From nobody Fri Apr 3 08:02:05 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DB56433A9EA for ; Wed, 18 Feb 2026 23:10:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771456204; cv=none; b=idR+/Lxi+A+IjvNsyLynY9COxPXOD08hYXln4Px4lMixs+8cFD3VBTIeTbcl/VX4vyrQ7g0+pDBTC4kl0nYNsniyX/V7KZ3wZm1jT0PEvEO5Yhz3nY8xJpkPLXesxv3P/VklLb+iMZNFv1vHg487ERpG78zte2ZwJbzbyVTcz3w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771456204; c=relaxed/simple; bh=u8MGwEnZw80aUxcAFAsNwbLOYPY2LFnMw6ire5CTzNA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=SGHbf5QyAwkmTYxAyJT3xFRCs2gOtdYXQuvDVLTplhamrckXfKM3hdzgU4MboHmLC55EzidqvWtjfD/zeEHp2PohUBErllJv2OoILRykdVBBTFyUk8x02Q/gDc/q5/TpOU5DXgC7WZISAfVJwD5EEwHLmxUM/W14uoERpTDaZAY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=rr+bWUra; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="rr+bWUra" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-354c7febaefso1171810a91.3 for ; Wed, 18 Feb 2026 15:10:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1771456203; x=1772061003; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=8f/RMBwrSD0PDWAtnxpBhLzUqfwgiAT8TNGlxIco9LY=; b=rr+bWUraDkb2cB43XvV6POEJeOr/hP+qQ09HH4jwCS/0T1LagsDFwZ7zV3RTl+PrHp xKvLrDyfIgvYaIuu5e1JJKaKGm7wThy4nAdrCfEeOD3K23G0TEMkiD0Pnk7I2jgtcq0h xc+gcG4Hi16uupYovdnwO9X7txYjXVbH0oA5B/LmAJsu0RrXwFefONZB7C7Njz0XfhZs Hiq0s5AXMAqLB+HdUHRJUl5kOCwTtFopPbIY4s8iVeAndyMe2FmyDmlim8yYEQdZLp3J AieqGlrLnelEtsmrLPA3IBE8MXZQsCbv0NLbD7KBzHxvgPsAtPyW8NRjpuKmxvXMQFS1 mx8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771456203; x=1772061003; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=8f/RMBwrSD0PDWAtnxpBhLzUqfwgiAT8TNGlxIco9LY=; b=K+5hI42CdCZiZk0lviEdr+Qfe4KPttRXBZIXmyVg4vpiTbNH0pHw52UU5pKJVZGLWM FHdFMvXJBnbGHtMeNGnBjzm7JBFu2Uuh6W1sxTiNc7/5ScWPeFKmZxFOKuNKxgXIAJxh mx0pvZNnsYeerau9U2rRrdFFpS3ybCk+wqW6z4DpvKAe6IRY3mzrVxtPwPRq8U6yCh5H w1h9Eu+c4M/9f2E3C0BrQLz08ZD1jYGY6JJFeu3e6Wgw13pxqG2NCnUOT4iyFMu9C6JY 9V9avqNyS0k5yRjwZ2bieVF8YWnI0k8k//GqXiCC+0+8NoZQ9NG9vgzo/XJGiT8t3P0u ZJSg== X-Forwarded-Encrypted: i=1; AJvYcCV4qfxSi+vlONeyPLmXx3ZHNTJp/UPmULMsogB0eiNxwgbb7XVm74bAKWkHiWGqnBIjUAR98pk9bAXX8N0=@vger.kernel.org X-Gm-Message-State: AOJu0YzmIT5eaDSh0as2dUdAbIvYs6lesunWNGXKKTVlvpV/nyCG5tJ3 hZdpwNp44dycsEYWlJ71tKu5Vs+j5Eq1vVh1r3gor5OtLw3oAmCTt5IyJl3C3pNSVv2hG0Mt8YZ zo/F++g== X-Received: from pjbkb11.prod.google.com ([2002:a17:90a:e7cb:b0:352:d931:fa5b]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:6c8:b0:341:8c8b:b8e6 with SMTP id 98e67ed59e1d1-358890eaf88mr2943575a91.16.1771456203178; Wed, 18 Feb 2026 15:10:03 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 18 Feb 2026 15:09:51 -0800 In-Reply-To: <20260218230958.2877682-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260218230958.2877682-1-seanjc@google.com> X-Mailer: git-send-email 2.53.0.345.g96ddfc5eaa-goog Message-ID: <20260218230958.2877682-2-seanjc@google.com> Subject: [PATCH v2 1/8] KVM: SVM: Explicitly mark vmcb01 dirty after modifying VMCB intercepts From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Yosry Ahmed Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When reacting to an intercept update, explicitly mark vmcb01's intercepts dirty, as KVM always initially operates on vmcb01, and nested_svm_vmexit() isn't guaranteed to mark VMCB_INTERCEPTS as dirty. I.e. if L2 is active, KVM will modify the intercepts for L1, but might not mark them as dirty before the next VMRUN of L1. Fixes: 116a0a23676e ("KVM: SVM: Add clean-bit for intercetps, tsc-offset an= d pause filter count") Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson Reviewed-by: Yosry Ahmed --- arch/x86/kvm/svm/nested.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index de90b104a0dd..66701106a51b 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -128,11 +128,13 @@ void recalc_intercepts(struct vcpu_svm *svm) struct vmcb_ctrl_area_cached *g; unsigned int i; =20 - vmcb_mark_dirty(svm->vmcb, VMCB_INTERCEPTS); + vmcb_mark_dirty(svm->vmcb01.ptr, VMCB_INTERCEPTS); =20 if (!is_guest_mode(&svm->vcpu)) return; =20 + vmcb_mark_dirty(svm->vmcb, VMCB_INTERCEPTS); + c =3D &svm->vmcb->control; h =3D &svm->vmcb01.ptr->control; g =3D &svm->nested.ctl; --=20 2.53.0.345.g96ddfc5eaa-goog From nobody Fri Apr 3 08:02:05 2026 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BA67233AD90 for ; Wed, 18 Feb 2026 23:10:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771456207; cv=none; b=MwKaOffPmjlhcF1SYbkDwlOPQHoHxHBxiyaEnmcK2DbYFpYrees130+YLpjJGnR+rFaDLIlikXF/h919w4KY32tIHVQtpDR/Ir4gLj62P/i4RLOnkL0JPg0DSJM/VZlW1lHNVe0j4rk1+EaZsXwM0A9F74oCFUDf7LlKQ8cydgY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771456207; c=relaxed/simple; bh=tM8BjxTRUaM9RBki5MGlHN9TGhISx29jk5LkEA8/YTc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=X1uUPy/QeYQjLaY+5h5VhmHIFzGRJaswOWUfvTMFQl8lcdpiHRAcmrEam7SNRH5GceeqHfzvpVKbq/bmUR3qb/CRKDULLcCJWadUfYT7Z4ZKWrzmNx8/TB1KDm6YPfQOZe/dIZJdr/EUQAEmG6491ya2McAAtrkfrGeu4gjL2Jo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=hR22eUF+; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="hR22eUF+" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-2a944e6336eso17580305ad.0 for ; Wed, 18 Feb 2026 15:10:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1771456205; x=1772061005; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=BUA1fpDExNjo2szFuuW5OFhmaYWnSXBuESu8pBSWCgY=; b=hR22eUF+8g7QtEJBq7VOsz2TXrp+uV5NPHAoKQt4yQj0syvVNug4hhD79rFkdzUmHb UHP5mvr/jRus8TS2kls8fzii7+PvcPJvr07rowqlVx1Q5PAK0h12tcv6KY/MrrB7fDVw 48el9qr5wjJ/UrGKkChvbH7SJuCcNaOVZpL22kammEcR0Qjc+zlcJQsQEweGhSwc2D80 59IiRwFWImQvOUOZqTA3ZL6hSF7nICOmUw8mZPcVEsAfXrxIpr8cE9bNkgP8ci6p+EN0 xCm3v90ITH6OVFTeW/sPg9293+2v1gF6+MN/i0xdEDGupHfV0hm/jdh5Xxcq8NdfoGXr APOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771456205; x=1772061005; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=BUA1fpDExNjo2szFuuW5OFhmaYWnSXBuESu8pBSWCgY=; b=md6QhFAqEYaxk3EwDRL03HQLAZ/jATpWIcICIMwogmkUuU68KL6w3/VxnpceRBL18n aUMYJBahUGuu4dwv73aCDVYQ8CSsPhGgDnpfP9yka9IfD+aN6k6eavYRaq7S/jDSrmxM zCGGiyKIB2QjJxGb1/zrM/b66Wi+wGUtvaG9EDDb46qtgpvWSujKRXYpygyB5Zj3aeQy MiVNS8xasg75TYepK4evUBfTGbDWLQV9HTCFqKxrIWM3VQZUvRFjTTQt02F7Ch4XolTX VDolMXduSbWUpGRnD6zRRcm0T1chFRccgsSSjbYSlXE9dQK5BShQ1HtbVE99p4s0UtFc 1WVg== X-Forwarded-Encrypted: i=1; AJvYcCX0gV9VDPpB9XXhNjxqq//jt6+WbY027Owxd2JP2s8YH5NDTv7tZfsDwc1C1FOIaWKEzIgTYsCTwfaNhUM=@vger.kernel.org X-Gm-Message-State: AOJu0Yyl655W/MtOWf8VeX17pg3lzI14N8T54K2dUohpqSZuBo9hxMwZ s6diksr3F10QHJSNawYQM+Mf4UPkuVZpBPI7kI0ok80sUYDJ8w1jNsKxolIws78nQOnsKdJRrwT sT/0W1g== X-Received: from plbbb9.prod.google.com ([2002:a17:902:bc89:b0:2a8:fb03:a261]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:902:f68d:b0:2aa:e6fa:2f6c with SMTP id d9443c01a7336-2ad50ebcee5mr32304845ad.24.1771456205026; Wed, 18 Feb 2026 15:10:05 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 18 Feb 2026 15:09:52 -0800 In-Reply-To: <20260218230958.2877682-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260218230958.2877682-1-seanjc@google.com> X-Mailer: git-send-email 2.53.0.345.g96ddfc5eaa-goog Message-ID: <20260218230958.2877682-3-seanjc@google.com> Subject: [PATCH v2 2/8] KVM: SVM: Separate recalc_intercepts() into nested vs. non-nested parts From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Yosry Ahmed Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Extract the non-nested aspects of recalc_intercepts() into a separate helper, svm_mark_intercepts_dirty(), to make it clear that the call isn't *just* recalculating (vmcb02's) intercepts, and to not bury non-nested code in nested.c. As suggested by Yosry, opportunistically prepend "nested_vmbc02_" to recalc_intercepts() so that it's obvious the function specifically deals with recomputing intercepts for L2. No functional change intended. Cc: Yosry Ahmed Signed-off-by: Sean Christopherson Reviewed-by: Yosry Ahmed --- arch/x86/kvm/svm/nested.c | 9 ++------- arch/x86/kvm/svm/sev.c | 2 +- arch/x86/kvm/svm/svm.c | 4 ++-- arch/x86/kvm/svm/svm.h | 26 ++++++++++++++++++++------ 4 files changed, 25 insertions(+), 16 deletions(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 66701106a51b..48b60dd6e7a3 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -122,17 +122,12 @@ static bool nested_vmcb_needs_vls_intercept(struct vc= pu_svm *svm) return false; } =20 -void recalc_intercepts(struct vcpu_svm *svm) +void nested_vmcb02_recalc_intercepts(struct vcpu_svm *svm) { struct vmcb_control_area *c, *h; struct vmcb_ctrl_area_cached *g; unsigned int i; =20 - vmcb_mark_dirty(svm->vmcb01.ptr, VMCB_INTERCEPTS); - - if (!is_guest_mode(&svm->vcpu)) - return; - vmcb_mark_dirty(svm->vmcb, VMCB_INTERCEPTS); =20 c =3D &svm->vmcb->control; @@ -918,7 +913,7 @@ static void nested_vmcb02_prepare_control(struct vcpu_s= vm *svm, * Merge guest and host intercepts - must be called with vcpu in * guest-mode to take effect. */ - recalc_intercepts(svm); + svm_mark_intercepts_dirty(svm); } =20 static void nested_svm_copy_common_state(struct vmcb *from_vmcb, struct vm= cb *to_vmcb) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index ea515cf41168..03b6dc75a6e8 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -4639,7 +4639,7 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm, bo= ol init_event) if (!sev_vcpu_has_debug_swap(svm)) { vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_READ); vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_WRITE); - recalc_intercepts(svm); + svm_mark_intercepts_dirty(svm); } else { /* * Disable #DB intercept iff DebugSwap is enabled. KVM doesn't diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 8f8bc863e214..9e76bf1671da 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -635,7 +635,7 @@ static void set_dr_intercepts(struct vcpu_svm *svm) vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_READ); vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_WRITE); =20 - recalc_intercepts(svm); + svm_mark_intercepts_dirty(svm); } =20 static void clr_dr_intercepts(struct vcpu_svm *svm) @@ -644,7 +644,7 @@ static void clr_dr_intercepts(struct vcpu_svm *svm) =20 vmcb->control.intercepts[INTERCEPT_DR] =3D 0; =20 - recalc_intercepts(svm); + svm_mark_intercepts_dirty(svm); } =20 static bool msr_write_intercepted(struct kvm_vcpu *vcpu, u32 msr) diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index ebd7b36b1ceb..92a1691dc7be 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -357,8 +357,6 @@ struct svm_cpu_data { =20 DECLARE_PER_CPU(struct svm_cpu_data, svm_data); =20 -void recalc_intercepts(struct vcpu_svm *svm); - static __always_inline struct kvm_svm *to_kvm_svm(struct kvm *kvm) { return container_of(kvm, struct kvm_svm, kvm); @@ -486,6 +484,22 @@ static inline bool vmcb12_is_intercept(struct vmcb_ctr= l_area_cached *control, u3 return __vmcb_is_intercept((unsigned long *)&control->intercepts, bit); } =20 +void nested_vmcb02_recalc_intercepts(struct vcpu_svm *svm); + +static inline void svm_mark_intercepts_dirty(struct vcpu_svm *svm) +{ + vmcb_mark_dirty(svm->vmcb01.ptr, VMCB_INTERCEPTS); + + /* + * If L2 is active, recalculate the intercepts for vmcb02 to account + * for the changes made to vmcb01. All intercept configuration is done + * for vmcb01 and then propagated to vmcb02 to combine KVM's intercepts + * with L1's intercepts (from the vmcb12 snapshot). + */ + if (is_guest_mode(&svm->vcpu)) + nested_vmcb02_recalc_intercepts(svm); +} + static inline void set_exception_intercept(struct vcpu_svm *svm, u32 bit) { struct vmcb *vmcb =3D svm->vmcb01.ptr; @@ -493,7 +507,7 @@ static inline void set_exception_intercept(struct vcpu_= svm *svm, u32 bit) WARN_ON_ONCE(bit >=3D 32); vmcb_set_intercept(&vmcb->control, INTERCEPT_EXCEPTION_OFFSET + bit); =20 - recalc_intercepts(svm); + svm_mark_intercepts_dirty(svm); } =20 static inline void clr_exception_intercept(struct vcpu_svm *svm, u32 bit) @@ -503,7 +517,7 @@ static inline void clr_exception_intercept(struct vcpu_= svm *svm, u32 bit) WARN_ON_ONCE(bit >=3D 32); vmcb_clr_intercept(&vmcb->control, INTERCEPT_EXCEPTION_OFFSET + bit); =20 - recalc_intercepts(svm); + svm_mark_intercepts_dirty(svm); } =20 static inline void svm_set_intercept(struct vcpu_svm *svm, int bit) @@ -512,7 +526,7 @@ static inline void svm_set_intercept(struct vcpu_svm *s= vm, int bit) =20 vmcb_set_intercept(&vmcb->control, bit); =20 - recalc_intercepts(svm); + svm_mark_intercepts_dirty(svm); } =20 static inline void svm_clr_intercept(struct vcpu_svm *svm, int bit) @@ -521,7 +535,7 @@ static inline void svm_clr_intercept(struct vcpu_svm *s= vm, int bit) =20 vmcb_clr_intercept(&vmcb->control, bit); =20 - recalc_intercepts(svm); + svm_mark_intercepts_dirty(svm); } =20 static inline bool svm_is_intercept(struct vcpu_svm *svm, int bit) --=20 2.53.0.345.g96ddfc5eaa-goog From nobody Fri Apr 3 08:02:05 2026 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BB937338591 for ; Wed, 18 Feb 2026 23:10:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771456208; cv=none; b=ZurURX7utLP8rVSQCuv0WwH4dxVGIjIAFQyDz2EYBANANWudd3sfj+J50p3WVeLMGk7lVfI3YBKXPE/5SgaQuLbamTad5F4Ue64Iwjxw/iHmu31VMGHz24IFaDq4QbLMKGivdMrrXn9vC0wbZ8kBZ9FLy3KR52zHAtA13YEg52s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771456208; c=relaxed/simple; bh=3DZZd8lu8WIKxAiwbtA8KRS5+FC7VWHgRRfIAwjLnpc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=nLtmySaY6PIC/0Fqyqt7IH7bpTXA+ZyH1zu0sSIPfsObG0hxH/7SwuwL97k4S7HHoldIHlfVmUbRykSOwM9MmGWTw0xRPxDNcwXrQLNoBD9/uoYjwedb0azhXyMtoYHQ12fjXNv2kPFX6qgN0pgJWTbBCwD7MPGA0t8OWMWQ28o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=336Wmtce; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="336Wmtce" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-c6de06e6c08so154616a12.3 for ; Wed, 18 Feb 2026 15:10:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1771456207; x=1772061007; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=6Kw8QE5cNoJCuppqB1Y2qVSbKI4zWPrm2R6k+VHt6KA=; b=336WmtceiQQXxpZepvZWrVXMVL2uqI2pMJ2tqq7yrYghLBqJrpNLlFqwD5SYPRoQY6 D5qG3q/LAllpIekTonQ1F8NN0AgLuzOqVgPdvsEFQ3Rr874IxQiP7aujmb/WNjNzoJiq wMz7nIdAPoh3ym8fIeLD54PkeDw0zqE4gVODC02k5SwW/6OAVHp1PeUoxp0fDMgyePQq tqJsGp4sQfBx9oAA1NxDHBEwd5LBxKjNxqKgKQr8G8Sv/DJ6Gjtp5Aa8xSZqU8uPVGgW 8Le8XuanOwYMnXZgzSYx0s0g1R8RxoXO2VJdNcCf5lJ82ZdYIDTDUk71auZhNdiggaoV h6YA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771456207; x=1772061007; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=6Kw8QE5cNoJCuppqB1Y2qVSbKI4zWPrm2R6k+VHt6KA=; b=E47CfRiyjPiNTEL/kozJqVdTuL3K+Z7AVOLFIO9IdHe8jgH3/gmCPZO5PBVoMDupKu N9IWXAJ6mJtY6CrGlETDPQYvmPL4iT8AF78vP2N+LcygGcgkFQVp5/InW1/F/Oo0Z6Tp /q7+nflngy1MxPIRBqSnrdEZfSZ7kIBwOKatYe0V0XqpAkVXSDB63a+oQu2Sr2bHbayh 5uQeMqpdypD2VuUfetlWzrhJVjevHZzFcGb6puaxbVVrk2VXkrhLGpR/X1/Ql5FZeJWR jEEdgJQmAjchH0sHoFr/2+WZxzWOrqj8tYli7NQqoxeMJoRbHStluIRlixPU7eelMJrA lCRg== X-Forwarded-Encrypted: i=1; AJvYcCXDRqzkXedXk4uB62NINiauHOouJ9dSvnQNuVWwXbx/9sp+J9BzWph9ALwI0gc8+hhBccZTbRpTylpYUFM=@vger.kernel.org X-Gm-Message-State: AOJu0YxqOkbouH/bMm5N0O2JtViNna059A22TH5gFp9XR7JCrMNYfffi KigE9kmZdvZZEegzXxgxzCb+XHrBnwGfS7YaoD7OqPAGn/P5qLcCii9gsxoi4VupdFDbj8gcSi1 vjAGvVw== X-Received: from pgaq67.prod.google.com ([2002:a63:4346:0:b0:c6e:8f1b:392a]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a21:3941:b0:38e:8842:6683 with SMTP id adf61e73a8af0-394fc13aa71mr3169591637.5.1771456206901; Wed, 18 Feb 2026 15:10:06 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 18 Feb 2026 15:09:53 -0800 In-Reply-To: <20260218230958.2877682-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260218230958.2877682-1-seanjc@google.com> X-Mailer: git-send-email 2.53.0.345.g96ddfc5eaa-goog Message-ID: <20260218230958.2877682-4-seanjc@google.com> Subject: [PATCH v2 3/8] KVM: nSVM: WARN and abort vmcb02 intercepts recalc if vmcb02 isn't active From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Yosry Ahmed Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Yosry Ahmed WARN and bail early from nested_vmcb02_recalc_intercepts() if vmcb02 isn't the active/current VMCB, as recalculating intercepts for vmcb01 using logic intended for merging vmcb12 and vmcb01 intercepts can yield unexpected and unwanted results. In addition to hardening against general bugs, this will provide additional safeguards "if" nested_vmcb02_recalc_intercepts() is invoked directly from nested_vmcb02_prepare_control(). Signed-off-by: Yosry Ahmed [sean: split to separate patch, bail early on "failure"] Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/nested.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 48b60dd6e7a3..793f5d2eed3a 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -128,6 +128,9 @@ void nested_vmcb02_recalc_intercepts(struct vcpu_svm *s= vm) struct vmcb_ctrl_area_cached *g; unsigned int i; =20 + if (WARN_ON_ONCE(svm->vmcb !