From nobody Fri Jun 12 08:48:46 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C45573CBE7D for ; Tue, 5 May 2026 19:52:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010757; cv=none; b=oTef4XXIBETaTB7uAhDAThP3GxijEjXXjXS7zBEV2uCf2uy+cQmf5Kut48Ek6bNvYmxP2YPlg7Ff6W2mT9mhH+f1bRM0pjdoivg0DbDzfpFpmHPZKZuPhl69ultC6GtWnECd+hrA0Iknuc+XJFRkx++qYzSjHehxb9BBsd0tGcI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010757; c=relaxed/simple; bh=X2Z78ecZ3ZOqfsmKUl49A6t2EIzk4qED2aVr+auIv38=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=aiBuSkZxQABiOfZ9EPriWVOlyro5KL1PJ7n2AWQFTXbPDg8xhUAjuSyRlNbgdOfKZQp59kvdZNA/Agz6BB4ADc82V9lOndCSHfVs8hP1Un30AZaAzn7v6kPguljy1tkLjNy3yEK1eTnt4mUKl+4f0OANHDCu2txgsZa3oGJ26Tc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=HmviypTR; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=OvYVtk4S; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="HmviypTR"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="OvYVtk4S" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778010755; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Ou2MGqWQWlSf5Uj7do5k2J/VRiPnju6cFxW52aKM19Y=; b=HmviypTRag2uJvJ34lNXb3E1wFj5BWjAf1n4+jpHRp6npIx28LM5ykEipsDvB5zZa24QDK A7YKme4g9WMg7VkRz5WViL8NK/yqH4T0XN4NsVsAXVjKslm4Medse1jZYb3fc0FmL3GEX4 GmPhm7cLqYTmTB32I5hMAuHE0HqTmCc= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-537-Jy_FkJtjMPuTH5hjai0Zig-1; Tue, 05 May 2026 15:52:33 -0400 X-MC-Unique: Jy_FkJtjMPuTH5hjai0Zig-1 X-Mimecast-MFC-AGG-ID: Jy_FkJtjMPuTH5hjai0Zig_1778010752 Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-488c2aa6becso39940845e9.2 for ; Tue, 05 May 2026 12:52:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1778010751; x=1778615551; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Ou2MGqWQWlSf5Uj7do5k2J/VRiPnju6cFxW52aKM19Y=; b=OvYVtk4SgRG6fZ0PdGeqtlv5ffgzZJ+oBj2mnXk3oQ2Qryji9UwOVSMi6tisOSqiKz 8/NaEiEwPp4zjvyJFnXerJWBBTdSX9BvDZvK53liVXviiKMsEWZt+ltKf+W6qwgxQm1T dRGI9FlilNSXfa68TtVDiEi+g3UXqZzGw1V34aosNsXxTI07rlzYH3mF64S79wZr3PcE mM9cTs79uONdrBxAg1sjtYjCSEwgZv3m5dqM36kiAvc8des0EOI3CNP/QhN5l+OQEIqW /sozRkrBkD1ZNDf6j5Y7N/sSrAxeyh/Y3zmu7/iGwyAlQSwY2B/0wfa8o4hJy8LVOiE1 Cr4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778010751; x=1778615551; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=Ou2MGqWQWlSf5Uj7do5k2J/VRiPnju6cFxW52aKM19Y=; b=CEKQ3M97DIk1g3aT/R+fGwI3Njww3h+/gGqDkF1wNkVQHer4Z87YZTnRpcAa4yhE3k wfWrlOEHKfGlI3hpBzPRGxwE2HQ1z+k/GGxQ3GX1EIQKCw1Vv6Y6cfwolqkXDkbDKY8J Ekb9uJTptj9G4oyxrtkAFpwV+vGlXK2hrS/r7QACT6DSObfteGPULCChefsLiWYIysa/ rSIqkOw5llEbk10TaTIXkvbZ3HINp+6BpFPb9ovfi/DA3jP4XXdNUbR0UtYjL7Awcr11 0UpVPCuYxQGghP7aO1jc90ZBrmddB6zcJO8qGw68bXEAZo5Pk1V4ypMa0hmxBjfbq3fz T62Q== X-Gm-Message-State: AOJu0YwS/HY0kmr6f3stBIbDPzvnbbKglN+ct5XyQ8PN8OT23vE5slXS pfdneDklll0WyysOf8EQuJv2T8SVaJusfHi9gSNUw4LixS64/0e/uGXOuVZwJCFlOaByqhYNe02 