From nobody Thu Apr 2 20:25:34 2026 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C024A35DD0B for ; Thu, 12 Feb 2026 15:59:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770911965; cv=none; b=TJcetjsV17H6gqH8yRg9MRDMZ/CmSTNzKZjqn0XgcSGpTdBVChun42859g1ZHk7NORib9WsyskNpTjZUgQpsEefQChGPBCtPWIMvMXU+oiHiW3AQ3o95FzTwilI8kHsskvt2AjQSQRoYOxvKN58CRftCTGmwsOnl2T78U0jcqv4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770911965; c=relaxed/simple; bh=k4PiYHsSuuJFMDCPsbANk87y2wEFqDT2QuLQAFxQBqU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=ldhGEFvGLa/VGsq5mmBZ/HHkL7ADJH5JAZ5v2T1KCa/SD1BgfAnbETEbDeAZprtBD3nTFvhGsJP4iJ9ebcQj+t32n/+uWUWqQj0lDWT7RIjYDxGbNgSCOU9ZbVWSHEPLSFtFZS4UxH1kIgH3VGh67w1q5z9GroVL9OGV+3RroH4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=zif59+xB; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="zif59+xB" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-2a76f2d7744so34990765ad.3 for ; Thu, 12 Feb 2026 07:59:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1770911963; x=1771516763; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=PVdp9sqT0g4R8OZdrPzG/zG6Qh9LMmNSXbaooXKmXCg=; b=zif59+xBcl7e0OBAqId74xmvjRidQUf3nY5NJYVNYZjDJqvDBHJ9G5EVcy/sUbh/Pr z39dkDkgf1yrBENuQtrEJzEA11tM27F0dHSA1yan4nXMhlF+RZEAc4GgUnS2PbHg3xLp IkLNIs9P50QgP0PzAbr2yF5R48H3ebaRb1/NCbi9O/zJODISKQF77ZAajDoXDyb/WqyM lKbrbMqPAHLZVOnzatRe5wchYaHTISKVFIlKxIAraaja6xUD0Lxz+2OGV1zFFd0V6v4L MTdFicP8Mc/aKk8IfIvEIkLL1sSM89FLSfuAyykQWaJTcigC2hWotzHEgy3oOhQO8uud PtwA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770911963; x=1771516763; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=PVdp9sqT0g4R8OZdrPzG/zG6Qh9LMmNSXbaooXKmXCg=; b=pl/IQJCn23MDgk9fwznj6SmTy8brnrlt30kUe2RlPWQ4UqFOowmwu99DvuFXoYWZ4P qB8uks08nVGa14lKIQnhHUaP/rEZwMdRYZITkbvz++Hda3omiTk2mz5IFrgljALZ+JBe 1B4dXSZBWUwFw/223+g4qmNHPbRY9fGuihOgus7xT7bvsz6fuCvuSw4Uaoiexwqri9Z9 ci6veELFSUn5/Fstq15cxc0l9nANzf0NDatIEJIcAml/lutHRhDsHPb6P7+/MGVV6oxR OU0UGseEdcLgicCAYM3RH7qw8lpbMQQOb2lrKroyF0ZAYFOc7VDLZicK/qnsqHNUxFEu C/4g== X-Forwarded-Encrypted: i=1; AJvYcCXpqUTlFvG7HAlubBuep7WeSDd8UFJvuu9i8oVzgcFMn0+RPClRWGNbnPO+syaXLYR1HyyvsdpTZRkbSNM=@vger.kernel.org X-Gm-Message-State: AOJu0YzEajXic6knnBiSBuZLwBRv0OoMTb178U0KUxYgx64Xlo5EcH1u iGI77qUT1ow4QNVTxnOdbMpfCmVFY9BAyfPDTsWK0wXYcNFyBaIjqnpewuLiJgy+qNEOzTmW8M0 ay9S9rSa8zcdU9g== X-Received: from plbkk4.prod.google.com ([2002:a17:903:704:b0:2a9:6206:d68]) (user=jmattson job=prod-delivery.src-stubby-dispatcher) by 2002:a17:902:ec83:b0:2a7:3dbe:353d with SMTP id d9443c01a7336-2ab3b28af34mr31946425ad.53.1770911963215; Thu, 12 Feb 2026 07:59:23 -0800 (PST) Date: Thu, 12 Feb 2026 07:58:55 -0800 In-Reply-To: <20260212155905.3448571-1-jmattson@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260212155905.3448571-1-jmattson@google.com> X-Mailer: git-send-email 2.53.0.239.g8d8fc8a987-goog Message-ID: <20260212155905.3448571-8-jmattson@google.com> Subject: [PATCH v4 7/8] KVM: x86: nSVM: Handle restore of legacy nested state From: Jim Mattson To: Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Shuah Khan , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Yosry Ahmed Cc: Jim