=3D svm->nested.vmcb02.ptr)) + return; + vmcb_mark_dirty(svm->vmcb, VMCB_INTERCEPTS); =20 c =3D &svm->vmcb->control; --=20 2.53.0.345.g96ddfc5eaa-goog From nobody Fri Apr 3 08:02:05 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 86A1333ADB2 for ; Wed, 18 Feb 2026 23:10:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771456212; cv=none; b=g+Eg5AdTsJvU7ieVSdWwOn+RTu27LCNX2ABzq3162yldF/evVbjdiqdPWkwJ1FSJAg4XqnwlDB+KYtvDLPyMsJXQ+3Su6jRrhl+uA7a8RMd+vifNPVUZwsYzv4562ehp0fn7HhhP3km4slfa311GR1CcOfumoFbL3M2636VbZ40= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771456212; c=relaxed/simple; bh=TJc3a0fOKqplazQ93Hs1c6kkIjHj5kNcKANcDg2K5q0=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=FmO1v2tGykjiaef8496dRUrGlkn/zW6ymg0i7r4XNC2lYsZW4tgfIHS3t4iYxcErT/vwSgs7G+514YBplBrMdaadkhT8qhIU9VroBzCxk9mgTnYrw8Mv46J0l+oFpoubKYhuPQ7RH8aorJtgy7pW+oao9knb7cnTB3Pttsk/SP0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=WZu3KLKI; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="WZu3KLKI" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-35464d7c539so274524a91.0 for ; Wed, 18 Feb 2026 15:10:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1771456209; x=1772061009; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=twtjOlMbJ4yptA1dUwvsBsUlXuZKEvWo2vQHzG7BXWs=; b=WZu3KLKIK2izaUr4xY3z8tG//vtO1NQbKZTH+L3/H+/y49dL6l03YcHo1OeslRv2zF Yl4beFOdzujvQaSgJeX2Uc2PDo7OktMXng4R6dWILhBCm/cYGvfgFgIXtM8c61Io/Nzz JmznaI8yPkGn0qhIIZYFUoVnZBdbwL5QN4oxq95RyQvwW2zqPgjzystozTWGZTPQIF1g E7R2Ie07ssKw5NmAiZuv1qLxNJkZTWDkfCxry5HDsTq0jPhE5bo0A0IyXzyVzNHxZVVC gf/2mjjL5iffLpPaoRez60Anr5BNaPmwH1EMWisZvRsBITw/fQqqHOhAVQGj2SAm4GFd 8few== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771456209; x=1772061009; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=twtjOlMbJ4yptA1dUwvsBsUlXuZKEvWo2vQHzG7BXWs=; b=CGwbBe3ipf4lh5XV0Pknw17TBWyBUjzGyDFkBn9PSdCabZSz4A4itVT3zHD7WcEUDy hRoc9NmixYNziOgwqjoSKRqOMEZrHDSYUgVT0ZN83J2ivfqDiAoFYiTNS3Vcf5oytfB9 bbG4DyRYnmIxJ2Y3guu3OEjKrMowSCHGjyw7alpLbkTFEU/aVANZt2EWGpTP0saWFuog x5FCQGOx+Rml1Xg1jA1Tf8X17ttjR9PlltBdj5TEdfMkXXAFyStC363FZwO5cVxyomgC E2k09RF/6hPHDADpt+ahxegD3RtCth2DkwX8g0XFiWqLAbItisftqrlKPQ9a1LfHmOlQ F6Zw== X-Forwarded-Encrypted: i=1; AJvYcCWwODZsHcFGTp8NbZPRTyUFgzgesg0gIQ9UgZ5nRHjfaTyV2SOTe7s1wGFxdHuAIGwqpuagfoZi3DTkqvQ=@vger.kernel.org X-Gm-Message-State: AOJu0Yw9JvFAI8Yxq++MwsK2pWjR7OtOlS7wlyp8c+hYFgnn6eW/3bRw x9S70r/zQeHwpWkDwMeczEuC7A4EJl+x2auSXuflz8x82fgysrvhAToYiQR0d+wgLdeLPTide1F Qh2qsvg== X-Received: from pjug8.prod.google.com ([2002:a17:90a:ce88:b0:354:7c11:76e1]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:548f:b0:354:c6a9:ee33 with SMTP id 98e67ed59e1d1-358450ed21amr15098266a91.36.1771456208874; Wed, 18 Feb 2026 15:10:08 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 18 Feb 2026 15:09:54 -0800 In-Reply-To: <20260218230958.2877682-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260218230958.2877682-1-seanjc@google.com> X-Mailer: git-send-email 2.53.0.345.g96ddfc5eaa-goog Message-ID: <20260218230958.2877682-5-seanjc@google.com> Subject: [PATCH v2 4/8] KVM: nSVM: Directly (re)calc vmcb02 intercepts from nested_vmcb02_prepare_control() From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Yosry Ahmed Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Now that nested_vmcb02_recalc_intercepts() provides guardrails against it being incorrectly called without vmcb02 active, invoke it directly from nested_vmcb02_recalc_intercepts() instead of bouncing through svm_mark_intercepts_dirty(), which unnecessarily marks vmcb01 as dirty. Signed-off-by: Sean Christopherson Reviewed-by: Yosry Ahmed --- arch/x86/kvm/svm/nested.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 793f5d2eed3a..e8512de5aef7 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -916,7 +916,7 @@ static void nested_vmcb02_prepare_control(struct vcpu_s= vm *svm, * Merge guest and host intercepts - must be called with vcpu in * guest-mode to take effect. */ - svm_mark_intercepts_dirty(svm); + nested_vmcb02_recalc_intercepts(svm); } =20 static void nested_svm_copy_common_state(struct vmcb *from_vmcb, struct vm= cb *to_vmcb) --=20 2.53.0.345.g96ddfc5eaa-goog From nobody Fri Apr 3 08:02:05 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A3E09338591 for ; Wed, 18 Feb 2026 23:10:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771456217; cv=none; b=VA+M938AvrDjbk12N6UOc4VGGQMiS4dypbRcqfejN/DVhexgTHx4/xL3kbSE+PHZhycZZO0joc6jZEqXdQlrVVOhYSVJgcdwuuhfvQB785PiN1Wx3GLeLUrV8rFxQb3iSLrMgrbFy7+X41T78of+9bfPZg3BUuVDw8yEKf1o7GQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771456217; c=relaxed/simple; bh=6FyplMM1/1R9SGHEATi52jcFIHbZhtgrlM8MlbeHBx0=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=OVktEK52W6FrkE7tGHlhdsctoZ+LZluvlv9xbVoCkUIQyc6ryRV0x+Y5c7Xag9sbqIXTKLWMEl/4SnlOHlC+HmOdukM1EUfdjvTGk+V9nuGfDqttOhNYjBlJyyE/VnU2QZBm7ZD6lr6t1VW0lxAC0qA0GSK1JrABt65YAtA2FPE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=FPB5h3Ne; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="FPB5h3Ne" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-35464d7c539so274555a91.0 for ; Wed, 18 Feb 2026 15:10:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1771456211; x=1772061011; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=CwBzC8ApcuV0uoozPZcU/zrvhWxwiR2ykbpvaueWHXY=; b=FPB5h3Ne1Wu3a58F+GMnDsHUPKHA0LHBfe5X9pbcl0K6mNNoqe+c8lCeoxrvdo3gx2 MiKOsoKJksbqsuNnfgJn/W+BLPsfVdGjdhPtIlIMeqB82zXDnLljyuRFstdKrobP2tfL vp67Gw4NuU09Pevjrf+yAYP9yAH7NcGH2rpeOMLIiSPatpkof+mMXN2bwK6wQn53EuKq IOPmbmvNqJLAmEUdl00eN9p6ZrxxdE6jcVz+uyh7kQ1ywimr2HPBJ+RIeOdIJq/mZG+H Zs3/C67qP3L/4YXlxR43w97LvAk0iBb98RzBsSduhnuQIyWBgEdjNoOpOrGIeP5V5hWt uwoA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771456211; x=1772061011; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=CwBzC8ApcuV0uoozPZcU/zrvhWxwiR2ykbpvaueWHXY=; b=MaJqqKPYlvXD89ouVEJcSqTW7n7k+WCxl/yJmrAhIsOPYJw6oIQVgTtX/3tlx1Vgq1 sRLxvXOKvh0tYbjL4xTTiQALHHmWpsQC9jmZPukwbEruNdTGyHEg6KgcgKEYLvd7N+a6 7TYwyPKFHSB/mJjF56ZY91QZrEh8QCWlwLinoBgnZRFAD8Ldi9RP60KpHUfSuWW0drqF D2e0o0KwuuLNjUZH4wzQvg+fE2nMmNOKpLBYz3ZDxG1i1JdhK0RrlHSBnSlAD+b8OetY CtQaFQTOagmwbh6UbPU01zCGaaKnU69MlFtCMwAjGQmncFjG4DaCEUh+jQatsnx8J86Y uquA== X-Forwarded-Encrypted: i=1; AJvYcCUPxljKpk7C3m2XPDtSkqvB8MYsXqFddiS8J1mN1mICt1U1Fa3T0E0pTFH1McsGB7wlH1/F7oVIN5CTxk8=@vger.kernel.org