6HKGA616Ql7u9KJH6rlyThmk0zihTfoq+gdPFjL2k5vKEixWGEmX8XDopuBISY81qL47uYhAhP/ Bx8GOvzc4haBfXTCiGRaNUSbjd2JvAITOoAT+zig1mpi2LklphLw== X-Gm-Gg: AeBDies1cT6WlJpZb7wiPqsL5hoqfFi4G/mY5Sug5bFxKNotiOW+FTNmOMmgpNdq+2y zA572gBnSt0kUwXH369KNNA5+MqDTaIk0mxmYMxsqLeL8AP0C3OFaAoVRmQB5NuStSzgZAdKh3O QL8ia7CTQSJNCn05+J9SoUFycu0RLlpcUl7PohnlMiQcSv6DUj6IMcdJhTETeH+qTX575RLEE++ HYorePzKmUpW/QvmRNX2UmD85rkK0wenYi8V1lnMRLbKjfWYPVbgQT2OlFrMn+L7iHdyslGfj5p accfefPQ8Yefj1tkycTI52hzeoknWgl6Jlgbh2CZP9EfEWsQela6JF7H7I/3qK/YuGc1UlG7tkF b3jT2oIX2UmxDxGZs1K7JbZ9aWtqL0NxeQ6Q0vFvulBK1nrY8YcT62TgLjy82jzpXH4PnwKLApC Ovuzlg8D3z7RmItMHBTRsD/fM5TWW3bDNDxSXhpfU= X-Received: by 2002:a05:600c:3b96:b0:48a:66a8:9981 with SMTP id 5b1f17b1804b1-48e51f55272mr10710455e9.27.1778010751544; Tue, 05 May 2026 12:52:31 -0700 (PDT) X-Received: by 2002:a05:600c:3b96:b0:48a:66a8:9981 with SMTP id 5b1f17b1804b1-48e51f55272mr10709995e9.27.1778010751111; Tue, 05 May 2026 12:52:31 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48a8eb694fcsm397588845e9.3.2026.05.05.12.52.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 12:52:29 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: d.riley@proxmox.com, jon@nutanix.com, Sean Christopherson Subject: [PATCH 01/28] KVM: TDX/VMX: rework EPT_VIOLATION_EXEC_FOR_RING3_LIN into PROT_MASK Date: Tue, 5 May 2026 21:51:59 +0200 Message-ID: <20260505195226.563317-2-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260505195226.563317-1-pbonzini@redhat.com> References: <20260505195226.563317-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Jon Kohler EPT exit qualification bit 6 is used when mode-based execute control is enabled, and reflects user executable addresses. Rework name to reflect the intention and add to EPT_VIOLATION_PROT_MASK, which allows simplifying the return evaluation in tdx_is_sept_violation_unexpected_pending a pinch. Rework handling in __vmx_handle_ept_violation to unconditionally clear EPT_VIOLATION_PROT_USER_EXEC until MBEC is implemented, as suggested by Sean [1]. Note: Intel SDM Table 29-7 defines bit 6 as: If the "mode-based execute control" VM-execution control is 0, the value of this bit is undefined. If that control is 1, this bit is the logical-AND of bit 10 in the EPT paging-structure entries used to translate the guest-physical address of the access causing the EPT violation. In this case, it indicates whether the guest-physical address was executable for user-mode linear addresses. [1] https://lore.kernel.org/all/aCJDzU1p_SFNRIJd@google.com/ Suggested-by: Sean Christopherson Signed-off-by: Jon Kohler Message-ID: <20251223054806.1611168-2-jon@nutanix.com> Tested-by: David Riley Signed-off-by: Paolo Bonzini Reviewed-by: Maxim Levitsky --- arch/x86/include/asm/vmx.h | 5 +++-- arch/x86/kvm/vmx/common.h | 9 +++++++-- arch/x86/kvm/vmx/tdx.c | 2 +- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h index 37080382df54..b2291a766e3f 100644 --- a/arch/x86/include/asm/vmx.h +++ b/arch/x86/include/asm/vmx.h @@ -608,10 +608,11 @@ enum vm_entry_failure_code { #define EPT_VIOLATION_PROT_READ BIT(3) #define EPT_VIOLATION_PROT_WRITE BIT(4) #define EPT_VIOLATION_PROT_EXEC BIT(5) -#define EPT_VIOLATION_EXEC_FOR_RING3_LIN BIT(6) +#define EPT_VIOLATION_PROT_USER_EXEC BIT(6) #define EPT_VIOLATION_PROT_MASK (EPT_VIOLATION_PROT_READ | \ EPT_VIOLATION_PROT_WRITE | \ - EPT_VIOLATION_PROT_EXEC) + EPT_VIOLATION_PROT_EXEC | \ + EPT_VIOLATION_PROT_USER_EXEC) #define EPT_VIOLATION_GVA_IS_VALID BIT(7) #define EPT_VIOLATION_GVA_TRANSLATED BIT(8) =20 diff --git a/arch/x86/kvm/vmx/common.h b/arch/x86/kvm/vmx/common.h index 412d0829d7a2..adf925500b9e 100644 --- a/arch/x86/kvm/vmx/common.h +++ b/arch/x86/kvm/vmx/common.h @@ -94,8 +94,13 @@ static inline int __vmx_handle_ept_violation(struct kvm_= vcpu *vcpu, gpa_t gpa, /* Is it a fetch fault? */ error_code |=3D (exit_qualification & EPT_VIOLATION_ACC_INSTR) ? PFERR_FETCH_MASK : 0; - /* ept page table entry is present? */ - error_code |=3D (exit_qualification & EPT_VIOLATION_PROT_MASK) + /* + * ept page table entry is present? + * note: unconditionally clear USER_EXEC until mode-based + * execute control is implemented + */ + error_code |=3D (exit_qualification & + (EPT_VIOLATION_PROT_MASK & ~EPT_VIOLATION_PROT_USER_EXEC)) ? PFERR_PRESENT_MASK : 0; =20 if (exit_qualification & EPT_VIOLATION_GVA_IS_VALID) diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index 1e47c194af53..89f9fe30435d 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -1845,7 +1845,7 @@ static inline bool tdx_is_sept_violation_unexpected_p= ending(struct kvm_vcpu *vcp if (eeq_type !=3D TDX_EXT_EXIT_QUAL_TYPE_PENDING_EPT_VIOLATION) return false; =20 - return !(eq & EPT_VIOLATION_PROT_MASK) && !(eq & EPT_VIOLATION_EXEC_FOR_R= ING3_LIN); + return !(eq & EPT_VIOLATION_PROT_MASK); } =20 static int tdx_handle_ept_violation(struct kvm_vcpu *vcpu) --=20 2.54.0 From nobody Fri Jun 12 08:48:46 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D81123D47C8 for ; Tue, 5 May 2026 19:52:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010763; cv=none; b=k21Pkpnug7gF3KrH66eLFilMtwFHlxuucEtJRVF/omuh5scOze79FZV9pJOtpYxtDydMBs0gm4L1uNALt7A3LuyF9pDzObuXrl0HBeDZvjl5TWzDQIBANmk/oVS1E0M1K5BpyEKMr5x4d8gZFyWk7mx9jwFLws/fA7YOTAMr+7Y= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010763; c=relaxed/simple; bh=ayDxRfV5CwivFBrmFKspqPM968swxZlUL5mxa/7llVU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=F/mfEaHdwr9J2SQM61geJZ5qpc7gq3TVfcwF1NCZ60Zrw2SYIwrmxoQwZW70MM5swT66hHJQnKlbbu3CAsUzIb99lKInh3E1sy5ZW4E8RHGCTwNoj41epx0PQemKltF9B1fdy+v0yx1ip2hSniYwlFJ8SHP9by/sZy+JE/xMv+U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=L2woxwjT; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=PQqrz7uz; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="L2woxwjT"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="PQqrz7uz" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778010758; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=oD4DN0gyrE6gzDpzR/NyRI1GpMVZtp6Qu59yIp0yUlc=; b=L2woxwjTKW2FLuz/JCuJyaE6+4Ii7+u7thj60mH1QN0UvdaD59+8HKtVEUnRLBtyM8xOll