From nobody Sat Apr 4 03:26:21 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5E0D425A2A2 for ; Sat, 21 Mar 2026 00:10:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774051818; cv=none; b=kouAx4gLC973bAZ/8j9AAG2xvchdNfC36Ec3Nt2ezWRuDHNUswn1xATTVem8yQ22DXRj0y+FwoGNMFwx1p2ds/3b0eNnyr89vP5IBnW9cJpYIbzl6AodcvhTSIcrYGfTDRtLouejgBKxUI/0kOkxBGxRthE6w1AdEgYlqhtoQV4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774051818; c=relaxed/simple; bh=EXWGQ3d2DsRzy9C4MjG+80OCusc9j4AMdbCgJYgwkPM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=UmusfG9pG6i3qT4/gJS4ilbfbmcZsBkMkyOsAPPfyRZoD24/8sU5yvjktVJnKz96WRslQB35QM088ACoUIe2h2d/V7JKSOrmSm3mSD97E2Sdr4NtYvkNNnEUmK704cBvMNe+7TD+T5jTzA4YsATAowpwIKVNQ/JWPzYnL2Ad+gM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=hHX6F5AR; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=PzvNER1D; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="hHX6F5AR"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="PzvNER1D" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1774051816; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=bfxOU2dVxeep+fVV39XDWC9/aTob8vYFwfwCGLL4Ttk=; b=hHX6F5ART8UJfZc+L4LkEpgLM9u1pAH0DDgpTK0AcHFEEqYDCl/OaUCzMg7D4cUfTr3L24 /r/NDaGUbGK6eEIem4Rr+gzT8XB8z1fx4/D1WXEGKarFRPjwH9Xul34o2jY1xGKPz1tkix BffD+ze00Bl9G7gNtFEZ6+e7uPwFHyg= Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-683-FZkhM3JHPhu0HPcNJU2uxA-1; Fri, 20 Mar 2026 20:10:15 -0400 X-MC-Unique: FZkhM3JHPhu0HPcNJU2uxA-1 X-Mimecast-MFC-AGG-ID: FZkhM3JHPhu0HPcNJU2uxA_1774051814 Received: by mail-wm1-f71.google.com with SMTP id 5b1f17b1804b1-486fb142205so17987195e9.1 for ; Fri, 20 Mar 2026 17:10:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1774051813; x=1774656613; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=bfxOU2dVxeep+fVV39XDWC9/aTob8vYFwfwCGLL4Ttk=; b=PzvNER1DqGsyZ0B3VVTOA7aChP8xTzYDnsNeoZ6Z+16Fa+knQh0kUe90fg13rXnyLG 8T8hI7sG/FD0ya7DlvO4YwAkrrE6uydi2dJvvC/uqQgjgL4+NbmXBOgU7gOSHBYuU9Za eaFUDWM8E7g/PCWukM0GXgag82eNgzgvzsF709C0Oi7uSg5L/Hbyo76E8K/dRU9Fgw/E VGl+6mBkVwxjrL9RWUa6i8TTiCfUT7USZmgI+TU/eO479ooTlpqbRWCx2zzoLaMh93TG /RXRnX+w33kg1gVpW6ym0jDSstuPbHYl0qZfJzQxS8QCOlIufSA5IYusuU7e4wDYcEO5 PpsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774051813; x=1774656613; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=bfxOU2dVxeep+fVV39XDWC9/aTob8vYFwfwCGLL4Ttk=; b=T9dCCgKLXGbwUrLfJpOWPQgFhVAfo0vFHUqnxXXFhIDK9B+lkq334iVmnavaurMIcG 7ByssTSaqAAfZL9Rai/FdxXHLqNDPosI/XsPws7R3T3ijPIS5crY9Qmgp8m9uOJIN/f1 56juS4HzgjXVBIvilKSMv8rQmeb0qvX962TsLvvShMENg6qnKfEqxD1plMCCIp/+XJTe 2w0Oj0eRDyvYL5Yt1LJ+uH61i3q2xhR6HPJNCNTKbdEztlR83p/oyorKKcqEuk5g5etd Ocn0P7Tmo702QZSmU32Ir9QQs0UrS99oDpwx9wRNf9tDId0EjGCPutSHH8mfd8vYL/zs C/Ow== X-Gm-Message-State: AOJu0YxTv+VDK0MmcXwj21MbRLqjk0rmS+fTV9h3PmaIlEJwvOcqFJp4 9YPXpRqAslG3RvHfElOpUaz2mx+T7PQBDqhMoWdNSPdW4oi0rQ+q9+pA9UnHUMLmzDKnay5GW7L