X-Gm-Message-State: AOJu0YxEbtgTOCwS07SMzC4FiXT3FqlmMzlJ2WQ55YNpDCsH2isyc6Iz HsrkPuwzoKRRsPTGIgkDxwc4aPSJdWFFd+W1CGOy0JkjdsMtauEvR4APNPUlyQhLhe3RO8NHr7j HmaDEOg== X-Received: from pjph2.prod.google.com ([2002:a17:90a:9c02:b0:351:c17:c7b9]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:3cd:b0:356:3ba2:1233 with SMTP id 98e67ed59e1d1-35844f9bf1dmr8741212a91.22.1771456210724; Wed, 18 Feb 2026 15:10:10 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 18 Feb 2026 15:09:55 -0800 In-Reply-To: <20260218230958.2877682-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260218230958.2877682-1-seanjc@google.com> X-Mailer: git-send-email 2.53.0.345.g96ddfc5eaa-goog Message-ID: <20260218230958.2877682-6-seanjc@google.com> Subject: [PATCH v2 5/8] KVM: nSVM: Use intuitive local variables in nested_vmcb02_recalc_intercepts() From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Yosry Ahmed Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Now that nested_vmcb02_recalc_intercepts() is explicitly scoped to deal with *only* recalculating vmcb02 intercepts, rename its local variables to use more intuivite names. The current "c", "h", and "g" local variables, for the current VMCB, vmcb01, and (cached) vmcb12 respectively, are short and sweet, but don't do much to help unfamiliar readers understand what the code is doing. Use vmcb12_ctrl/vmcb01/vmcb02/vmcb12_ctrl in lieu of c/h/g to make it clear the function is updating intercepts in vmcb02 based on the intercepts in vmcb01 and (cached) vmcb12. Opportunistically change the existing WARN_ON to a WARN_ON_ONCE so that a KVM bug doesn't unintentionally DoS the host. No functional change intended. Signed-off-by: Yosry Ahmed [sean: use WARN_ON_ONCE, keep local vmcb12 cache as vmcb12_ctrl] Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/nested.c | 35 ++++++++++++++++------------------- 1 file changed, 16 insertions(+), 19 deletions(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index e8512de5aef7..bda2d6d613c9 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -124,23 +124,20 @@ static bool nested_vmcb_needs_vls_intercept(struct vc= pu_svm *svm) =20 void nested_vmcb02_recalc_intercepts(struct vcpu_svm *svm) { - struct vmcb_control_area *c, *h; - struct vmcb_ctrl_area_cached *g; + struct vmcb_ctrl_area_cached *vmcb12_ctrl =3D &svm->nested.ctl; + struct vmcb *vmcb02 =3D svm->nested.vmcb02.ptr; + struct vmcb *vmcb01 =3D svm->vmcb01.ptr; unsigned int i; =20 - if (WARN_ON_ONCE(svm->vmcb !=3D svm->nested.vmcb02.ptr)) + if (WARN_ON_ONCE(svm->vmcb !=3D vmcb02)) return; =20 - vmcb_mark_dirty(svm->vmcb, VMCB_INTERCEPTS); - - c =3D &svm->vmcb->control; - h =3D &svm->vmcb01.ptr->control; - g =3D &svm->nested.ctl; + vmcb_mark_dirty(vmcb02, VMCB_INTERCEPTS); =20 for (i =3D 0; i < MAX_INTERCEPT; i++) - c->intercepts[i] =3D h->intercepts[i]; + vmcb02->control.intercepts[i] =3D vmcb01->control.intercepts[i]; =20 - if (g->int_ctl & V_INTR_MASKING_MASK) { + if (vmcb12_ctrl->int_ctl & V_INTR_MASKING_MASK) { /* * If L2 is active and V_INTR_MASKING is enabled in vmcb12, * disable intercept of CR8 writes as L2's CR8 does not affect @@ -151,9 +148,9 @@ void nested_vmcb02_recalc_intercepts(struct vcpu_svm *s= vm) * the effective RFLAGS.IF for L1 interrupts will never be set * while L2 is running (L2's RFLAGS.IF doesn't affect L1 IRQs). */ - vmcb_clr_intercept(c, INTERCEPT_CR8_WRITE); - if (!(svm->vmcb01.ptr->save.rflags & X86_EFLAGS_IF)) - vmcb_clr_intercept(c, INTERCEPT_VINTR); + vmcb_clr_intercept(&vmcb02->control, INTERCEPT_CR8_WRITE); + if (!(vmcb01->save.rflags & X86_EFLAGS_IF)) + vmcb_clr_intercept(&vmcb02->control, INTERCEPT_VINTR); } =20 /* @@ -161,14 +158,14 @@ void nested_vmcb02_recalc_intercepts(struct vcpu_svm = *svm) * flush feature is enabled. */ if (!nested_svm_l2_tlb_flush_enabled(&svm->vcpu)) - vmcb_clr_intercept(c, INTERCEPT_VMMCALL); + vmcb_clr_intercept(&vmcb02->control, INTERCEPT_VMMCALL); =20 for (i =3D 0; i < MAX_INTERCEPT; i++) - c->intercepts[i] |=3D g->intercepts[i]; + vmcb02->control.intercepts[i] |=3D vmcb12_ctrl->intercepts[i]; =20 /* If SMI is not intercepted, ignore guest SMI intercept as well */ if (!intercept_smi) - vmcb_clr_intercept(c, INTERCEPT_SMI); + vmcb_clr_intercept(&vmcb02->control, INTERCEPT_SMI); =20 if (nested_vmcb_needs_vls_intercept(svm)) { /* @@ -176,10 +173,10 @@ void nested_vmcb02_recalc_intercepts(struct vcpu_svm = *svm) * we must intercept these instructions to correctly * emulate them in case L1 doesn't intercept them. */ - vmcb_set_intercept(c, INTERCEPT_VMLOAD); - vmcb_set_intercept(c, INTERCEPT_VMSAVE); + vmcb_set_intercept(&vmcb02->control, INTERCEPT_VMLOAD); + vmcb_set_intercept(&vmcb02->control, INTERCEPT_VMSAVE); } else { - WARN_ON(!(c->virt_ext & VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK)); + WARN_ON_ONCE(!(vmcb02->control.virt_ext & VIRTUAL_VMLOAD_VMSAVE_ENABLE_M= ASK)); } } =20 --=20 2.53.0.345.g96ddfc5eaa-goog From nobody Fri Apr 3 08:02:05 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E8D7933A9E4 for ; Wed, 18 Feb 2026 23:10:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771456218; cv=none; b=FH+fgPZBFf7vGqwRW+whIqgtScouwWvLV/67SGr8wHZHxSi1JNv284i7t4Ffm7VqC2y+ssJbaJVwcimpo0DRn5fgmfJXaLIlp/iJzpzrpeuTRUPhljbfF+EnbomeRejsPw/P/5htXUun++tR+Z6fC+Ua/gz37gcD2LNaRm9gZvA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771456218; c=relaxed/simple; bh=SGgvqiKaZL5fy2IkUdFKlk/TZFrV5osOdE55bpdVgKE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=qKSXkxS0ePOJ2NjySLboSBk+56iHVpsG5fvOwwKTbus5doqTzZWsYz/eIL1ebKfQTR/LS4JL1ITONIV5RvJvVRl3zly6qivmgK/S2/AeUtXnn1FoM+ltrOEw9ol4wStvF5DBcvu/ObQXAGrRux+9obMVp6TPHUYRoXl28e6BOVc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=CRoEgNIU; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="CRoEgNIU" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-3561f5bd22eso185120a91.2 