From nobody Thu Apr 2 06:31:34 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6927635BDCF; Tue, 3 Mar 2026 00:34:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772498077; cv=none; b=kAGU/3kLKO59A39BsxCLtnhIsReMNc50QbHkFhEl+HRtpFSbfFEBJWYKCn6Fe4zt2msURSaGH2YN2BLWi4wUXi/OkNZbQ7KDzsNNfL/TYCwQtIuRcxoK5+44t1H4pIK1pIeipnab7Z8w8Gu9IG76OyX3mm78cZkzdyoxaarmMtg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772498077; c=relaxed/simple; bh=olRAYun/Ux9B12Ks73aBoNVYZdrJiflf9wOE4eBtP24=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ds92JtQQI59XyP+F+y4OMEt8tskU9fvXadjRfnNQY3bkTKjabnPwzXQJkdi2dlFoh5p3TfISvBBpd4cbw5atjqS+VZPqk1wZs2ZLPotrQqtFTVF/DtVJ68+eJPWFeQ/DtGIDPuRsEUKh7C3MIXeXwONlWfaGbav22DPwhN/E5vE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Ur1+s8dZ; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Ur1+s8dZ" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 102F4C2BC9E; Tue, 3 Mar 2026 00:34:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1772498077; bh=olRAYun/Ux9B12Ks73aBoNVYZdrJiflf9wOE4eBtP24=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Ur1+s8dZMQd/IcK0M9TZRBFKrcohsxNmVE9G4w2ICve2Y4wqvXtuogh9H8NXNlmwQ 6085XItScewKKQmag4O01FZMqcGv/HJ61BiNcFbjfAumQZ1EdmRZfkiqkfCwBlkvhZ 6iDZ1rY+OxfreuGZB/d3btx+/UafYY7UtY+Ovfp5dsp0Ab/v4JEZ6kQTgjrpH3idsJ qEUi1oLwMMHNfNgBOj1zJr7RuW/nTLiFLT1rZ/nC+2/MAg/i0yGoj12ZQQ3REsj/gE jqzTeGtaMZEz777mO0imqnVLm8m3R1gr1G7zzR5cgKqxMvIMXIx6ONakHLIHeBTy5Z 0EP+TeGH9BmtQ== From: Yosry Ahmed To: Sean Christopherson Cc: Paolo Bonzini , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Yosry Ahmed , stable@vger.kernel.org Subject: [PATCH v7 14/26] KVM: nSVM: Drop the non-architectural consistency check for NP_ENABLE Date: Tue, 3 Mar 2026 00:34:08 +0000 Message-ID: <20260303003421.2185681-15-yosry@kernel.org> X-Mailer: git-send-email 2.53.0.473.g4a7958ca14-goog In-Reply-To: <20260303003421.2185681-1-yosry@kernel.org> References: <20260303003421.2185681-1-yosry@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" KVM currenty fails a nested VMRUN and injects VMEXIT_INVALID (aka SVM_EXIT_ERR) if L1 sets NP_ENABLE and the host does not support NPTs. On first glance, it seems like the check should actually be for guest_cpu_cap_has(X86_FEATURE_NPT) instead, as it is possible for the host to support NPTs but the guest CPUID to not advertise it. However, the consistency check is not architectural to begin with. The APM does not mention VMEXIT_INVALID if NP_ENABLE is set on a processor that does not have X86_FEATURE_NPT. Hence, NP_ENABLE should be ignored if X86_FEATURE_NPT is not available for L1, so sanitize it when copying from the VMCB12 to KVM's cache. Apart from the consistency check, NP_ENABLE in VMCB12 is currently ignored because the bit is actually copied from VMCB01 to VMCB02, not from VMCB12. Fixes: 4b16184c1cca ("KVM: SVM: Initialize Nested Nested MMU context on VMR= UN") Cc: stable@vger.kernel.org Signed-off-by: Yosry Ahmed --- arch/x86/kvm/svm/nested.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 21e1a43c91879..613d5e2e7c3d1 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -348,9 +348,6 @@ static bool nested_vmcb_check_controls(struct kvm_vcpu = *vcpu, if (CC(control->asid =3D=3D 0)) return false; =20 - if (CC((control->nested_ctl & SVM_NESTED_CTL_NP_ENABLE) && !npt_enabled)) - return false; - if (CC(!nested_svm_check_bitmap_pa(vcpu, control->msrpm_base_pa, MSRPM_SIZE))) return false; @@ -431,6 +428,11 @@ void __nested_copy_vmcb_control_to_cache(struct kvm_vc= pu *vcpu, nested_svm_sanitize_intercept(vcpu, to, SKINIT); nested_svm_sanitize_intercept(vcpu, to, RDPRU); =20 + /* Always clear SVM_NESTED_CTL_NP_ENABLE if the guest cannot use NPTs */ + to->nested_ctl =3D from->nested_ctl; + if (!guest_cpu_cap_has(vcpu, X86_FEATURE_NPT)) + to->nested_ctl &=3D ~SVM_NESTED_CTL_NP_ENABLE; + to->iopm_base_pa =3D from->iopm_base_pa; to->msrpm_base_pa =3D from->msrpm_base_pa; to->tsc_offset =3D from->tsc_offset; @@ -444,7 +446,6 @@ void __nested_copy_vmcb_control_to_cache(struct kvm_vcp= u *vcpu, to->exit_info_2 =3D from->exit_info_2; to->exit_int_info =3D from->exit_int_info; to->exit_int_info_err =3D from->exit_int_info_err; - to->nested_ctl =3D from->nested_ctl; to->event_inj =3D from->event_inj; to->event_inj_err =3D from->event_inj_err; to->next_rip =3D from->next_rip; --=20 2.53.0.473.g4a7958ca14-goog