iKLDBEEyirYh0Upc8IBc8sHsX9lq5wayj5eHQtOgLJX7/1QlGqIGKtLfYehm92oI8wQHRS 7uG8mZAVniO4mSd9mcGe4cpXGZ2rzlk= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-500-KIh7QyPyMGujWN3w7ZvVKg-1; Tue, 05 May 2026 15:52:36 -0400 X-MC-Unique: KIh7QyPyMGujWN3w7ZvVKg-1 X-Mimecast-MFC-AGG-ID: KIh7QyPyMGujWN3w7ZvVKg_1778010755 Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-48a7994e8ddso54367635e9.0 for ; Tue, 05 May 2026 12:52:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1778010754; x=1778615554; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=oD4DN0gyrE6gzDpzR/NyRI1GpMVZtp6Qu59yIp0yUlc=; b=PQqrz7uzk+rGGn23SCwtLDo3ug9yuxrqdDBUyS/SgqpVWzXDiKxCxY/Wt/2MIphjp7 UoBBiFroTkjwDt8dcQbr2CMsXBYKO9vfqfiT1plI04iysraKYc99l6Fb29+ngbYAXjR8 vkOwhaN1gJdzc/4iRrTV4t9o7f4Lgj3NIqVvqN7EkBFOPVq9ml4ivRs0FdXx7AN5mXxQ QHPi2nJ8A8yuB9UuXQ+JtW5zdN10Vk74jalWzSV78pyw7DGT2aj00qiViY/RkwnAe3Nk l+AWfAuwS4gQIn23tPGoRn07ss+6lZLoMihq4CFepEO6hUO+ttz4no94aemGoxsqHDdO paOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778010754; x=1778615554; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=oD4DN0gyrE6gzDpzR/NyRI1GpMVZtp6Qu59yIp0yUlc=; b=Yi8AMbm3jT3yxKG+6cgDPZo4UHdj0R0O8cjDtf6dubCO4xz+cX3k0pqt3WvcN/9P+F 18VTCzoQpAEOSXhjmXoCrLmdFdJrcH/FIESIp+8IPLamMNtDRTI3wHeLUmb7EvCNFCLT kBsW8PGy6eXKeDHmeTQtSyGBD9Ayh9j3ROj17ApDVhqbrM7HGe4j/gUlAy5AUez3AgIB WKe9jzvBsmCNk7dx8ILuM8PBTg9Id9T2nLS0ws7vk5rCh3VyXnQcLE0bJcQtEoZ4AqRB Xu7EYe1keYOS2rPM8vbfQUtV8C4adGpdNWqH0JTeCAl3o0b6wAVmHYOFxPGdI0wtSPMK Mguw== X-Gm-Message-State: AOJu0Yw31iZ6x7IQf5jFVSuqrtMrlbJzAljPkXNJ/98tUF/VoQLK2nqX jGGZVOGdLpdE/MLTboQaqpoLrkAQFIHw1jkwzFZ+JrzD3YJGPb7Ckm+uVjJYbxs7S9KGA0IXuEU zxEWoEJ70H7G3us0DCUa7sNsMJi6DK8nKXfsUQK3jygP4KHzOQ+OkRo+HKQQ/IuRpANHN5cV+Wq r8ccIo1o9DTq2i7+hk+IfvbF3Nid+1T2sjV91QS0m4kVHvXOY45w== X-Gm-Gg: AeBDietttt/JuP1MIq5j3DWG+UvChkEKdZOhlDboEgTSZODijevLPi4SG1H/xKRng29 FTAY27iv4pUDOGSU5av6FA/vmXHHP79mh801Wq2JyXzEQJiqU3+zt0sSpZOTByyGdr67NBPua0U Cz2ztJ6T64eiae5x2C7fn4uTLIdH3l0W6THYUIR+alW1Bcql8Q9QL2yuwrCTk57VHz0+KyI0eIq EirXndaYAV0Bj7TMPmkWCi26f14VXKZ7jo1jWhIy23srzfUqfn90cMwXLyK5A4r1SXPUPDfv5XY k+XxI5jS/UkAOhwk0pMsIPE9YvB6PrOUBtEzvBXnz5yB9wrFXQ8iiRB2kLWTuWliUvdN3mr21fL 6rv6pCBzuK6kLu7RND7C9vwCUy3pyZTm2d+Ux0dBC9Zw335DEUFF0nKgRaGMncmBsTb4AJK97jq WSb2DF85Urys622NnFohUHDVJFk2VfsbvZig5tjxA= X-Received: by 2002:a05:600c:608f:b0:489:1ba8:5be9 with SMTP id 5b1f17b1804b1-48e51f4b0e1mr10185325e9.29.1778010754098; Tue, 05 May 2026 12:52:34 -0700 (PDT) X-Received: by 2002:a05:600c:608f:b0:489:1ba8:5be9 with SMTP id 5b1f17b1804b1-48e51f4b0e1mr10184845e9.29.1778010753674; Tue, 05 May 2026 12:52:33 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48a8eb3427fsm614539715e9.0.2026.05.05.12.52.