for ; Wed, 18 Feb 2026 15:10:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1771456213; x=1772061013; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=sPuks5BJ8BXEbVY+ZQQ2OY9oHJAsuNn824AR4ziLnKk=; b=CRoEgNIU7UU3Gq/lBekzviYXCjo16LZESkMPzzIPRBesCQff1CJ/jBVs1yf0HULCX1 Pjx/2bCkPmcuYZU+wiABCJJbVwgGwRCltAz9zsZjs3G/TiDmu3MzM5amDnx0V8uymk5D C/FEtqKPcbXyw0HPbz4NMzqzYDSJBL/qdAEYUdeaqKEPebbpw75oJRbTRpP3/a9B47mH x/YLyAcIC4sjThuDy1HWCvWS5yx9MVUzqbHCzHqiSrdjknWVnORQfrjm/CdTBg0uZnuJ dWOlrfDU8jowNmGr2R4670UQYvTPoBciSN94hKr6fK0s6wjpUV3lD0MUzVWWEdg+yZ3d i7Xg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771456213; x=1772061013; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=sPuks5BJ8BXEbVY+ZQQ2OY9oHJAsuNn824AR4ziLnKk=; b=B9HJXWDWfsO+sRl9G2svXll0KgI7bTYGPLhaKmfwheoTbZA1ROBxlavVKo9JdjYkHk WYKM4SbBr8B5iEfQ+fDNsU+T30shvoJ5nQ8eA3BLYKvfJJwVLsvM3Ik7EeW3z0Neii+I 6j9K8Dtz7ZROOaSl+1FPo5ic+r1LxYBzVLxoYF2r2I6x+rHw6wm1vgUenSrEjNbBx5Uf OwlAQwlvgvCx6l/yqbf+9xohq+BpVSIaUMmbzzAgkddpNj8vivDPogCheiiV/4l6n2WX 7p21TSbGF2sGC1KVUAGZFqIHj18TqkWCh8rCN8GPfDKylQUSzexEkcNMMns2Rd60IlFo A7fw== X-Forwarded-Encrypted: i=1; AJvYcCWFT2E2cu86Uhw9P/sCgtoNQwAFkyxJZwgTycnKtWkHOWKRdPOcWH27roGgODZYpjHsTfp4rBO8XlAd7zo=@vger.kernel.org X-Gm-Message-State: AOJu0YykXS3XlUVNddMftf5z6wLMp/VXVr0KQVafrg3vJ/2G5zSog0zI a6H6JZRIlpwrYribKpUz8QT476047wq/GJL3xxYbg0YsR4DcB5eGfUG++rPiXUIXa3ppdfCMLmr pRf7GKQ== X-Received: from pjbnw3.prod.google.com ([2002:a17:90b:2543:b0:356:1dfc:2560]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:33c3:b0:34e:630c:616c with SMTP id 98e67ed59e1d1-358891cba4cmr2470562a91.31.1771456212515; Wed, 18 Feb 2026 15:10:12 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 18 Feb 2026 15:09:56 -0800 In-Reply-To: <20260218230958.2877682-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260218230958.2877682-1-seanjc@google.com> X-Mailer: git-send-email 2.53.0.345.g96ddfc5eaa-goog Message-ID: <20260218230958.2877682-7-seanjc@google.com> Subject: [PATCH v2 6/8] KVM: nSVM: Use vmcb12_is_intercept() in nested_sync_control_from_vmcb02() From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Yosry Ahmed Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Yosry Ahmed Use vmcb12_is_intercept() instead of open-coding the intercept check. No functional change intended. Signed-off-by: Yosry Ahmed Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/nested.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index bda2d6d613c9..bbb8dfc9979b 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -530,7 +530,7 @@ void nested_sync_control_from_vmcb02(struct vcpu_svm *s= vm) * int_ctl (because it was never recognized while L2 was running). */ if (svm_is_intercept(svm, INTERCEPT_VINTR) && - !test_bit(INTERCEPT_VINTR, (unsigned long *)svm->nested.ctl.intercept= s)) + !vmcb12_is_intercept(&svm->nested.ctl, INTERCEPT_VINTR)) mask &=3D ~V_IRQ_MASK; =20 if (nested_vgif_enabled(svm)) --=20 2.53.0.345.g96ddfc5eaa-goog From nobody Fri Apr 3 08:02:05 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E667A33A9E2 for ; Wed, 18 Feb 2026 23:10:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771456216; cv=none; b=DvzmxGKNSat0r6jJIACvk1voEBLniE0eB11g0W2b5bWYSDUB2o3xbD111cjIAoN28RD3WXlOMcJeat1raOMeq6lqgnDTqY8FzA26ck8I25+Po6cxeCS7pP1RkPXDUMXg/tcnN3WLuziIeqPX6uxoQGR3iIWcLuRCHfKq1LjBefk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771456216; c=relaxed/simple; bh=lp/uTjjtBQSfze7HySN85sutooSpbSENQzv6kea1z28=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=rJcSWUHNpbDPW2cItw3pTdTmrryHTPnlV3aoKa3hVYmfjNoaUVQ9qI4oEeXbltFgDt1UjCuUFeD0EJosdauoq4b1dKeAxT2Sp7hIrGg0ijHUKZ11RVhk2abWaUxJtGkSHMS0b3FhTjVF/KXDSx/7HQY4uqtN3SYlHS9T9QGp6fw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=vPlccHqg; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="vPlccHqg" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-354c65f69edso338096a91.0 for ; Wed, 18 Feb 2026 15:10:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1771456214; x=1772061014; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=BtN/pTdYbIU/D5c0aBEqj7mrLMqBg1yrQ95ctx4mzdo=; b=vPlccHqgV+uAv5z+ClHvDGyIKsjKoiJ2zQdtGv6bBWNLFKDNBdECko1E6hh8xSiz/m Pgb+g0rNEGhy1OpRViSkd70LZ2O1s7yjhWcsFYc+aUfR98sqb5z5ryoJc9gPhsn0JzuS iT0BEf7ei2xoErYcCrRThmqWdCMx77Ohq2t1O8RCqobzafbz3VflRKeYQQo1drueEnuM LTO1pL3yegXIp8Gw5kXY+4rMqeJDTsdJhvekbr8JOws97VhNRISJzSxa/SYPiRUXVyte 31LjjtAcdNHib4SS30mbLBmicv518uzArvs+9qri1hZnUsF3UznoN9oEf/PM04IcYhQI HO2w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771456214; x=1772061014; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=BtN/pTdYbIU/D5c0aBEqj7mrLMqBg1yrQ95ctx4mzdo=; b=Mt0kQVJz/204L4nAtod1Y5zpxAzLBrryVK6IM2i6a9LGpbTD4jm2jCmlR3oIirzyLj STI9pmL2hHvTE1hVF6k/4J95XUCGyfaTR20kX2yLVwZwDsFmCK/12RL7bFeaz7i5mf67 W36fRnTdqRZiUL8Ef/NfC3XHfibyD2IEkyn5z90vjMTDQsmycmWzSaHRHygk6Up5qdTd wuZgQzH/b63PYMpR083vPyxeJCbYyWmhJ51DM71NGeulJpDZup2NCJxwWgPHcJb04fJx tZwDMgdU37KTPyn2YQV7FG8uIVNzNxrhjB7c/RuKu1bZCTyUZB6X5rBHaoaU26UvAa8u QowQ== X-Forwarded-Encrypted: i=1; AJvYcCVpxxHHTWovBozgkgeD8i6ayvjhcZtN4gtTC9xNOiwkuNx3aOHLoWT54LlNJDRyHhWnKr8ky+4w1CRmJIQ=@vger.kernel.org X-Gm-Message-State: AOJu0YzZtVxDn6URBVwu9dAa907tfvTluxtAR2EhrXaKDJ5R6pZrTH76 OsI4UMqmNOUjdN1pFEa4f4VjLQswvOuSUfHHwIIRtHH8fHS0RhFIBgE+7wIm7w4UAkIQXUxE4Ef tGsZypw== X-Received: from pjyl12.prod.google.com ([2002:a17:90a:ec0c:b0:34c:2f02:7f5d]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:4b0e:b0:356:5cf2:eb77 with SMTP id 98e67ed59e1d1-3588902c42bmr2574011a91.2.1771456214190; Wed, 18 Feb 2026 15:10:14 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 18 Feb 2026 15:09:57 -0800 In-Reply-To: <20260218230958.2877682-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260218230958.2877682-1-seanjc@google.com> X-Mailer: git-send-email 2.53.0.345.g96ddfc5eaa-goog Message-ID: <20260218230958.2877682-8-seanjc@google.com> Subject: [PATCH v2 7/8] KVM: nSVM: Move vmcb_ctrl_area_cached.bus_lock_rip to svm_nested_state From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Yosry Ahmed Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Move "bus_lock_rip" from "vmcb_ctrl_area_cached" to "svm_nested_state" as "last_bus_lock_rip" to more accurately reflect what it tracks, and because it is NOT a cached vmcb12 control field. The misplaced field isn't all that apparent in the current code base, as KVM uses "svm->nested.ctl" broadly, but the bad placement becomes glaringly obvious if "svm->nested.ctl" is captured as a local "vmcb12_ctrl" variable. No functional change intended. Signed-off-by: Sean Christopherson Reviewed-by: Yosry Ahmed --- arch/x86/kvm/svm/nested.c | 8 ++++---- arch/x86/kvm/svm/svm.c | 2 +- arch/x86/kvm/svm/svm.h | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index bbb8dfc9979b..bcd6304f3c0c 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -806,7 +806,7 @@ static void nested_vmcb02_prepare_control(struct vcpu_s= vm *svm, * L1 re-enters L2, the same instruction will trigger a VM-Exit and the * entire cycle start over. */ - if (vmcb02->save.rip && (svm->nested.ctl.bus_lock_rip =3D=3D vmcb02->save= .rip)) + if (vmcb02->save.rip && (svm->nested.last_bus_lock_rip =3D=3D vmcb02->sav= e.rip)) vmcb02->control.bus_lock_counter =3D 1; else vmcb02->control.bus_lock_counter =3D 0; @@ -1191,11 +1191,11 @@ int nested_svm_vmexit(struct vcpu_svm *svm) } =20 /* - * Invalidate bus_lock_rip unless KVM is still waiting for the guest - * to make forward progress before re-enabling bus lock detection. + * Invalidate last_bus_lock_rip unless KVM is still waiting for the + * guest to make forward progress before re-enabling bus lock detection. */ if (!vmcb02->control.bus_lock_counter) - svm->nested.ctl.bus_lock_rip =3D INVALID_GPA; + svm->nested.last_bus_lock_rip =3D INVALID_GPA; =20 nested_svm_copy_common_state(svm->nested.vmcb02.ptr, svm->vmcb01.ptr); =20 diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 9e76bf1671da..7c832a0decc2 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -3223,7 +3223,7 @@ static int bus_lock_exit(struct kvm_vcpu *vcpu) vcpu->arch.complete_userspace_io =3D complete_userspace_buslock; =20 if (is_guest_mode(vcpu)) - svm->nested.ctl.bus_lock_rip =3D vcpu->arch.cui_linear_rip; + svm->nested.last_bus_lock_rip =3D vcpu->arch.cui_linear_rip; =20 return 0; } diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 92a1691dc7be..c4ed1be38ceb 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -173,7 +173,6 @@ struct vmcb_ctrl_area_cached { u64 nested_cr3; u64 virt_ext; u32 clean; - u64 bus_lock_rip; union { #if IS_ENABLED(CONFIG_HYPERV) || IS_ENABLED(CONFIG_KVM_HYPERV) struct hv_vmcb_enlightenments hv_enlightenments; @@ -188,6 +187,7 @@ struct svm_nested_state { u64 vm_cr_msr; u64 vmcb12_gpa; u64 last_vmcb12_gpa; + u64 last_bus_lock_rip; =20 /* * The MSR permissions map used for vmcb02, which is the merge result --=20 2.53.0.345.g96ddfc5eaa-goog From nobody Fri Apr 3 08:02:05 2026 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A3C6B33ADA7 for ; Wed, 18 Feb 2026 23:10:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771456218; cv=none; b=ujEYZJ7qxyjFXe5cY9r8v/SB86cgNG8gUJ3drbjqKOzkAI/pNY7Shkz+Eqtvbf5AhxHmsI8BY0J2fXBpBdaGlWMkNtRIt/QkF/jsp6z/DbrhnS7AKxJLxa+ch02MsdXsYTKktXYCB+WiILDmj36aHiZzXqjio4v+3qSPaBkJ/mo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771456218; c=relaxed/simple; bh=NMDuvD7HrMiDW7irrkEtcqX9feVJnOUeWUwcpv6qmIw=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=K01PJuVT0knraUdJD73Of60iskCjgejfw/qwwB7aqOt5MqfFHEGqkFXasSVw8gxpCgw6sU55+xXMl6+tKsATVZd06Wm4yp5YbVOabqBMDOXxOyFeEwg2Z5Rykv1h6IWXOpZLmeHVEf8HgPcdWGJxv+IHzML3TjOSyYOJqbvWF4g= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=iwMV5LUg; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="iwMV5LUg" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-c6de06e6c08so154715a12.3 for ; Wed, 18 Feb 2026 15:10:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1771456216; x=1772061016; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=LLLEX7R/aRYWwzEE41grxY+H/LHczaoT3FkuhfJMqq4=; b=iwMV5LUgopwy6STRvmLJJ/3+mGb94X2kjz10QcjvZ9ffN9nHnDV3Q7y+/EXo8LHQdO T1uLFMnHuzPEYatDar+qXL8TYbtKkwn4Xrvy2J/+L3ZDDzkuQSjyBNVuN4X1YwLDVDAg Ga3EpKcPlF2i8vkOq5d4XaOpsin/9KyixgXt5zWYbz/pSjefhKreyuA7PsVvW6bSbrdI B2E+Uxw9W0fqPrKesICRlMe61NlgLdD6KCYQR5bxUOI8G7hBYLGF9PjsJbOUVYn0bZnJ QowJX+9sf5N/eMxwxwmGwe1ixQDvZo1jIT77GIz5py09CGjJDNtRM9++nAJpG1MofN/t btNg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771456216; x=1772061016; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=LLLEX7R/aRYWwzEE41grxY+H/LHczaoT3FkuhfJMqq4=; b=GSaxXyncWcXaemDpXMne7LrM73sv+ExSHD52dxGIp33bTwfCbfh73GeoKFK6m3+ycG IddqE+UaXp8eGx9Mt3PQuNBP2She3mfDL3lD0A1rxOln6OcyEZ7CSXNHPhMakRLZdcLs nFCt9y0evoh0VXVWTBwAyj+JwgcB3iInYSE+q98L2lAuJ/f5/te0ZFqGs6GHIngD/gO3 SGYSmZVXGQ3N9sk6PM/GpvLFeSdwvQQzS3IYRsOL2MFXKbNAaV240IBa19KsrwGcZ5PR 0UTQmbY20IN0ygWYAJj/R5B5apO9nO3Quk9B92wpFpYip2/Mg6/BS3I0hMwxEC3tRSnx tTLg== X-Forwarded-Encrypted: i=1; AJvYcCXYSdP8qXdcVIvIMlclfGLbnsWDs8QWMWnlnPa+5+fwI1VR7GTyokp0HpUMt7K1o+ivSy/7KAfP7MpIfuE=@vger.kernel.org X-Gm-Message-State: AOJu0Yyl/fY7mUl1CQbeVmJq2YmTD8RhN7ft7vov//x5achRHR6K7hmK LVk8hZ9Rwo0FEaCp7gDRHVEtLDojTs3TC01dmd3QaGF19FJisWQcBca9YL25bg2Lq3bUEiG0B7h PAgiv7g== X-Received: from plw19.prod.google.com ([2002:a17:903:45d3:b0:2a7:6eb5:7e30]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:903:910:b0:2a9:4450:abb7 with SMTP id