From nobody Sat Feb 7 07:24:40 2026 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D769E258CDC for ; Wed, 28 Jan 2026 01:43:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769564596; cv=none; b=ncoPHUV7j/1uoaqYw3lmdeR0NS4wIR5C6xpEJU/nxs5cn++K1gpcomb8qGIaPiIRufLbWvtxQlT5zbvWtgiBk4TBDKqESSPuE3rfq65tEK98QPX2rDpwzcZXs+hM1w4Oz6D0fek7EVragWrEBUmLejKms511JhQebP/SaLoWBWw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769564596; c=relaxed/simple; bh=eavUFYdilWC4NDM0QmP02+ef9dX8BH7Zs1ktMcFbyJM=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=IVGecd8K/E1kJ52gGaJxLyeyxggEl7G2MiGn8s2jf/rXxI4f2NmSnnYKBvkiavrrdE+kQCz0ewt0abJNsX1ULxMGyGUTEqSttnezGQQciNzqcvGl+wvIi8dxyFswBN+K2aqE8tlR6yugO97QaIf02ppamxyolMUZmkczTc8KQ0w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Jg+/PQQs; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Jg+/PQQs" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-2a7d7b87977so53309545ad.0 for ; Tue, 27 Jan 2026 17:43:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1769564594; x=1770169394; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=Dycno8xrJTeHUt9FVeo8HJWayzqn06ym8ZC4RBKnLqw=; b=Jg+/PQQsPFcksCp4Sxk9n/l7dLzMp0V6YM3xC+1AsMm94qmCcp8bYOTTqZWicOp7Bp YgPk9ujK0hbU6bsvh5E9mv8j8PVceJwBVJ/0j/UYLq1St1QQySZVzBnrCpXVNNjV97/L gm3dPVemUkR/djAjWfZD+thEBsy4xhYUaTwNFARYZqDeiP7FYJCHshE51xYSB8l79p0Q txXRuzznAJoqhT6J/l013ZODKMv6PFcUq0wXl5PP4tAJq+YCXOCYuNnAWwWJ+rOVFzRv PKlxJLa4WW6I/RKmm8DyShBYSRCt1/tGwWYCSit9Ur/mbrxNE9LTwPuL+kC2Cg6YvCmn vFnQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769564594; x=1770169394; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Dycno8xrJTeHUt9FVeo8HJWayzqn06ym8ZC4RBKnLqw=; b=OWxf7nrJHU9CwVxdQZ1la5F2R5CxM35PoxCOvChJAhebLZFoCZMBD5BsDCgB6SuNY3 aaQjihhdoljPb8yvF/x3iwlkjLZao7aeIUeTt7edaWDoxWh92b7EFGQDk3RzwU/GHT9k /fHvDMsuf8kCKQO7fYqErbJiBNeSGAkBb9I1QmUYG+WimkI9MeNsMikG9g6gZrxoY+AW hQ4jXjoLUyyyJccqKv4ctnBvxDGOj8/3XL/F+GVkiqTDi+6pMlHyY7N3qcrRksE4JLJT srn/ZdJhlP0zkTaVPK2QsSqys9a1xyabXK2SfC7Wy+hDesOBZiveZ/WJOt10QyST83PX R/7g== X-Forwarded-Encrypted: i=1; AJvYcCV8u8RZxo6yHo50QPfUVCTL7KHv3GPlo3fhyPlrF7OM0F9utpGiBpVOmZ+jK+bpsWMwRsx5k+VH8pmMY1Q=@vger.kernel.org X-Gm-Message-State: AOJu0YxEtxw6RUGSdWJ5Z0/Kb6VUzRVYZxRNnjOiXNE2oeT0nAn2yyXx iAKcHKaVsvxR6UH1GCUGpjQaaxiRAJqInsdr/YZhACUyD3yz7yT1NHdFILRrDbQosAkNuRfhMAo AD7N9KA== X-Received: from plbmj14.prod.google.com ([2002:a17:903:2b8e:b0:2a0:de6a:ac6c]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:903:2291:b0:2a1:5f23:7ddf with SMTP id d9443c01a7336-2a870d452d6mr30868615ad.6.1769564594217; Tue, 27 Jan 2026 17:43:14 -0800 (PST) Reply-To: Sean Christopherson Date: Tue, 27 Jan 2026 17:43:08 -0800 In-Reply-To: <20260128014310.3255561-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260128014310.3255561-1-seanjc@google.com> X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog Message-ID: <20260128014310.3255561-2-seanjc@google.com> Subject: [PATCH v2 1/3] KVM: x86: Explicitly configure supported XSS from {svm,vmx}_set_cpu_caps() From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Mathias Krause , John Allen , Rick Edgecombe , Chao Gao , Binbin Wu , Xiaoyao Li , Jim Mattson Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Explicitly configure KVM's supported XSS as part of each vendor's setup flow to fix a bug where clearing SHSTK and IBT in kvm_cpu_caps, e.g. due to lack of CET XFEATURE support, makes kvm-intel.ko unloadable when nested VMX is enabled, i.e. when nested=3D1. The late clearing results in nested_vmx_setup_{entry,exit}_ctls() clearing VM_{ENTRY,EXIT}_LOAD_CET_STATE when nested_vmx_setup_ctls_msrs() runs during the CPU compatibility checks, ultimately leading to a mismatched VMCS config due to the reference config having the CET bits set, but every CPU's "local" config having the bits cleared. Note, kvm_caps.supported_{xcr0,xss} are unconditionally initialized by kvm_x86_vendor_init(), before calling into vendor code, and not referenced between ops->hardware_setup() and their current/old location. Fixes: 69cc3e886582 ("KVM: x86: Add XSS support for CET_KERNEL and CET_USER= ") Cc: stable@vger.kernel.org Cc: Mathias Krause Cc: John Allen Cc: Rick Edgecombe Cc: Chao Gao Cc: Binbin Wu Cc: Xiaoyao Li Signed-off-by: Sean Christopherson Reviewed-by: Binbin Wu Reviewed-by: Xiaoyao Li --- arch/x86/kvm/svm/svm.c | 2 ++ arch/x86/kvm/vmx/vmx.c | 2 ++ arch/x86/kvm/x86.c | 30 +++++++++++++++++------------- arch/x86/kvm/x86.h | 2 ++ 4 files changed, 23 insertions(+), 13 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 7803d2781144..c00a696dacfc 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -5387,6 +5387,8 @@ static __init void svm_set_cpu_caps(void) */ kvm_cpu_cap_clear(X86_FEATURE_BUS_LOCK_DETECT); kvm_cpu_cap_clear(X86_FEATURE_MSR_IMM); + + kvm_setup_xss_caps(); } =20 static __init int svm_hardware_setup(void) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 27acafd03381..9f85c3829890 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -8230,6 +8230,8 @@ static __init void vmx_set_cpu_caps(void) kvm_cpu_cap_clear(X86_FEATURE_SHSTK); kvm_cpu_cap_clear(X86_FEATURE_IBT); } + + kvm_setup_xss_caps(); } =20 static bool vmx_is_io_intercepted(struct kvm_vcpu *vcpu, diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 8acfdfc583a1..cac1d6a67b49 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -9965,6 +9965,23 @@ static struct notifier_block pvclock_gtod_notifier = =3D { }; #endif =20 +void kvm_setup_xss_caps(void) +{ + if (!kvm_cpu_cap_has(X86_FEATURE_XSAVES)) + kvm_caps.supported_xss =3D 0; + + if (!kvm_cpu_cap_has(X86_FEATURE_SHSTK) && + !kvm_cpu_cap_has(X86_FEATURE_IBT)) + kvm_caps.supported_xss &=3D ~XFEATURE_MASK_CET_ALL; + + if ((kvm_caps.supported_xss & XFEATURE_MASK_CET_ALL) !