-State: AOJu0Yz8EOvfUZ4m3Za2IJ+t0Su0Gu+DXbfcnxF87i+5iEk29B50Aty6 gr17BUKOboNZRXydhSFTGh4ZOeWEoNC+3iWdWa3nWZZ3KT5+k1ljdvZ1HDK7az2car2Fr+yvsPX jxmm0q2xCcRhP5g== X-Google-Smtp-Source: AGHT+IG18O1vEYIIlSpSnJ0FYZsqsE17F4nPDlHh9RJI1lHPIQGjp9YKBIaGBb4woEZ+NfAfrwtFxg7I+F1J5w== X-Received: from plly13.prod.google.com ([2002:a17:902:7c8d:b0:295:16a7:a285]) (user=jmattson job=prod-delivery.src-stubby-dispatcher) by 2002:a17:903:46cc:b0:2a2:d2e8:9f2d with SMTP id d9443c01a7336-2a3ee4ab671mr201515325ad.48.1768264244752; Mon, 12 Jan 2026 16:30:44 -0800 (PST) Date: Mon, 12 Jan 2026 16:30:01 -0800 In-Reply-To: <20260113003016.3511895-1-jmattson@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260113003016.3511895-1-jmattson@google.com> X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog Message-ID: <20260113003016.3511895-7-jmattson@google.com> Subject: [PATCH 06/10] KVM: x86: nSVM: Add validity check for VMCB12 g_pat From: Jim Mattson To: Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Shuah Khan , Joerg Roedel , Avi Kivity , Alexander Graf , "=?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?=" , David Hildenbrand , Cathy Avery , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: Jim Mattson Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When nested paging is enabled for VMCB12, an invalid g_pat causes an immediate #VMEXIT with exit code VMEXIT_INVALID, as specified in the APM, volume 2: "Nested Paging and VMRUN/#VMEXIT." Fixes: 3d6368ef580a ("KVM: SVM: Add VMRUN handler") Signed-off-by: Jim Mattson --- arch/x86/kvm/svm/nested.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index ad9272aae908..501102625f69 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -369,7 +369,8 @@ static bool __nested_vmcb_check_controls(struct kvm_vcp= u *vcpu, =20 /* Common checks that apply to both L1 and L2 state. */ static bool __nested_vmcb_check_save(struct kvm_vcpu *vcpu, - struct vmcb_save_area_cached *save) + struct vmcb_save_area_cached *save, + struct vmcb_ctrl_area_cached *control) { if (CC(!(save->efer & EFER_SVME))) return false; @@ -400,6 +401,10 @@ static bool __nested_vmcb_check_save(struct kvm_vcpu *= vcpu, if (CC(!kvm_valid_efer(vcpu, save->efer))) return false; =20 + if (CC((control->nested_ctl & SVM_NESTED_CTL_NP_ENABLE) && + npt_enabled && !kvm_pat_valid(save->g_pat))) + return false; + return true; } =20 @@ -407,8 +412,9 @@ static bool nested_vmcb_check_save(struct kvm_vcpu *vcp= u) { struct vcpu_svm *svm =3D to_svm(vcpu); struct vmcb_save_area_cached *save =3D &svm->nested.save; + struct vmcb_ctrl_area_cached *ctl =3D &svm->nested.ctl; =20 - return __nested_vmcb_check_save(vcpu, save); + return __nested_vmcb_check_save(vcpu, save, ctl); } =20 static bool nested_vmcb_check_controls(struct kvm_vcpu *vcpu) @@ -1911,7 +1917,7 @@ static int svm_set_nested_state(struct kvm_vcpu *vcpu, if (!(save->cr0 & X86_CR0_PG) || !(save->cr0 & X86_CR0_PE) || (save->rflags & X86_EFLAGS_VM) || - !__nested_vmcb_check_save(vcpu, &save_cached)) + !__nested_vmcb_check_save(vcpu, &save_cached, &ctl_cached)) goto out_free; =20 =20 --=20 2.52.0.457.g6b5491de43-goog From nobody Sat Feb 7 22:21:02 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 052642868B5 for ; Tue, 13 Jan 2026 00:30:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768264248; cv=none; b=ZBXAGQCZKbYqeDZMQPcFYfzJ1hRO0mXeqKiRYeoLAcpJGVjlNiXR7DbTu6ztnnAshrnabSpZ2RgMz2YSZMUmaGU5yE/pEeXWGlPZ0exApGkHL6uKddL9gaBaHECFpj851WERk1veiZrotqXs+gR6e/rtgxlDz/sD1rAZANLA7jk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768264248; c=relaxed/simple; bh=hX4XPV9AeeVtqdf1qUwScjy5RPlzHKp24xAasklIFrU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=ue7x8NvOh5F5MMtjyWYX4o3SDuyCsVT4H7MMBhNU6qS8Sg+Let0Ju8FE8O5wWvwkwuihHC4JYDHdJPjCv6VGUYqAbc1oRVfiAb6jRIT8MNkG3F/iMPOVo4oQnAuKE3oZszQt3GZvJdW69I2dYAK10uDngO+IJcGkAAahRFg15Sw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=kUF2KvF0; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="kUF2KvF0" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-34c21341f56so14157999a91.2 for ; Mon, 12 Jan 2026 