Disallow accesses to vmcs12 fields that are defined by KVM, but are unsupported
in the current incarnation of KVM, e.g. due to lack of hardware support for the
underlying VMCS fields.

The primary motivation is to avoid having to carry the same logic for shadowed
VMCS fields, which can't play nice with unsupported fields since VMREAD/VMWRITE
will fail when attempting to transfer state between vmcs12 and the shadow VMCS.

v4:
 - Filter out read-only fields too. [Xiaoyao]
 - Actually test the code.

v3:
 - https://lore.kernel.org/all/20260109041523.1027323-1-seanjc@google.com
 - Collect reviews. [Xin, Chao]
 - Actually filter out vmcs12 fields when configuring shadow VMCS. [Chao]
 - Move VMX MSR configuration into nested_vmx_hardware_setup().
 - Add ENC_TO_VMCS12_IDX. [Xiaoyao]
 - Use a Xiaoyao's crazy double ROL16 math. :-) [Xiaoyao, obviously]

v2:
 - https://lore.kernel.org/all/20251230220220.4122282-1-seanjc@google.com
 - Name the array of KVM-defined fields kvm_supported_vmcs12_field_offsets,
   e.g. so that it's no confused with what's supported by hardware. [Xin]
 - Combine encodings in switch statements for fields shared fate. [Xin]
 - Drop the extern declaration of supported_vmcs12_field_offsets. [Chao]
 - Handle GUEST_INTR_STATUS in cpu_has_vmcs12_field() and add a patch to
   drop the custom handling from init_vmcs_shadow_fields(). [Chao]

v1: https://lore.kernel.org/all/20251216012918.1707681-1-seanjc@google.com

Sean Christopherson (4):
  KVM: nVMX: Setup VMX MSRs on loading CPU during
    nested_vmx_hardware_setup()
  KVM: VMX: Add a wrapper around ROL16() to get a vmcs12 from a field
    encoding
  KVM: nVMX: Disallow access to vmcs12 fields that aren't supported by
    "hardware"
  KVM: nVMX: Remove explicit filtering of GUEST_INTR_STATUS from shadow
    VMCS fields

 arch/x86/kvm/vmx/hyperv_evmcs.c |  2 +-
 arch/x86/kvm/vmx/hyperv_evmcs.h |  2 +-
 arch/x86/kvm/vmx/nested.c       | 31 ++++++++------
 arch/x86/kvm/vmx/vmcs.h         |  9 ++++
 arch/x86/kvm/vmx/vmcs12.c       | 74 +++++++++++++++++++++++++++++++--
 arch/x86/kvm/vmx/vmcs12.h       |  8 ++--
 arch/x86/kvm/vmx/vmx.c          |  2 -
 7 files changed, 104 insertions(+), 24 deletions(-)


base-commit: acdc5446135932ca974b82d9d9a17762c7a82493
-- 
2.52.0.457.g6b5491de43-goog

On Thu, 15 Jan 2026 09:34:23 -0800, Sean Christopherson wrote:
> Disallow accesses to vmcs12 fields that are defined by KVM, but are unsupported
> in the current incarnation of KVM, e.g. due to lack of hardware support for the
> underlying VMCS fields.
> 
> The primary motivation is to avoid having to carry the same logic for shadowed
> VMCS fields, which can't play nice with unsupported fields since VMREAD/VMWRITE
> will fail when attempting to transfer state between vmcs12 and the shadow VMCS.
> 
> [...]

Applied to kvm-x86 vmx, thanks!

[1/4] KVM: nVMX: Setup VMX MSRs on loading CPU during nested_vmx_hardware_setup()
      https://github.com/kvm-x86/linux/commit/26304e0e694f
[2/4] KVM: VMX: Add a wrapper around ROL16() to get a vmcs12 from a field encoding
      https://github.com/kvm-x86/linux/commit/c68feb605cc4
[3/4] KVM: nVMX: Disallow access to vmcs12 fields that aren't supported by "hardware"
      https://github.com/kvm-x86/linux/commit/5fdf86e7353c
[4/4] KVM: nVMX: Remove explicit filtering of GUEST_INTR_STATUS from shadow VMCS fields
      https://github.com/kvm-x86/linux/commit/1dc643205953

--
https://github.com/kvm-x86/linux/tree/next