=3D XFEATURE_MASK_C= ET_ALL) { + kvm_cpu_cap_clear(X86_FEATURE_SHSTK); + kvm_cpu_cap_clear(X86_FEATURE_IBT); + kvm_caps.supported_xss &=3D ~XFEATURE_MASK_CET_ALL; + } +} +EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_setup_xss_caps); + static inline void kvm_ops_update(struct kvm_x86_init_ops *ops) { memcpy(&kvm_x86_ops, ops->runtime_ops, sizeof(kvm_x86_ops)); @@ -10138,19 +10155,6 @@ int kvm_x86_vendor_init(struct kvm_x86_init_ops *o= ps) if (!tdp_enabled) kvm_caps.supported_quirks &=3D ~KVM_X86_QUIRK_IGNORE_GUEST_PAT; =20 - if (!kvm_cpu_cap_has(X86_FEATURE_XSAVES)) - kvm_caps.supported_xss =3D 0; - - if (!kvm_cpu_cap_has(X86_FEATURE_SHSTK) && - !kvm_cpu_cap_has(X86_FEATURE_IBT)) - kvm_caps.supported_xss &=3D ~XFEATURE_MASK_CET_ALL; - - if ((kvm_caps.supported_xss & XFEATURE_MASK_CET_ALL) !=3D XFEATURE_MASK_C= ET_ALL) { - kvm_cpu_cap_clear(X86_FEATURE_SHSTK); - kvm_cpu_cap_clear(X86_FEATURE_IBT); - kvm_caps.supported_xss &=3D ~XFEATURE_MASK_CET_ALL; - } - if (kvm_caps.has_tsc_control) { /* * Make sure the user can only configure tsc_khz values that diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index 70e81f008030..94d4f07aaaa0 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -483,6 +483,8 @@ extern struct kvm_host_values kvm_host; extern bool enable_pmu; extern bool enable_mediated_pmu; =20 +void kvm_setup_xss_caps(void); + /* * Get a filtered version of KVM's supported XCR0 that strips out dynamic * features for which the current process doesn't (yet) have permission to= use. --=20 2.52.0.457.g6b5491de43-goog From nobody Sat Feb 7 07:24:40 2026 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9355E263F52 for ; Wed, 28 Jan 2026 01:43:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769564598; cv=none; b=ZY98LYvaB76irV4X6/pT9hDuZhxjKIjWhJ57h2glrDs28yNZ4Y28IEqpPBlSy3KITWHrak8waCgN9MRXVfmeTX7pI4/9DiX83EIKIuMhUO9/slLbaVt8TH88bMkaimfw5cPO/TLi1A7kuEFe0SI5k7FT3Zpy9vGwoc+GwIt+9nA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769564598; c=relaxed/simple; bh=gjNPSqmL0Tbn8NDFbPUIQp/fE+kR/OlsEcl9q9Y4XdU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=WYLfgo1M5NZeJQLulngFCWJGoOFhcXMHEHhEw8BmPSgdslnHX18AYWe9dGEwZwYJrk4f8wvP45FouWFvkja2OdVgWujdE75NMhNP52kdF7hxf4iX1EbWzRKx5F3Y6+75liAnmpFFOtiJpBxeraP1p2qePgc3ouq9PXzn2ubEYkU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=4TVi2q01; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="4TVi2q01" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-c5eed9a994dso3357994a12.2 for ; Tue, 27 Jan 2026 17:43:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1769564596; x=1770169396; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=4DtlW/gC7gteJd+CFkna93VzdyPdpEl+ULoZd8O0aTU=; b=4TVi2q01ibw3AppQkC2naOJRq24+WuBTUqehM7HQyLyI+WT6DKiHr5z1stQDGK9/HJ e7p5+3KdIrvl5c3KbQu2VeMy9GCCKedlccNqkNK1sCE+LLr7PU0js+lyVsQin18bl142 tCNmvfCz11RyplfsaHVVADP9VgS5LQUclCM7Tpg/mFTRqBp8SoHKv9iB3tdoVkXqOgHd P02btg8rvRY3dqZlFPspYUXxXql0fMshGX9fZhOLptfU60ydJ7FZ0iBgDAPP2SIhpsix r1H7NI+bGV/3P/e+eISDOc67v7y12Iegk9aWDsYKOmqTsSsDcWCOM8r+QF7u//FqGNMS 