16:30:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1768264246; x=1768869046; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=6EcXdxHH4rwGl4QLydVFW9PObH3AsANvQWjOw22pmtw=; b=kUF2KvF0XYoZhiJ5VJMUG5IpgxcxdTRZn4DfrkSWK+1KRrvP+TA0AhxsKPWyi/bSPZ jNDHmj3/831EXUfnduxLAx78bWs5rhaa6sYQE7gZMn1MmFuKBCanY0PyZemiiRYjM45Z f/x3th3MH/W8Jgh/ldiBNcXCzM7szao/KVpm12AWmLuoI9s805hUSy4hyr6P+pxl2PwM cHfb9aFKgsSnvzFAlpjjy5z/8ugwOyGpe1JJAESln0v3MM37AYC0Z4EDuhr40cAlKIAv 20Nc2+5dysKmqOdtyF9lt+wbXVjLaRYbfxRQxqTCG1PXKgBREp93T259wIJyNak7ysjP Uymw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768264246; x=1768869046; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=6EcXdxHH4rwGl4QLydVFW9PObH3AsANvQWjOw22pmtw=; b=r1CBbUEiE1ZBTbEKn8RZ5Gg2rk7jBPOisIqo/aMk21KnpoY5+tk472aZ1/2AZOnWbC pdqoBAL7+bEvhtJ3i5H+nTBg6vUF/ITtE34Lcc58+3YhMbvqdoWVFJhHjwSXDlv8Pa0a DllM6PdZpV6T2h15ynbVAmIC3q6SE8Ft95SaGMbtadbDtUdkok+KnRSlbo35osQValp0 IUMcvJdmbxSSKubwXRmufGckpFJ7wryNkp7eWToaEDLYcUaty9QKWhaFRyBrDbg1X1R/ XFksxOktkLa2bNWb40MhllI/bVVWGA5edOCxIDpXTqmQ6Du6GsvFn75peAxGnSwcChYu farw== X-Forwarded-Encrypted: i=1; AJvYcCWSQNXVli9mfxR8QNfiXdX33mvbrtyVZtdTOmD6QZMpLEKBXFIuZLrpIj4Uvtp+8DXW1Ocp0JN81Vn5kB8=@vger.kernel.org X-Gm-Message-State: AOJu0YwSde38VqfEmBfphfauiFiAHdgcoXEU5zWqLvL60CpWZ9A6g/9b 1qiIcUkBDpKnjsSMKEoK0O6IP24+3frMZ9VybRjwzTONrSg3dE+dv7A1RPTWkcFI/5TXhzQk1W4 ke+eNjJGePdQE4w== X-Google-Smtp-Source: AGHT+IFhcO4kGUHRcas1ziWGAEnxOQWCZYsu3xXdMqr8zv3PecxeckJ8llCyD0ioPh/h/8s0btpYHCooQHVdTQ== X-Received: from pjqz12.prod.google.com ([2002:a17:90a:b10c:b0:34c:2156:9de7]) (user=jmattson job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:4a07:b0:339:ec9c:b275 with SMTP id 98e67ed59e1d1-34f68c308camr18893414a91.6.1768264246387; Mon, 12 Jan 2026 16:30:46 -0800 (PST) Date: Mon, 12 Jan 2026 16:30:02 -0800 In-Reply-To: <20260113003016.3511895-1-jmattson@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260113003016.3511895-1-jmattson@google.com> X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog Message-ID: <20260113003016.3511895-8-jmattson@google.com> Subject: [PATCH 07/10] KVM: x86: nSVM: Set vmcb02.g_pat correctly for nested NPT From: Jim Mattson To: Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Shuah Khan , Joerg Roedel , Avi Kivity , Alexander Graf , "=?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?=" , David Hildenbrand , Cathy Avery , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: Jim Mattson Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When nested NPT is enabled in VMCB12, copy the (cached and validated) VMCB12 g_pat field to the IA32_PAT MSR and to the VMCB02 g_pat field. (The latter can be skipped if the VMCB02 g_pat field already has the correct value.) When NPT is enabled, but nested NPT is disabled, copy L1's IA32_PAT MSR to the VMCB02 g_pat field (L1 and L2 share the same IA32_PAT MSR in this scenario). When NPT is disabled, the VMCB02 g_pat field is ignored by hardware. Fixes: 15038e147247 ("KVM: SVM: obey guest PAT") Signed-off-by: Jim Mattson --- arch/x86/kvm/svm/nested.c | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 501102625f69..90edea73ec58 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -656,9 +656,6 @@ static void nested_vmcb02_prepare_save(struct vcpu_svm = *svm, struct vmcb *vmcb12 struct vmcb *vmcb02 =3D svm->nested.vmcb02.ptr; struct kvm_vcpu *vcpu =3D &svm->vcpu; =20 - nested_vmcb02_compute_g_pat(svm); - vmcb_mark_dirty(vmcb02, VMCB_NPT); - /* Load the nested guest state */ if (svm->nested.vmcb12_gpa !=3D svm->nested.last_vmcb12_gpa) { new_vmcb12 =3D true; @@ -666,6 +663,26 @@ static void nested_vmcb02_prepare_save(struct vcpu_svm= *svm, struct vmcb *vmcb12 svm->nested.force_msr_bitmap_recalc =3D true; } =20 + if (npt_enabled) { + if (nested_npt_enabled(svm)) { + /* + * KVM doesn't implement a separate guest PAT + * register. Instead, the guest PAT lives in + * vcpu->arch.pat while in guest mode with + * nested NPT enabled. + */ + vcpu->arch.pat =3D svm->nested.save.g_pat; + if (unlikely(new_vmcb12 || + vmcb_is_dirty(vmcb12, VMCB_NPT))) { + vmcb02->save.g_pat =3D svm->nested.save.g_pat; + vmcb_mark_dirty(vmcb02, VMCB_NPT); + } + } else { + vmcb02->save.g_pat =3D vcpu->arch.pat; + vmcb_mark_dirty(vmcb02, VMCB_NPT); + } + } + if (unlikely(new_vmcb12 || vmcb_is_dirty(vmcb12, VMCB_SEG))) { vmcb02->save.es =3D vmcb12->save.es; vmcb02->save.cs =3D vmcb12->save.cs; --=20 2.52.0.457.g6b5491de43-goog From nobody Sat Feb 7 22:21:02 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7F039288C0E for ; Tue, 13 Jan 2026 00:30:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768264250; cv=none; b=dDrbNPvfzNgpq5wGbzxtZPxjobmH+I1p4HDYv3TEa0Hjw49X8BrW5Fcd6cT1m/Qg/+lFqHZoF1CuVq3Olt22EosS+ppQIL7HYU/CeAi1Cmtu2UN7/AS1s5YV6L6t2EsqF8WFsbjOYmkw9qHtGVaA7Entq/K063ujCqBCJF0FpHE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768264250; c=relaxed/simple; bh=GXNfsZodxJg18lIVOowWLOQoXl4JDdLPRWwv0h+oAGg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=UcrJNwawgu84xf11RSw49qU47mAZM/cZmuQhkAIuykY/UIPHee5dPq/zcUKq94E4ssMAKe5BcOYzyasJZl4GrkUz7ea0NjU565c9NvrffsxLk/H5go1XfTTkB56qTgiA/Ehf0AvzEAXTtwykGUBtVy3OaSpOqC/4rTpuTDyVJE8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=WiRo5sbL; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="WiRo5sbL" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-34abd303b4aso14221001a91.1 for ; Mon, 12 Jan 2026 16:30:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1768264248; x=1768869048; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=0BxdR1vY6NdM1JiLZatN+UvPHxnxGanJUBcgu7o+uIY=; b=WiRo5sbLe/QeNo75WnxGMf8App4wa0u+6MCzq41PgiKeaB1FH3xf/wxM15+wJhhlUJ 7J5sKH96zvyaVK+zw6ru7Xe57x8ph/v0hrmnYbY9x3h1tspdDoyJIGemq1NJsScThkfY w+ikfcuZxqU+8e1u7aKFJ15/Eq4kPcClD2OxyzpDzwzvRoruCjDBgoGsOiCZXOCO+OMu 7QeYuhR1c5v4d5t/M0DxAwGoEhu6GbhviCQYwJZiGTDQ4q59Lp+Xu/YBHGRwU70sSzaC k7rhCV0l78UtjU9CNNPKxJnVzkbIS81CPsVLWFuFXY3UuilFrpNOIkn++cLSr/AyY/u7 WoQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768264248; x=1768869048; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=0BxdR1vY6NdM1JiLZatN+UvPHxnxGanJUBcgu7o+uIY=; b=k+woXFRRCgbc6Jhi9+zm4kzXe/WI6hZHNG/gJdmTMchSdzklqtjGUXzGd9eJBs+ID9 MTwrwcuEwV4fx5vNc+Ylgd9OHcJ/zAzoXkOi8OjGrMeW4L+ppn2hdPne+V6TVYhPAL1E 25JxFBvNach9ex14y4c5Lh3zDmtMHf+qpPuAWlesIn0FOZfbpdrNvasFBnST1jrdbtGg mpjxSBRLUUySADvAogNSov5QM8MSZDd6GJ65vyaMzYKRhGuxAhfsNey9ezG+xNeUIjRz Q3LDzt/DVmKio9uOHRSbJt6aEZxhNnTJYzFaRX12oFj+RXwb7QCPHBpbctVuGJoS778q KIeg== X-Forwarded-Encrypted: i=1; AJvYcCV14NL1WonmzElRkx2qqFBVDJyB3tmvAC6Zp7yoPNdlf7sFA9BFyjg7SqboqK2VACh5Q4pnW/gjndPJqj4=@vger.kernel.org X-Gm-Message-State: AOJu0Yzcu3t1ORuxvArBE9KcIOauK4bdM81hkV5yqdOns1kHB+Z+WR+W 7FuYNyUYBgLwxcBHkOMNiffaUgMOF+HFLmpGjhVkGNcnhqapd6J77WR6SQvqTBCfbsYZkmNiq+G xmEQ30lxry5q0Xw== X-Google-Smtp-Source: AGHT+IHe5+A3CkmMwfa6NX/c/y3dmZRsvN4fz2G+7h6Oyq2lMwLT16xSzZnTnDPJSkfFMjPIdXJMlR/jIYa48w== X-Received: from pjok19.prod.google.com ([2002:a17:90a:9113:b0:34c:5a1b:47fb]) (user=jmattson job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:5708:b0:340:bde5:c9e8 with SMTP id 98e67ed59e1d1-34f68cbe5c9mr16431579a91.22.1768264247741; Mon, 12 Jan 2026 16:30:47 -0800 (PST) Date: Mon, 12 Jan 2026 16:30:03 -0800 In-Reply-To: <20260113003016.3511895-1-jmattson@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260113003016.3511895-1-jmattson@google.com> X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog Message-ID: <20260113003016.3511895-9-jmattson@google.com> Subject: [PATCH 08/10] KVM: x86: nSVM: Save gPAT to vmcb12.g_pat on emulated #VMEXIT from L2 to L1 From: Jim Mattson To: Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Shuah Khan , Joerg Roedel , Avi Kivity , Alexander Graf , "=?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?=" , David Hildenbrand , Cathy Avery , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: Jim Mattson Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" According to the APM volume 3 pseudo-code for "VMRUN," when nested paging is enabled in the VMCB, the guest PAT register (gPAT) is saved to the VMCB on #VMEXIT. KVM doesn't implement a separate gPAT register. Instead, the guest PAT is stored in the IA32_PAT MSR while in guest mode (L2) and nested NPT is enabled in vmcs02. Save the current IA32_PAT MSR to the vmcb12 g_pat field on emulated #VMEXIT from L2 to L1. Fixes: 15038e147247 ("KVM: SVM: obey guest PAT") Signed-off-by: Jim Mattson --- arch/x86/kvm/svm/nested.