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 12:52:32 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: d.riley@proxmox.com, jon@nutanix.com Subject: [PATCH 02/28] KVM: x86/mmu: remove SPTE_PERM_MASK Date: Tue, 5 May 2026 21:52:00 +0200 Message-ID: <20260505195226.563317-3-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260505195226.563317-1-pbonzini@redhat.com> References: <20260505195226.563317-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Jon Kohler SPTE_PERM_MASK is no longer referenced by anything in the kernel. Signed-off-by: Jon Kohler Message-ID: <20251223054806.1611168-3-jon@nutanix.com> Tested-by: David Riley Signed-off-by: Paolo Bonzini Reviewed-by: Maxim Levitsky --- arch/x86/kvm/mmu/spte.h | 3 --- 1 file changed, 3 deletions(-) diff --git a/arch/x86/kvm/mmu/spte.h b/arch/x86/kvm/mmu/spte.h index 91ce29fd6f1b..28086fa86fe0 100644 --- a/arch/x86/kvm/mmu/spte.h +++ b/arch/x86/kvm/mmu/spte.h @@ -42,9 +42,6 @@ static_assert(SPTE_TDP_AD_ENABLED =3D=3D 0); #define SPTE_BASE_ADDR_MASK (((1ULL << 52) - 1) & ~(u64)(PAGE_SIZE-1)) #endif =20 -#define SPTE_PERM_MASK (PT_PRESENT_MASK | PT_WRITABLE_MASK | shadow_user_m= ask \ - | shadow_x_mask | shadow_nx_mask | shadow_me_mask) - #define ACC_EXEC_MASK 1 #define ACC_WRITE_MASK PT_WRITABLE_MASK #define ACC_USER_MASK PT_USER_MASK --=20 2.54.0 From nobody Fri Jun 12 08:48:46 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 54529191F98 for ; Tue, 5 May 2026 19:52:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010763; cv=none; b=lo/c4yRS2Db6RTtxBs7hE2wZ4QqEuPdDlIxsGNhug2YFYvMMHUKNtaQX+5Yx4JJ2ucAVwNUjmcA2dRgsPBn+teccd1hGvmhd7QMfX2hBZZ08QFzfV5YdfGvi6Eb4ePOuILly01K7VGH7Ym6EqhPeunU7OZdqWGFwtRorGhAq1ng= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010763; c=relaxed/simple; bh=UeCcQiAJNASRWapDvBTvXFFa5EobN7uyDQqfy2BiEAo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=JqkkqwT9EfA6oimAnFUhd6IlKjpPXlOxS2NSijhY40AeSfrtlz5tcooo9WSGKJ+ozq2dQK92i5q6SIDfQSGwOL8vWNGue/EliUPdfy2k6pvkZyCZZXG1f2kY8Hu6qARvWAv2HDKt4S9x/9m2glkroeeGSz8iRBmm0iomIXDv9BU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=LOoyoXKX; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=uL7BDN58; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="LOoyoXKX"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="uL7BDN58" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778010760; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=V1nV1dP/HomEyaZPGYBVjDHBdSv77gl5a3DkMHCHB+0=; b=LOoyoXKXMp2BRvaLEQJnkiJO+pUJk/0Q1WCkAXMB7oKYxRLxO7IoMMVUs7d5EyJsWNOQ+q AQqWBk9LnLtAdrA7rm0MA8fPi6douTj/S070mNnYeRyIkhmQEJ2D4xhrghmcBz5V24AQpN