9laA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769564596; x=1770169396; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=4DtlW/gC7gteJd+CFkna93VzdyPdpEl+ULoZd8O0aTU=; b=HmVewjZZMyev13CstxwGwrhBhnlNq5EEIHx6UZUfs4docWAjtOxijNTsU4bN1UfTI8 vBprPlDGYFDNFarG03BESZvJpiU8C3KXP4LbReINME52Xg/VFL+ZiHC0Dr0FMqtcR7gI UVFfEPubmwYFCAmmKYHKPmBiW5G/q0DyAuwmC5k1J/sIa2zSeH0btYieYbXQBNO9Tvyk 371KqGDnfm3F6yfs+JgyQF8Ku0+hurVXK/gzT7JP8Uoo74Fkd/q0Y7cGE6/dcxp3fCDf UfZAC9Ntiy5B7HXz+SYMnOZmuBYdncI5g/u90pr4rWw0CgqUxc2+lDtSeHdT7eXHTXpk PEUA== X-Forwarded-Encrypted: i=1; AJvYcCX85IEJzyDbPvaIz5639KV2Fqt+SGzdEP4B6tKmdKvxYVrCG7wBAFoEXrb4MWg0lS8QyOJ0jgHX6f9S930=@vger.kernel.org X-Gm-Message-State: AOJu0YxHL2YlS6O7D7XJoQJhp7NNV9wwrFKtEXjfYqRRW3mrJCKNc9M8 xKqd1zc6zlI/imddE/3c57iLgTEfkH15d6et4uQAs5bd18Ws2k1rBQjVc1R4As2SPSr930hWH4V 26ij3vg== X-Received: from pgah16.prod.google.com ([2002:a05:6a02:4e90:b0:c1e:18e8:e532]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a21:498:b0:38d:e6f8:fd96 with SMTP id adf61e73a8af0-38ec6428c3dmr3264203637.60.1769564595826; Tue, 27 Jan 2026 17:43:15 -0800 (PST) Reply-To: Sean Christopherson Date: Tue, 27 Jan 2026 17:43:09 -0800 In-Reply-To: <20260128014310.3255561-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260128014310.3255561-1-seanjc@google.com> X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog Message-ID: <20260128014310.3255561-3-seanjc@google.com> Subject: [PATCH v2 2/3] KVM: x86: Harden against unexpected adjustments to kvm_cpu_caps From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Mathias Krause , John Allen , Rick Edgecombe , Chao Gao , Binbin Wu , Xiaoyao Li , Jim Mattson Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add a flag to track when KVM is actively configuring its CPU caps, and WARN if a cap is set or cleared if KVM isn't in its configuration stage. Modifying CPU caps after {svm,vmx}_set_cpu_caps() can be fatal to KVM, as vendor setup code expects the CPU caps to be frozen at that point, e.g. will do additional configuration based on the caps. Rename kvm_set_cpu_caps() to kvm_initialize_cpu_caps() to pair with the new "finalize", and to make it more obvious that KVM's CPU caps aren't fully configured within the function. Signed-off-by: Sean Christopherson Reviewed-by: Binbin Wu Reviewed-by: Xiaoyao Li --- arch/x86/kvm/cpuid.c | 10 ++++++++-- arch/x86/kvm/cpuid.h | 12 +++++++++++- arch/x86/kvm/svm/svm.c | 4 +++- arch/x86/kvm/vmx/vmx.c | 4 +++- 4 files changed, 25 insertions(+), 5 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 575244af9c9f..7fe4e58a6ebf 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -36,6 +36,9 @@ u32 kvm_cpu_caps[NR_KVM_CPU_CAPS] __read_mostly; EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_cpu_caps); =20 +bool kvm_is_configuring_cpu_caps __read_mostly; +EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_is_configuring_cpu_caps); + struct cpuid_xstate_sizes { u32 eax; u32 ebx; @@ -826,10 +829,13 @@ do { \ /* DS is defined by ptrace-abi.h on 32-bit builds. */ #undef DS =20 -void kvm_set_cpu_caps(void) +void kvm_initialize_cpu_caps(void) { memset(kvm_cpu_caps, 0, sizeof(kvm_cpu_caps)); =20 + WARN_ON_ONCE(kvm_is_configuring_cpu_caps); + kvm_is_configuring_cpu_caps =3D true; + BUILD_BUG_ON(sizeof(kvm_cpu_caps) - (NKVMCAPINTS * sizeof(*kvm_cpu_caps))= > sizeof(boot_cpu_data.x86_capability)); =20 @@ -1289,7 +1295,7 @@ void kvm_set_cpu_caps(void) kvm_cpu_cap_clear(X86_FEATURE_RDPID); } } -EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_set_cpu_caps); +EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_initialize_cpu_caps); =20 #undef F #undef SCATTERED_F diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h index d3f5ae15a7ca..039b8e6f40ba 100644 --- a/arch/x86/kvm/cpuid.h +++ b/arch/x86/kvm/cpuid.h @@ -8,7 +8,15 @@ #include =20 extern u32 kvm_cpu_caps[NR_KVM_CPU_CAPS] __read_mostly; -void kvm_set_cpu_caps(void); +extern bool kvm_is_configuring_cpu_caps __read_mostly; + +void kvm_initialize_cpu_caps(void); + +static inline void kvm_finalize_cpu_caps(void) +{ + WARN_ON_ONCE(!kvm_is_configuring_cpu_caps); + kvm_is_configuring_cpu_caps =3D false; +} =20 void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu); struct kvm_cpuid_entry2 *kvm_find_cpuid_entry2(struct kvm_cpuid_entry2 *en= tries, @@ -188,6 +196,7 @@ static __always_inline void kvm_cpu_cap_clear(unsigned = int x86_feature) { unsigned int x86_leaf =3D __feature_leaf(x86_feature); =20 + WARN_ON_ONCE(!kvm_is_configuring_cpu_caps); kvm_cpu_caps[x86_leaf] &=3D ~__feature_bit(x86_feature); } =20 @@ -195,6 +204,7 @@ static __always_inline void kvm_cpu_cap_set(unsigned in= t x86_feature) { unsigned int x86_leaf =3D __feature_leaf(x86_feature); =20 + WARN_ON_ONCE(!kvm_is_configuring_cpu_caps); kvm_cpu_caps[x86_leaf] |=3D __feature_bit(x86_feature); } =20 diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index c00a696dacfc..5f0136dbdde6 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -5305,7 +5305,7 @@ static __init void svm_adjust_mmio_mask(void) =20 static __init void svm_set_cpu_caps(void) { - kvm_set_cpu_caps(); + kvm_initialize_cpu_caps(); =20 kvm_caps.supported_perf_cap =3D 0; =20 @@ -5389,6 +5389,8 @@ static __init void svm_set_cpu_caps(void) kvm_cpu_cap_clear(X86_FEATURE_MSR_IMM); =20 kvm_setup_xss_caps(); + + kvm_finalize_cpu_caps(); } =20 static __init int svm_hardware_setup(void) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 9f85c3829890..93ec1e6181e4 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -8173,7 +8173,7 @@ static __init u64 vmx_get_perf_capabilities(void) =20 static __init void vmx_set_cpu_caps(void) { - kvm_set_cpu_caps(); + kvm_initialize_cpu_caps(); =20 /* CPUID 0x1 */ if (nested) @@ -8232,6 +8232,8 @@ static __init void vmx_set_cpu_caps(void) } =20 kvm_setup_xss_caps(); + + kvm_finalize_cpu_caps(); } =20 static