d9443c01a7336-2ad50f6378fmr28512385ad.39.1771456215835; Wed, 18 Feb 2026 15:10:15 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 18 Feb 2026 15:09:58 -0800 In-Reply-To: <20260218230958.2877682-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260218230958.2877682-1-seanjc@google.com> X-Mailer: git-send-email 2.53.0.345.g96ddfc5eaa-goog Message-ID: <20260218230958.2877682-9-seanjc@google.com> Subject: [PATCH v2 8/8] KVM: nSVM: Capture svm->nested.ctl as vmcb12_ctrl when preparing vmcb02 From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Yosry Ahmed Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Grab svm->nested.ctl as vmcb12_ctrl when preparing the vmcb02 controls to make it more obvious that much of the data is coming from vmcb12 (or rather, a snapshot of vmcb12 at the time of L1's VMRUN). Opportunistically reorder the variable definitions to create a pretty reverse fir tree. No functional change intended. Cc: Yosry Ahmed Signed-off-by: Sean Christopherson Reviewed-by: Yosry Ahmed --- arch/x86/kvm/svm/nested.c | 39 +++++++++++++++++++-------------------- 1 file changed, 19 insertions(+), 20 deletions(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index bcd6304f3c0c..1814522db6b4 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -745,11 +745,11 @@ static void nested_vmcb02_prepare_control(struct vcpu= _svm *svm, u32 int_ctl_vmcb01_bits =3D V_INTR_MASKING_MASK; u32 int_ctl_vmcb12_bits =3D V_TPR_MASK | V_IRQ_INJECTION_BITS_MASK; =20 - struct kvm_vcpu *vcpu =3D &svm->vcpu; - struct vmcb *vmcb01 =3D svm->vmcb01.ptr; + struct vmcb_ctrl_area_cached *vmcb12_ctrl =3D &svm->nested.ctl; struct vmcb *vmcb02 =3D svm->nested.vmcb02.ptr; - u32 pause_count12; - u32 pause_thresh12; + struct vmcb *vmcb01 =3D svm->vmcb01.ptr; + struct kvm_vcpu *vcpu =3D &svm->vcpu; + u32 pause_count12, pause_thresh12; =20 nested_svm_transition_tlb_flush(vcpu); =20 @@ -762,7 +762,7 @@ static void nested_vmcb02_prepare_control(struct vcpu_s= vm *svm, */ =20 if (guest_cpu_cap_has(vcpu, X86_FEATURE_VGIF) && - (svm->nested.ctl.int_ctl & V_GIF_ENABLE_MASK)) + (vmcb12_ctrl->int_ctl & V_GIF_ENABLE_MASK)) int_ctl_vmcb12_bits |=3D (V_GIF_MASK | V_GIF_ENABLE_MASK); else int_ctl_vmcb01_bits |=3D (V_GIF_MASK | V_GIF_ENABLE_MASK); @@ -820,10 +820,9 @@ static void nested_vmcb02_prepare_control(struct vcpu_= svm *svm, if (nested_npt_enabled(svm)) nested_svm_init_mmu_context(vcpu); =20 - vcpu->arch.tsc_offset =3D kvm_calc_nested_tsc_offset( - vcpu->arch.l1_tsc_offset, - svm->nested.ctl.tsc_offset, - svm->tsc_ratio_msr); + vcpu->arch.tsc_offset =3D kvm_calc_nested_tsc_offset(vcpu->arch.l1_tsc_of= fset, + vmcb12_ctrl->tsc_offset, + svm->tsc_ratio_msr); =20 vmcb02->control.tsc_offset =3D vcpu->arch.tsc_offset; =20 @@ -832,13 +831,13 @@ static void nested_vmcb02_prepare_control(struct vcpu= _svm *svm, nested_svm_update_tsc_ratio_msr(vcpu); =20 vmcb02->control.int_ctl =3D - (svm->nested.ctl.int_ctl & int_ctl_vmcb12_bits) | + (vmcb12_ctrl->int_ctl & int_ctl_vmcb12_bits) | (vmcb01->control.int_ctl & int_ctl_vmcb01_bits); =20 - vmcb02->control.int_vector =3D svm->nested.ctl.int_vector; - vmcb02->control.int_state =3D svm->nested.ctl.int_state; - vmcb02->control.event_inj =3D svm->nested.ctl.event_inj; - vmcb02->control.event_inj_err =3D svm->nested.ctl.event_inj_err; + vmcb02->control.int_vector =3D vmcb12_ctrl->int_vector; + vmcb02->control.int_state =3D vmcb12_ctrl->int_state; + vmcb02->control.event_inj =3D vmcb12_ctrl->event_inj; + vmcb02->control.event_inj_err =3D vmcb12_ctrl->event_inj_err; =20 /* * next_rip is consumed on VMRUN as the return address pushed on the @@ -849,7 +848,7 @@ static void nested_vmcb02_prepare_control(struct vcpu_s= vm *svm, * prior to injecting the event). */ if (guest_cpu_cap_has(vcpu, X86_FEATURE_NRIPS)) - vmcb02->control.next_rip =3D svm->nested.ctl.next_rip; + vmcb02->control.next_rip =3D vmcb12_ctrl->next_rip; else if (boot_cpu_has(X86_FEATURE_NRIPS)) vmcb02->control.next_rip =3D vmcb12_rip; =20 @@ -859,7 +858,7 @@ static void nested_vmcb02_prepare_control(struct vcpu_s= vm *svm, svm->soft_int_csbase =3D vmcb12_csbase; svm->soft_int_old_rip =3D vmcb12_rip; if (guest_cpu_cap_has(vcpu, X86_FEATURE_NRIPS)) - svm->soft_int_next_rip =3D svm->nested.ctl.next_rip; + svm->soft_int_next_rip =3D vmcb12_ctrl->next_rip; else svm->soft_int_next_rip =3D vmcb12_rip; } @@ -870,11 +869,11 @@ static void nested_vmcb02_prepare_control(struct vcpu= _svm *svm, vmcb02->control.virt_ext |=3D VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK; =20 if (guest_cpu_cap_has(vcpu, X86_FEATURE_PAUSEFILTER)) - pause_count12 =3D svm->nested.ctl.pause_filter_count; + pause_count12 =3D vmcb12_ctrl->pause_filter_count; else pause_count12 =3D 0; if (guest_cpu_cap_has(vcpu, X86_FEATURE_PFTHRESHOLD)) - pause_thresh12 =3D svm->nested.ctl.pause_filter_thresh; + pause_thresh12 =3D vmcb12_ctrl->pause_filter_thresh; else pause_thresh12 =3D 0; if (kvm_pause_in_guest(svm->vcpu.kvm)) { @@ -888,7 +887,7 @@ static void nested_vmcb02_prepare_control(struct vcpu_s= vm *svm, vmcb02->control.pause_filter_thresh =3D vmcb01->control.pause_filter_thr= esh; =20 /* ... but ensure filtering is disabled if so requested. */ - if (vmcb12_is_intercept(&svm->nested.ctl, INTERCEPT_PAUSE)) { + if (vmcb12_is_intercept(vmcb12_ctrl, INTERCEPT_PAUSE)) { if (!pause_count12) vmcb02->control.pause_filter_count =3D 0; if (!pause_thresh12) @@ -905,7 +904,7 @@ static void nested_vmcb02_prepare_control(struct vcpu_s= vm *svm, * L2 is the "guest"). */ if (guest_cpu_cap_has(vcpu, X86_FEATURE_ERAPS)) - vmcb02->control.erap_ctl =3D (svm->nested.ctl.erap_ctl & + vmcb02->control.erap_ctl =3D (vmcb12_ctrl->erap_ctl & ERAP_CONTROL_ALLOW_LARGER_RAP) | ERAP_CONTROL_CLEAR_RAP; =20 --=20 2.53.0.345.g96ddfc5eaa-goog