UyxpkJGNRgbWkhj19/Wj5pGOu4h9hY/WMDLV+IryK9goge8wtwyy+147JuxZLHTg45qiaLtQSxF oxuotWooXE0M2W96Th/Bh6xWNYSrqXNADTDOeZbbTm3LNWNMlmBg== X-Gm-Gg: ATEYQzyrCEVGrcXn0rcMsZebP9vQgfoFAGekeVKZrZvuGVl/KiUzRLavE+nMXaYY3eo 5uAMaFdTQMN6sln+wFDKPpIUO1GVDA8ViohbgNsvXZHsxcy79dOQ8z5DTWyyc2v2VZf4UKkR3Ss OjHb/OA0T3cbUWKqnHQ5au8Qsq0ite0jdEgw2zi5ThbsuB9HOXRN8t+FMFuDj/lwnaZmE4vAkMo xrEScsVbzjO0n4bB/oNIyobADC250RIWPX/XuRgcn9DhhDWfeLtJI1AzCiVuUuLxVD3dk7TvgKc udTJktFaveNiAe+MamqmHPLkixSseFLxD+B/tYggO+D/o/Oakq6gnvyZszPWOqpjUGXMAnUFTKk Md/yO93IeybqavHRLy8mbL+/ErjI/iI8jm7aV32HHgdPFqPiJ1AXW98mdtAfPFT1k/S3wUPRVmM wZ3ZBbwQBqYiFiAdwKLkgvxtdw X-Received: by 2002:a05:600c:35c1:b0:485:3b50:fe54 with SMTP id 5b1f17b1804b1-486fedb2545mr81295415e9.11.1774051813455; Fri, 20 Mar 2026 17:10:13 -0700 (PDT) X-Received: by 2002:a05:600c:35c1:b0:485:3b50:fe54 with SMTP id 5b1f17b1804b1-486fedb2545mr81295075e9.11.1774051813024; Fri, 20 Mar 2026 17:10:13 -0700 (PDT) Received: from [192.168.10.48] ([151.49.85.67]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-486fe967c64sm94008335e9.2.2026.03.20.17.10.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 20 Mar 2026 17:10:11 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: Jon Kohler , Marcelo Tosatti , Nikunj A Dadhania , Amit Shah , Sean Christopherson Subject: [PATCH 15/22] KVM: nVMX: allow MBEC with EVMCS Date: Sat, 21 Mar 2026 01:09:24 +0100 Message-ID: <20260321000931.1947084-16-pbonzini@redhat.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260321000931.1947084-1-pbonzini@redhat.com> References: <20260321000931.1947084-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Jon Kohler Extend EVMCS1_SUPPORTED_2NDEXEC to allow MBEC and EVMCS to coexist. Presenting both EVMCS and MBEC simultaneously causes KVM to filter out MBEC and not present it as a supported control to the guest, preventing performance gains from MBEC when Windows HVCI is enabled. The guest may choose not to use MBEC (e.g., if the admin does not enable Windows HVCI / Memory Integrity), but if they use traditional nested virt (Hyper-V, WSL2, etc.), having EVMCS exposed is important for improving nested guest performance. IOW allowing MBEC and EVMCS to coexist provides maximum optionality to Windows users without overcomplicating VM administration. Signed-off-by: Jon Kohler Message-ID: <20251223054806.1611168-8-jon@nutanix.com> Signed-off-by: Paolo Bonzini --- arch/x86/kvm/vmx/hyperv_evmcs.h | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/kvm/vmx/hyperv_evmcs.h b/arch/x86/kvm/vmx/hyperv_evmc= s.h index 6536290f4274..0568f76aafc1 100644 --- a/arch/x86/kvm/vmx/hyperv_evmcs.h +++ b/arch/x86/kvm/vmx/hyperv_evmcs.h @@ -87,6 +87,7 @@ SECONDARY_EXEC_PT_CONCEAL_VMX | \ SECONDARY_EXEC_BUS_LOCK_DETECTION | \ SECONDARY_EXEC_NOTIFY_VM_EXITING | \ + SECONDARY_EXEC_MODE_BASED_EPT_EXEC | \ SECONDARY_EXEC_ENCLS_EXITING) =20 #define EVMCS1_SUPPORTED_3RDEXEC (0ULL) --=20 2.52.0