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 90edea73ec58..5fbe730d4c69 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -1197,6 +1197,15 @@ int nested_svm_vmexit(struct vcpu_svm *svm) vmcb12->save.dr6 =3D svm->vcpu.arch.dr6; vmcb12->save.cpl =3D vmcb02->save.cpl; =20 + /* + * KVM stores the guest PAT in the IA32_PAT register while in + * guest mode with nested NPT enabled (rather than in a + * separate G_PAT register). Hence, the IA32_PAT MSR is stored + * in the VMCB12 g_pat field on #VMEXIT. + */ + if (nested_npt_enabled(svm)) + vmcb12->save.g_pat =3D vcpu->arch.pat; + if (guest_cpu_cap_has(vcpu, X86_FEATURE_SHSTK)) { vmcb12->save.s_cet =3D vmcb02->save.s_cet; vmcb12->save.isst_addr =3D vmcb02->save.isst_addr; --=20 2.52.0.457.g6b5491de43-goog From nobody Sat Feb 7 22:21:02 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4DF5D29993A for ; Tue, 13 Jan 2026 00:30:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768264251; cv=none; b=UNqnXR8vRLxU4bLbMmJxUMNsU/BSR4eg/z9GMJzfl5Esz59Z+798W0s5u/ErsuiXRQsXqcXu4tON915M+Z/KNe3aASzmYs/SJ6OKX72Rn1WzmEh6Gngs8KoxlvRIehjd4y2NPD/1LnSMB/Tcoe3ZT8XJuSwgc9DCFXHxqGOyN5k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768264251; c=relaxed/simple; bh=EGhyQwSph0LzMgiu5B+EdES+A6XGxqVH3cwlp19V2xg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=HdQbGm7a52vEM+bcQGh3CXsZ61DLwI6m4Dy1idChDA99DyrSEhiSP+BLfpN6F02k6auqeKvBMHQcQ5nN/Hd5M1fltX0dZrXXlIB3LO9Mi3OMjaUxBXVc2GXx+7ykIaPfskjTFVcP/mWX3Wer3pV4v9vQzdK98XWLlY4zCrOFRdo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=DIddksou; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="DIddksou" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-34c6e05af3bso7565538a91.3 for ; Mon, 12 Jan 2026 16:30:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1768264250; x=1768869050; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Qqn3ma3gV+5ioOHZfJQ8oXgHLrZbIOMhZwVIPABgW6A=; b=DIddksoudFL4zcnRN89gCFST/pwBkXl0yy4NI3kwxlKEZvEmafi0tFy6YN5UNndSq5 hkjVkYZLRFeUAqDxK6Jpj+TQXKcVMsYmV2hjq8mT7ETU6sC52sqQ5NcONSTWzlWCJzgF D/yR9N7VzxegAiUSEp7HvhEYv7/MsuA1QGaoSPx8XrflNyb+zzdBznifX48C6YhUt2CF QjJCUXyBAoJP0ct2zdZY/avdvVnTCEXKZPN6z6m14WIMZp6gaSN+VGPpoqeOz0+27RlQ 6JTA1kpgTYaIUleVctpZ8IEFT5S8Ejbte33F+kP4FQ1zhw9PV0r3B3aodiYfd1FJ4EKC EShw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768264250; x=1768869050; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Qqn3ma3gV+5ioOHZfJQ8oXgHLrZbIOMhZwVIPABgW6A=; b=WYS22BkPQ2PwypF94c8URFk19UWYjIVBopB21XcRQpMwl/mmj14VflmQl1mYKQNwlO qHBz4rIsFQ5seL5doS4VIPgMJIbpUu4kd6/exy+kVOPvmnpar4763xDtfCBPdjzZsWW3 GKcRc9v+/k0BUZNil83OBh4bOMjAa4l6Yx4nk1i/qvEsvyNvelyeqCx59Q3zyXiHANdw UD0UIcV8Omu6OgMYiNxqtFFi5AvcaPJCclIBcjJy7RkEwXChrjPbT+nQ5m0Jhn008eVK 2bAWbNEi7PsUxIIMaSSN7t/j5ImD5l6tC1spCmIpqxoEg2JWhNnuYFUq4ogTGrFPDZDI 4MuQ== X-Forwarded-Encrypted: i=1; AJvYcCWZ2erWbty7XdJtew6DlVT++EBm9WdhbBoSCl6HYp+OhjMNH7nqk7V3jrc7jPBdyOBXKvz3aXM1whwblfY=@vger.kernel.org X-Gm-Message-State: AOJu0Yxy7XXoiOLin5xbI3733yY/gBk7qSuOh06BQe8/Fowr+TPQC97o 1te7Q7432dXCeoORw3QrrdJS7dVp4yyQH908LiF/eQjGMu6Vt3kM0z5ncbDxLVKwRIG7D+/clT+ AR1PBGU/bxhwgRg== X-Google-Smtp-Source: AGHT+IFLNcKt2ozNKiFnGj+m7CgeLyZoO/CQAR137NPaSy1m6tiz+vtzOJT1hpH0lebhCAthvpqABnxiKLxxxg== X-Received: from pjua12.prod.google.com ([2002:a17:90a:cb8c:b0:34c:d212:cb7f]) (user=jmattson job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:2f0b:b0:343:c3d1:8b9b with SMTP id 98e67ed59e1d1-34f68c00b4bmr16640913a91.19.1768264249644; Mon, 12 Jan 2026 16:30:49 -0800 (PST) Date: Mon, 12 Jan 2026 16:30:04 -0800 In-Reply-To: <20260113003016.3511895-1-jmattson@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260113003016.3511895-1-jmattson@google.com> X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog Message-ID: <20260113003016.3511895-10-jmattson@google.com> Subject: [PATCH 09/10] KVM: x86: nSVM: Fix assignment to IA32_PAT from L2 From: Jim Mattson To: Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Shuah Khan , Joerg Roedel , Avi Kivity , Alexander Graf , "=?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?