bool vmx_is_io_intercepted(struct kvm_vcpu *vcpu, --=20 2.52.0.457.g6b5491de43-goog From nobody Sat Feb 7 07:24:40 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BFCFA257844 for ; Wed, 28 Jan 2026 01:43:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769564600; cv=none; b=AvZOOhWtHgX+MLENuK+qzIhcYcOKpGqByT0Zr+rGU0AB9LfTUfQehePP1qgDbCyAWjxEOnCl9/AfZz9AIk9RhI2+Gs7G9QMxNKjY6NFUDKhq47T9oOQrZwoJQHZ0Z4eGCGutoLhUqoghlyOcoQ74XESKiZRcJ6zQU0Q8Rr3VG5s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769564600; c=relaxed/simple; bh=4El7qL7PVPZa0aprqlCvyq41SKfmYL6SM5DDRrMwQkk=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=gEXk04HsfzaZRh7qk43WckBcS56D9R2MMz+U/Ucy2fqZywnouJ3V8OeQnl6fF+/ZS7U4UZCuQML+2yDWzz44kKVT6aJI0WMSKX1QjrdCzc0Ke3+Ptc32JGYwfvuRugS1zNfGn1XiydYif9+n38J3xV/lIEcb77NFSu6TOBJuyxA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=HYfuDvbo; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="HYfuDvbo" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-34ab459c051so12240443a91.0 for ; Tue, 27 Jan 2026 17:43:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1769564598; x=1770169398; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=EsE5fDwgRpoSCOUNzOT/fBkqra7ip2Uh79gr2v+01xE=; b=HYfuDvbodAz/bNo070L71s6v0EibEE5YcvqyoNHPdIo4PhCsUO68vYlk1Lmck+nET8 lLnWY6gKlVGqWuIkDZF48VZuHc3bc5Sk8UweL6rDudrceQuKIYTkxwYQYXlOdz5XKsFu 7NAm3gYkYfDSGIgzYqHRpuy4VmzX7/ZEgmSh4J6Q66Zwza5g5ojSrPp5hkXWYta88Sur Y7D/8YQozg7M3bJ3RpwwvsmFkbtZyrE16IHKwcRN0JYszhfH5WapGBGDN8/+CbhTXXi4 fyGSgBCHZw7AniBPY/AAX1hlojPoSCH+igkl6dR1/0Lf59fPq84oloKN+DbnC0j4GBxA QlFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769564598; x=1770169398; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=EsE5fDwgRpoSCOUNzOT/fBkqra7ip2Uh79gr2v+01xE=; b=mSEE1sgJ4CUnwaioFW3MY5MIfBGq4YoSXahYUqaqOgyzguYQ7bfFJwY3o//uaJGzXh IDdr8WO2KXhXslhhKpvKn1AUeDkiQ2WeJSj+qko/C3rBxRFl0gbProCuDsHScgrgSPN0 FeG3DZObA44bp8AjLgnliH+Of9pMXnO59o9DufjsphedaAjqWOeh0seMMzQnY5t4lZ1K myzdSFD9j9xR4mjE8xVRm5LwN83ZYlestvEmv/u4aiv7DXglu8NsZnu96NbWZbRsOb/5 SuUO/isodzCsg79Gk/TOENBa5vKHQbuQu+OQzFj2OuK/LRGLIIPp2OPwnWorOO8PvwsZ WQ7Q== X-Forwarded-Encrypted: i=1; AJvYcCVGoA1G80+ry488QoUK2WjApZzdcp2dLVN82Pqvrb+B3FfdCp1P+xo64tKB+OgaKOnugYLOJlAVwCohLag=@vger.kernel.org X-Gm-Message-State: AOJu0Yw+8w99v6MR2UALY/8wDiB1FvCHXqPeNe9n97oYWGllHoF1E3at 5sElaWTDUiQ7zBIX+L/GDVCL+LBBeZnAju1a6WcZVMCQg/5kcXFBksP6V5k0s4ntIbE5yaTyDeu 78zQ5rQ== X-Received: from pjrx13.prod.google.com ([2002:a17:90a:bc8d:b0:34c:811d:e3ca]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90a:d404:b0:352:bd7c:ddbd with SMTP id 98e67ed59e1d1-353fed846d8mr3252257a91.23.1769564598099; Tue, 27 Jan 2026 17:43:18 -0800 (PST) Reply-To: Sean Christopherson Date: Tue, 27 Jan 2026 17:43:10 -0800 In-Reply-To: <20260128014310.3255561-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260128014310.3255561-1-seanjc@google.com> X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog Message-ID: <20260128014310.3255561-4-seanjc@google.com> Subject: [PATCH v2 3/3] KVM: VMX: Print out "bad" offsets+value on VMCS config mismatch From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Mathias Krause , John Allen , Rick Edgecombe , Chao Gao , Binbin Wu , Xiaoyao Li , Jim Mattson Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When kvm-intel.ko refuses to load due to a mismatched VMCS config, print all mismatching offsets+values to make it easier to debug goofs during development, and it to make it at least feasible to triage failures that occur during production. E.g. if a physical core is flaky or is running with the "wrong" microcode patch loaded, then a CPU can get a legitimate mismatch even without KVM bugs. Print the mismatches as 32-bit values as a compromise between hand coding every field (to provide precise information) and printing individual bytes (requires more effort to deduce the mismatch bit(s)). All fields in the VMCS config are either 32-bit or 64-bit values, i.e. in many cases, printing 32-bit values will be 100% precise, and in the others it's close enough, especially when considering that MSR values are split into EDX:EAX anyways. E.g. on mismatch CET entry/exit controls, KVM will print: kvm_intel: VMCS config on CPU 0 doesn't match reference config: Offset 76 REF =3D 0x107fffff, CPU0 =3D 0x007fffff, mismatch =3D 0x10000= 000 Offset 84 REF =3D 0x0010f3ff, CPU0 =3D 0x0000f3ff, mismatch =3D 0x00100= 000 Opportunistically tweak the wording on the initial error message to say "mismatch" instead of "inconsistent", as the VMCS config itself isn't inconsistent, and the wording conflates the cross-CPU compatibility check with the error_on_inconsistent_vmcs_config knob that treats inconsistent VMCS configurations as errors (e.g. if a CPU supports CET entry controls but no CET exit controls). Cc: Jim Mattson Signed-off-by: Sean Christopherson Reviewed-by: Binbin Wu Reviewed-by: Xiaoyao Li --- arch/x86/kvm/vmx/vmx.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 93ec1e6181e4..11bb4b933227 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -2962,8 +2962,23 @@ int vmx_check_processor_compat(void) } if (nested) nested_vmx_setup_ctls_msrs(&vmcs_conf, vmx_cap.ept); + if (memcmp(&vmcs_config, &vmcs_conf, sizeof(struct vmcs_config))) { - pr_err("Inconsistent VMCS config on CPU %d\n", cpu); + u32 *gold =3D (void *)&vmcs_config; + u32 *mine =3D (void *)&vmcs_conf; + int i; + + BUILD_BUG_ON(sizeof(struct vmcs_config) % sizeof(u32)); + + pr_err("VMCS config on CPU %d doesn't match reference config:", cpu); + for (i =3D 0; i < sizeof(struct vmcs_config) / sizeof(u32); i++) { + if (gold[i] =3D=3D mine[i]) + continue; + + pr_cont("\n Offset %u REF =3D 0x%08x, CPU%u =3D 0x%08x, mismatch =3D 0= x%08x", + i * (int)sizeof(u32), gold[i], cpu, mine[i], gold[i] ^ mine[i]); + } + pr_cont("\n"); return -EIO; } return 0; --=20 2.52.0.457.g6b5491de43-goog