Mattson Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When nested NPT is enabled and KVM_SET_NESTED_STATE is used to restore an old checkpoint (without a valid gPAT), the current IA32_PAT value must be used as L2's gPAT. Unfortunately, checkpoint restore is non-atomic, and the order in which state components are restored is not specified. Hence, the current IA32_PAT value may be restored by KVM_SET_MSRS after KVM_SET_NESTED_STATE. To further complicate matters, there may be a KVM_GET_NESTED_STATE before the next KVM_RUN. Introduce a new boolean, svm->nested.legacy_gpat_semantics. When set, hPAT updates are also applied to gPAT, preserving the old behavior (i.e. L2 shares L1's PAT). Set this boolean when restoring legacy state (i.e. nested NPT is enabled, but no GPAT is provided) in KVM_SET_NESTED_STATE. Clear this boolean in svm_vcpu_pre_run(), to ensure that hPAT and gPAT are decoupled before the vCPU resumes execution. Signed-off-by: Jim Mattson Reviewed-by: Yosry Ahmed --- arch/x86/kvm/svm/nested.c | 11 ++++++++--- arch/x86/kvm/svm/svm.c | 2 ++ arch/x86/kvm/svm/svm.h | 11 +++++++++++ 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index f73f3e586012..d854d29b0bd8 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -2073,9 +2073,14 @@ static int svm_set_nested_state(struct kvm_vcpu *vcp= u, if (ret) goto out_free; =20 - if (nested_npt_enabled(svm) && - (kvm_state->hdr.svm.flags & KVM_STATE_SVM_VALID_GPAT)) - svm_set_gpat(svm, kvm_state->hdr.svm.gpat); + if (nested_npt_enabled(svm)) { + if (kvm_state->hdr.svm.flags & KVM_STATE_SVM_VALID_GPAT) { + svm_set_gpat(svm, kvm_state->hdr.svm.gpat); + } else { + svm_set_gpat(svm, vcpu->arch.pat); + svm->nested.legacy_gpat_semantics =3D true; + } + } =20 svm_switch_vmcb(svm, &svm->nested.vmcb02); nested_vmcb02_prepare_control(svm, svm->vmcb->save.rip, svm->vmcb->save.c= s.base); diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 205bf07896ad..d951d25f1f91 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4245,6 +4245,8 @@ static int svm_vcpu_pre_run(struct kvm_vcpu *vcpu) if (to_kvm_sev_info(vcpu->kvm)->need_init) return -EINVAL; =20 + to_svm(vcpu)->nested.legacy_gpat_semantics =3D false; + return 1; } =20 diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 88549705133f..0bb9fdcb489d 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -238,6 +238,15 @@ struct svm_nested_state { * on its side. */ bool force_msr_bitmap_recalc; + + /* + * Indicates that a legacy nested state (without a valid gPAT) was + * recently restored. Until the next KVM_RUN, updates to hPAT are + * also applied to gPAT, preserving legacy behavior (i.e. L2 shares + * L1's PAT). Because checkpoint restore is non-atomic, this + * complication is necessary for backward compatibility. + */ + bool legacy_gpat_semantics; }; =20 struct vcpu_sev_es_state { @@ -621,6 +630,8 @@ static inline void svm_set_hpat(struct vcpu_svm *svm, u= 64 data) if (is_guest_mode(&svm->vcpu) && !nested_npt_enabled(svm)) vmcb_set_gpat(svm->nested.vmcb02.ptr, data); } + if (svm->nested.legacy_gpat_semantics) + svm_set_gpat(svm, data); } =20 static inline bool nested_vnmi_enabled(struct vcpu_svm *svm) --=20 2.53.0.239.g8d8fc8a987-goog