=" , David Hildenbrand , Cathy Avery , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: Jim Mattson Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In svm_set_msr(), when the IA32_PAT MSR is updated, up to two vmcb g_pat fields must be updated. When NPT is disabled, no g_pat fields have to be updated, as they are ignored by hardware. When NPT is enabled, the current VMCB (either VMCB01 or VMCB02) g_pat field must be updated. In addition, when in guest mode and nested NPT is disabled, the VMCB01 g_pat field must be updated. In this scenario, L1 and L2 share the same IA32_PAT MSR. Fixes: 4995a3685f1b ("KVM: SVM: Use a separate vmcb for the nested L2 guest= ") Signed-off-by: Jim Mattson --- arch/x86/kvm/svm/nested.c | 9 --------- arch/x86/kvm/svm/svm.c | 14 +++++++++++--- arch/x86/kvm/svm/svm.h | 1 - 3 files changed, 11 insertions(+), 13 deletions(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 5fbe730d4c69..b9b8d26db8dc 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -640,15 +640,6 @@ static int nested_svm_load_cr3(struct kvm_vcpu *vcpu, = unsigned long cr3, return 0; } =20 -void nested_vmcb02_compute_g_pat(struct vcpu_svm *svm) -{ - if (!svm->nested.vmcb02.ptr) - return; - - /* FIXME: merge g_pat from vmcb01 and vmcb12. */ - svm->nested.vmcb02.ptr->save.g_pat =3D svm->vmcb01.ptr->save.g_pat; -} - static void nested_vmcb02_prepare_save(struct vcpu_svm *svm, struct vmcb *= vmcb12) { bool new_vmcb12 =3D false; diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 7041498a8091..74130d67a372 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2933,10 +2933,18 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struc= t msr_data *msr) if (ret) break; =20 - svm->vmcb01.ptr->save.g_pat =3D data; - if (is_guest_mode(vcpu)) - nested_vmcb02_compute_g_pat(svm); + if (!npt_enabled) + break; + + svm->vmcb->save.g_pat =3D data; vmcb_mark_dirty(svm->vmcb, VMCB_NPT); + + if (!is_guest_mode(vcpu) || nested_npt_enabled(svm)) + break; + + svm->vmcb01.ptr->save.g_pat =3D data; + vmcb_mark_dirty(svm->vmcb01.ptr, VMCB_NPT); + break; case MSR_IA32_SPEC_CTRL: if (!msr->host_initiated && diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 39138378531e..b25f06ec1c9c 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -801,7 +801,6 @@ void nested_copy_vmcb_control_to_cache(struct vcpu_svm = *svm, void nested_copy_vmcb_save_to_cache(struct vcpu_svm *svm, struct vmcb_save_area *save); void nested_sync_control_from_vmcb02(struct vcpu_svm *svm); -void nested_vmcb02_compute_g_pat(struct vcpu_svm *svm); void svm_switch_vmcb(struct vcpu_svm *svm, struct kvm_vmcb_info *target_vm= cb); =20 extern struct kvm_x86_nested_ops svm_nested_ops; --=20 2.52.0.457.g6b5491de43-goog From nobody Sat Feb 7 22:21:02 2026 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C6EB1299922 for ; Tue, 13 Jan 2026 00:30:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768264253; cv=none; b=HSiC+N07zCL13kZN9dRdHFnuXNvIpBssBNu+byKQo3Pdl46xAhReYIB3NSGNQPiDiP/4HlM1odfi2mx0fmKrGyigwQHEgOfK//V82NDAClX/IJ/GRnUzuTwD6LX/vy/PvPuIsHpb9jRvT5qTxvOYtgtVcQ+NnDCvzgli17MIeYk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768264253; c=relaxed/simple; bh=hGCiSkk2EBolZustVaOiP+LECc3YnfEYNit5uAIwZnA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=XI4wRUm/HMnz2J2uByNL9L2WO2l9dZdfnOjO/4m9h9uPlTy6KWsGy2z36x9WOFISpUis504l2hdnzpXWJ1OaWGltrh8TBMu4yUBxEF72WpQCeR5kSKFt30gPGZZhbyyIFN05nSgaBkyNkZsb3pOj4+ZE5N9DvmnOgsZkXtl4Xac= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=4b4D5+Mm; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="4b4D5+Mm" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-b630753cc38so2592012a12.1 for ; Mon, 12 Jan 2026 16:30:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1768264251; x=1768869051; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=5ef4zDaW2cBltnSPT5RcXJcjwf9gVDFkqnQzUcvdCBs=; b=4b4D5+MmH4tmp6+7sPutfZHrisj7xyETVTpf80mRj8Rzf7I9h8VTQ8PepXURo+Nab8 1sLHY52O0tyMYrpme3OL+HiX3Zsnx58HB7wqLEKInz4CeETteQSLX3++1LumzEHVBkp+ 2fzcRqL96YmCvG1085bjrzGX2aEsa/IXBaECChFKGlWpVjZyu1hNjSwpU40RGF7A4QU0 td3cg/jMOTjGXI3Z+ojny37QUbVbhro1boPso/kR2qwYv4l1BpGaaUPh8qBMP0o6D+9o kn8TVlXS4HhW9lNtUKv16kgNZT7c+H2qdLiwUp15cIPPej5W0Qh4pmIqvsDp5/uvlnQr oXVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768264251; x=1768869051; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=5ef4zDaW2cBltnSPT5RcXJcjwf9gVDFkqnQzUcvdCBs=; b=ezu0BC2CSAY0aVefSyxJbDFfVDs6hMvNRWAnYB/CAvAi39YsmGiEOhp/U00lDJlRJI E2RVBwEq/S1YOYTRg1LJv+SuprDNozLIkVYLcdreMe7ETWB8tcTttEiFRZyKy0rP2lDO Q8L7a7yrsvp2cWCaCEKTX8Y4s88oIyGXt3xAZXNGVutpp2F8RTkruO1B6iKORan63NI6 gatxfX+khAVlfJqxDqoYJhSLvZrdqwsG81PAA64zG7OAEOFu4UrKwTtNMtykJsTS3lZw yTmxtUvKBwPEc4USJ5gYTxIdjFFecrAjYe9tbYnTTgutk9jlxcsr3wYAuiciOOmjiF8U HmBg== X-Forwarded-Encrypted: i=1; AJvYcCXzN7wZhZISNtAcRDo4IGxpu7nPcjbvlIddnZSKkV/4bBZjkb8MQeOzCE9BG67aW+50CJvuoH49NuOVRTU=@vger.kernel.org X-Gm-Message-State: AOJu0YzdxadybSYG4NV9d2vJzKVsLRttjZ6ikNFbcNrYDIXK9vFemSHk O6c54q3bRnl9JheUMr1TEkSiAzlKfGUde8E6OfEtzWJjJEXYEK/3DHoZZvsPEyXVvV+Y0iWzxNj qU0AGsMB/dHpXog== X-Google-Smtp-Source: AGHT+IEgCCEmGnYrWwB2pJKu0dfcPxNrazrjjw1NKn7gY3gc2LB6ZrtBhatDmWbxTyHnmyDZA7lzsMrG0hDshg== X-Received: from pjua12.prod.google.com ([2002:a17:90a:cb8c:b0:34c:d212:cb7f]) (user=jmattson job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a20:a113:b0:35d:5d40:6d75 with SMTP id adf61e73a8af0-3898f907cd5mr17560093637.29.1768264251124; Mon, 12 Jan 2026 16:30:51 -0800 (PST) Date: Mon, 12 Jan 2026 16:30:05 -0800 In-Reply-To: <20260113003016.3511895-1-jmattson@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260113003016.3511895-1-jmattson@google.com> X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog Message-ID: <20260113003016.3511895-11-jmattson@google.com> Subject: [PATCH 10/10] KVM: selftests: nSVM: Add svm_nested_pat test From: Jim Mattson To: Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Shuah Khan , Joerg Roedel , Avi Kivity , Alexander Graf , "=?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?=" , David Hildenbrand , Cathy Avery , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: Jim Mattson Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Verify KVM's virtualization of the PAT MSR and--when nested NPT is enabled--the VMCB12 g_pat field and the guest PAT register. Signed-off-by: Jim Mattson --- tools/testing/selftests/kvm/Makefile.kvm | 1 + .../selftests/kvm/x86/svm_nested_pat_test.c | 357 ++++++++++++++++++ 2 files changed, 358 insertions(+) create mode 100644 tools/testing/selftests/kvm/x86/svm_nested_pat_test.c diff --git a/tools/testing/selftests/kvm/Makefile.kvm b/tools/testing/selft= ests/kvm/Makefile.kvm index 33ff81606638..27f8087eafec 100644 --- a/tools/testing/selftests/kvm/Makefile.kvm +++ b/tools/testing/selftests/kvm/Makefile.kvm @@ -109,6 +109,7 @@ TEST_GEN_PROGS_x86 +=3D x86/state_test TEST_GEN_PROGS_x86 +=3D x86/vmx_preemption_timer_test TEST_GEN_PROGS_x86 +=3D x86/svm_vmcall_test TEST_GEN_PROGS_x86 +=3D x86/svm_int_ctl_test +TEST_GEN_PROGS_x86 +=3D x86/svm_nested_pat_test TEST_GEN_PROGS_x86 +=3D x86/svm_nested_shutdown_test TEST_GEN_PROGS_x86 +=3D x86/svm_nested_soft_inject_test TEST_GEN_PROGS_x86 +=3D x86/tsc_scaling_sync diff --git a/tools/testing/selftests/kvm/x86/svm_nested_pat_test.c b/tools/= testing/selftests/kvm/x86/svm_nested_pat_test.c new file mode 100644 index 000000000000..fa016e65dbf6 --- /dev/null +++ b/tools/testing/selftests/kvm/x86/svm_nested_pat_test.c @@ -0,0 +1,357 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * KVM nested SVM PAT test + * + * Copyright (C) 2026, Google LLC. + * + * Test that KVM correctly virtualizes the PAT MSR and VMCB g_pat field + * for nested SVM guests: + * + * o With nested NPT disabled: + * - L1 and L2 share the same PAT + * - The vmcb12.g_pat is ignored + * o With nested NPT enabled: + * - Invalid g_pat in vmcb12 should cause VMEXIT_INVALID + * - L2 should see vmcb12.g_pat via RDMSR, not L1's PAT + * - L2's writes to PAT should be saved to vmcb12 on exit + * - L1's PAT should be restored after #VMEXIT from L2 + * - State save/restore should preserve both L1's and L2's PAT values + */ +#include +#include +#include +#include + +#include "test_util.h" +#include "kvm_util.h" +#include "processor.h" +#include "svm_util.h" + +#define L2_GUEST_STACK_SIZE 256 + +#define PAT_DEFAULT 0x0007040600070406ULL +#define L1_PAT_VALUE 0x0007040600070404ULL /* Change PA0 to WT */ +#define L2_VMCB12_PAT 0x0606060606060606ULL /* All WB */ +#define L2_PAT_MODIFIED 0x0606060606060604ULL /* Change PA0 to WT */ +#define INVALID_PAT_VALUE 0x0808080808080808ULL /* 8 is reserved */ + +/* + * Shared state between L1 and L2 for verification. + */ +struct pat_test_data { + uint64_t l2_pat_read; + uint64_t l2_pat_after_write; + uint64_t l1_pat_after_vmexit; + uint64_t vmcb12_gpat_after_exit; + bool l2_done; +}; + +static struct pat_test_data *pat_data; + +static void l2_guest_code_npt_disabled(void) +{ + pat_data->l2_pat_read =3D rdmsr(MSR_IA32_CR_PAT); + wrmsr(MSR_IA32_CR_PAT, L2_PAT_MODIFIED); + pat_data->l2_pat_after_write =3D rdmsr(MSR_IA32_CR_PAT); + pat_data->l2_done =3D true; + vmmcall(); +} + +static void l2_guest_code_npt_enabled(void) +{ + pat_data->l2_pat_read =3D rdmsr(MSR_IA32_CR_PAT); + wrmsr(MSR_IA32_CR_PAT, L2_PAT_MODIFIED); + pat_data->l2_pat_after_write =3D rdmsr(MSR_IA32_CR_PAT); + pat_data->l2_done =3D true; + vmmcall(); +} + +static void l2_guest_code_saverestoretest(void) +{ + pat_data->l2_pat_read =3D rdmsr(MSR_IA32_CR_PAT); + + GUEST_SYNC(1); + GUEST_ASSERT_EQ(rdmsr(MSR_IA32_CR_PAT), pat_data->l2_pat_read); + + wrmsr(MSR_IA32_CR_PAT, L2_PAT_MODIFIED); + pat_data->l2_pat_after_write =3D rdmsr(MSR_IA32_CR_PAT); + + GUEST_SYNC(2); + GUEST_ASSERT_EQ(rdmsr(MSR_IA32_CR_PAT), L2_PAT_MODIFIED); + + pat_data->l2_done =3D true; + vmmcall(); +} + +static void l1_svm_code_npt_disabled(struct svm_test_data *svm, + struct pat_test_data *data) +{ + unsigned long l2_guest_stack[L2_GUEST_STACK_SIZE]; + struct vmcb *vmcb =3D svm->vmcb; + + pat_data =3D data; + + wrmsr(MSR_IA32_CR_PAT, L1_PAT_VALUE); + GUEST_ASSERT_EQ(rdmsr(MSR_IA32_CR_PAT), L1_PAT_VALUE); + + generic_svm_setup(svm, l2_guest_code_npt_disabled, + &l2_guest_stack[L2_GUEST_STACK_SIZE]); + + vmcb->save.g_pat =3D L2_VMCB12_PAT; + + vmcb->control.intercept &=3D ~(1ULL << INTERCEPT_MSR_PROT); + + run_guest(vmcb, svm->vmcb_gpa); + + GUEST_ASSERT_EQ(vmcb->control.exit_code, SVM_EXIT_VMMCALL); + GUEST_ASSERT(data->l2_done); + + GUEST_ASSERT_EQ(data->l2_pat_read, L1_PAT_VALUE); + + GUEST_ASSERT_EQ(data->l2_pat_after_write, L2_PAT_MODIFIED); + + data->l1_pat_after_vmexit =3D rdmsr(MSR_IA32_CR_PAT); + GUEST_ASSERT_EQ(data->l1_pat_after_vmexit, L2_PAT_MODIFIED); + + GUEST_DONE(); +} + +static void l1_svm_code_invalid_gpat(struct svm_test_data *svm, + struct pat_test_data *data) +{ + unsigned long l2_guest_stack[L2_GUEST_STACK_SIZE]; + struct vmcb *vmcb =3D svm->vmcb; + + pat_data =3D data; + + generic_svm_setup(svm, l2_guest_code_npt_enabled, + &l2_guest_stack[L2_GUEST_STACK_SIZE]); + + vmcb->save.g_pat =3D INVALID_PAT_VALUE; + + run_guest(vmcb, svm->vmcb_gpa); + + GUEST_ASSERT_EQ(vmcb->control.exit_code, SVM_EXIT_ERR); + + GUEST_ASSERT(!data->l2_done); + + GUEST_DONE(); +} + +static void l1_svm_code_npt_enabled(struct svm_test_data *svm, + struct pat_test_data *data) +{ + unsigned long l2_guest_stack[L2_GUEST_STACK_SIZE]; + struct vmcb *vmcb =3D svm->vmcb; + uint64_t l1_pat_before; + + pat_data =3D data; + + wrmsr(MSR_IA32_CR_PAT, L1_PAT_VALUE); + l1_pat_before =3D rdmsr(MSR_IA32_CR_PAT); + GUEST_ASSERT_EQ(l1_pat_before, L1_PAT_VALUE); + + generic_svm_setup(svm, l2_guest_code_npt_enabled, + &l2_guest_stack[L2_GUEST_STACK_SIZE]); + + vmcb->save.g_pat =3D L2_VMCB12_PAT; + + vmcb->control.intercept &=3D ~(1ULL << INTERCEPT_MSR_PROT); + + run_guest(vmcb, svm->vmcb_gpa); + + GUEST_ASSERT_EQ(vmcb->control.exit_code, SVM_EXIT_VMMCALL); + GUEST_ASSERT(data->l2_done); + + GUEST_ASSERT_EQ(data->l2_pat_read, L2_VMCB12_PAT); + + GUEST_ASSERT_EQ(data->l2_pat_after_write, L2_PAT_MODIFIED); + + data->vmcb12_gpat_after_exit =3D vmcb->save.g_pat; + GUEST_ASSERT_EQ(data->vmcb12_gpat_after_exit, L2_PAT_MODIFIED); + + data->l1_pat_after_vmexit =3D rdmsr(MSR_IA32_CR_PAT); + GUEST_ASSERT_EQ(data->l1_pat_after_vmexit, L1_PAT_VALUE); + + GUEST_DONE(); +} + +static void l1_svm_code_saverestore(struct svm_test_data *svm, + struct pat_test_data *data) +{ + unsigned long l2_guest_stack[L2_GUEST_STACK_SIZE]; + struct vmcb *vmcb =3D svm->vmcb; + + pat_data =3D data; + + wrmsr(MSR_IA32_CR_PAT, L1_PAT_VALUE); + + generic_svm_setup(svm, l2_guest_code_saverestoretest, + &l2_guest_stack[L2_GUEST_STACK_SIZE]); + + vmcb->save.g_pat =3D L2_VMCB12_PAT; + vmcb->control.intercept &=3D ~(1ULL << INTERCEPT_MSR_PROT); + + run_guest(vmcb, svm->vmcb_gpa); + + GUEST_ASSERT_EQ(vmcb->control.exit_code, SVM_EXIT_VMMCALL); + GUEST_ASSERT(data->l2_done); + + GUEST_ASSERT_EQ(rdmsr(MSR_IA32_CR_PAT), L1_PAT_VALUE); + + GUEST_ASSERT_EQ(vmcb->save.g_pat, L2_PAT_MODIFIED); + + GUEST_DONE(); +} + +/* + * L2 guest code for multiple VM-entry test. + * On first VM-entry, read and modify PAT, then VM-exit. + * On second VM-entry, verify we see our modified PAT from first VM-entry. + */ +static void l2_guest_code_multi_vmentry(void) +{ + pat_data->l2_pat_read =3D rdmsr(MSR_IA32_CR_PAT); + wrmsr(MSR_IA32_CR_PAT, L2_PAT_MODIFIED); + pat_data->l2_pat_after_write =3D rdmsr(MSR_IA32_CR_PAT); + vmmcall(); + + pat_data->l2_pat_read =3D rdmsr(MSR_IA32_CR_PAT); + pat_data->l2_done =3D true; + vmmcall(); +} + +static void l1_svm_code_multi_vmentry(struct svm_test_data *svm, + struct pat_test_data *data) +{ + unsigned long l2_guest_stack[L2_GUEST_STACK_SIZE]; + struct vmcb *vmcb =3D svm->vmcb; + + pat_data =3D data; + + wrmsr(MSR_IA32_CR_PAT, L1_PAT_VALUE); + + generic_svm_setup(svm, l2_guest_code_multi_vmentry, + &l2_guest_stack[L2_GUEST_STACK_SIZE]); + + vmcb->save.g_pat =3D L2_VMCB12_PAT; + vmcb->control.intercept &=3D ~(1ULL << INTERCEPT_MSR_PROT); + + run_guest(vmcb, svm->vmcb_gpa); + GUEST_ASSERT_EQ(vmcb->control.exit_code, SVM_EXIT_VMMCALL); + + GUEST_ASSERT_EQ(data->l2_pat_after_write, L2_PAT_MODIFIED); + + GUEST_ASSERT_EQ(vmcb->save.g_pat, L2_PAT_MODIFIED); + + GUEST_ASSERT_EQ(rdmsr(MSR_IA32_CR_PAT), L1_PAT_VALUE); + + vmcb->save.rip +=3D 3; /* vmmcall */ + run_guest(vmcb, svm->vmcb_gpa); + + GUEST_ASSERT_EQ(vmcb->control.exit_code, SVM_EXIT_VMMCALL); + GUEST_ASSERT(data->l2_done); + + GUEST_ASSERT_EQ(data->l2_pat_read, L2_PAT_MODIFIED); + + GUEST_ASSERT_EQ(rdmsr(MSR_IA32_CR_PAT), L1_PAT_VALUE); + + GUEST_DONE(); +} + +static void l1_guest_code(struct svm_test_data *svm, struct pat_test_data = *data, + int test_num) +{ + switch (test_num) { + case 0: + l1_svm_code_npt_disabled(svm, data); + break; + case 1: + l1_svm_code_invalid_gpat(svm, data); + break; + case 2: + l1_svm_code_npt_enabled(svm, data); + break; + case 3: + l1_svm_code_saverestore(svm, data); + break; + case 4: + l1_svm_code_multi_vmentry(svm, data); + break; + } +} + +static void run_test(int test_number, const char *test_name, bool npt_enab= led, + bool do_save_restore) +{ + struct pat_test_data *data_hva; + vm_vaddr_t svm_gva, data_gva; + struct kvm_x86_state *state; + struct kvm_vcpu *vcpu; + struct kvm_vm *vm; + struct ucall uc; + + pr_info("Testing: %d: %s\n", test_number, test_name); + + vm =3D vm_create_with_one_vcpu(&vcpu, l1_guest_code); + if (npt_enabled) + vm_enable_npt(vm); + + vcpu_alloc_svm(vm, &svm_gva); + + data_gva =3D vm_vaddr_alloc_page(vm); + data_hva =3D addr_gva2hva(vm, data_gva); + memset(data_hva, 0, sizeof(*data_hva)); + + if (npt_enabled) + tdp_identity_map_default_memslots(vm); + + vcpu_args_set(vcpu, 3, svm_gva, data_gva, test_number); + + for (;;) { + vcpu_run(vcpu); + TEST_ASSERT_KVM_EXIT_REASON(vcpu, KVM_EXIT_IO); + + switch (get_ucall(vcpu, &uc)) { + case UCALL_ABORT: + REPORT_GUEST_ASSERT(uc); + /* NOT REACHED */ + case UCALL_SYNC: + if (do_save_restore) { + pr_info(" Save/restore at sync point %ld\n", + uc.args[1]); + state =3D vcpu_save_state(vcpu); + kvm_vm_release(vm); + vcpu =3D vm_recreate_with_one_vcpu(vm); + vcpu_load_state(vcpu, state); + kvm_x86_state_cleanup(state); + } + break; + case UCALL_DONE: + pr_info(" PASSED\n"); + kvm_vm_free(vm); + return; + default: + TEST_FAIL("Unknown ucall %lu", uc.cmd); + } + } +} + +int main(int argc, char *argv[]) +{ + TEST_REQUIRE(kvm_cpu_has(X86_FEATURE_SVM)); + TEST_REQUIRE(kvm_cpu_has(X86_FEATURE_NPT)); + TEST_REQUIRE(kvm_has_cap(KVM_CAP_NESTED_STATE)); + + run_test(0, "nested NPT disabled", false, false); + + run_test(1, "invalid g_pat", true, false); + + run_test(2, "nested NPT enabled", true, false); + + run_test(3, "save/restore", true, true); + + run_test(4, "multiple entries", true, false); + + return 0; +} --=20 2.52.0.457.g6b5491de43-goog