KvHRH2Q1SzgFQpCZzaRyDGtMO0qqxck= Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-474-qNuQS9-gM0SUe_7Cmn4Pww-1; Tue, 05 May 2026 15:52:39 -0400 X-MC-Unique: qNuQS9-gM0SUe_7Cmn4Pww-1 X-Mimecast-MFC-AGG-ID: qNuQS9-gM0SUe_7Cmn4Pww_1778010758 Received: by mail-wm1-f71.google.com with SMTP id 5b1f17b1804b1-48d1b294dfeso8576885e9.0 for ; Tue, 05 May 2026 12:52:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1778010757; x=1778615557; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=V1nV1dP/HomEyaZPGYBVjDHBdSv77gl5a3DkMHCHB+0=; b=uL7BDN58bXkBV+R2zJA5nXyX7lL/4Yao1c8rl0Zo0AzZF5EoPkZNzw3HOpbRi1ux1F q+CnkDp2aniyA8HPNsCj9OEvHZlVbQYudnPh9g3YD1nj1Rtfd8RMo9ZCFVDS5TkyUXyx Piv2sz4MsnnFQGKPDSbwh1j3npkMOmu7atekzRT1AMMgf8ygxu5Zp/VUePqw3xAppb5b 2+WQPLZ6+L0cA5Tk6gOcEx9a2tYc3YhA8RFikHCUCg15i+WajI/hFS9HdV9jMvE3PeDo jkOX1ouT9OXU6pw89GiLnt9Ee9Ne+pcyM1jTcAqnN+zaM3BXuW9rY+lkBHqqYFDGFpjS TRcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778010757; x=1778615557; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=V1nV1dP/HomEyaZPGYBVjDHBdSv77gl5a3DkMHCHB+0=; b=N4VXTdBa5U8TZn8VmYcZO7vI810bm6qF5wCR7OR+qyD3+1fQ97Tr+EOCRl7uwMxAOf EtSTw8acfE8BsuytrgIyERDElAi0U/fWzwxKXdAIZ44cAmW3g377464AZWh8T+sSxx74 ZVyT7tRyPV4fxftJt2HT2kpWP+siSCsNGE7PLHd8pCFoFksRdj6cpXrJitMWaPrnmD5L Rs49NO3g40mRGAFpw1fSib+VUzkKbj/y7XWC/pG/ylRYY6S9PfPknNIuhmS/ziSUBX+/ FRWM7XfCP7xuIl71Hhw/UcZUsiBLN6wfjVjxjCH7EmHoePFfakXUuLnSq8CDYgL1VVut tBVw== X-Gm-Message-State: AOJu0YxdUU/2wVKHgq+2NNFLfkGkNOA+rKR18lsQhGngkDmCN1EGU5FE uFXLytpt8hsMycmDYiz9AjEDZQ9a4cyhzirEOO00sy8WUk0U/L5X7f5bZuN+CDwTDkKGji4hli8 cCYG1QUq6OgQSfXikclupIaelX8O11hekh3En05JOVKvc6XSJ12cmINXF+FB1XWzIf8i+w3rngq 2WtG5jzCQ780wGgOGJi6R1VSALkRNW9qy1ktybYqf24dy+2CPB9w== X-Gm-Gg: AeBDietyBciXlWEJCL9Z5Mjm0jf1wfzS732ulfU6RafQ0W6lyKM2mwwesEdklsjl7xu gBlwA7kh5B5ErYsL2XQXb1xczIsJYjXshMdr3IrK3DHU8DtFiscIeyqmcGfxIWW4DPknONYtUqe 6JIOatlgAHaqhVJKA3v1XB3bpKy8/qoNYg4mYk6PpTiYJ5pA6C3u57jnfnHSfxsyh5uj//EhZZb pKKdBeGOIzs7mpd0dNRt9ijNVifBGMREIPly8lWLbhWFz5BMSF9zf1bIc+1ITOUT0xEYhddMesV GL+eAcQdHqm2iFv7RDE282DU/uG7vn38iQ6mBfc8ruLHe4QuQDKax52B4SziVoW9EYtfGdM1hor 9Z7wZVgroB37C6vwveBB83ahxnk6sYke2TsOxHvaY5kojQnrmLfi3wk6k7r5N2TiXsncbMCgEs0 VBrIoVcc+XNsmkkwcJgS3mUueh5zyxOVSYOupx4Go= X-Received: by 2002:a05:600c:811a:b0:489:1c32:210d with SMTP id 5b1f17b1804b1-48e51f369c3mr11679145e9.15.1778010756882; Tue, 05 May 2026 12:52:36 -0700 (PDT) X-Received: by 2002:a05:600c:811a:b0:489:1c32:210d with SMTP id 5b1f17b1804b1-48e51f369c3mr11678645e9.15.1778010756314; Tue, 05 May 2026 12:52:36 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48e529a2170sm479095e9.31.2026.05.05.12.52.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 12:52:34 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: d.riley@proxmox.com, jon@nutanix.com, Kai Huang Subject: [PATCH 03/28] KVM: x86/mmu: free up bit 10 of PTEs in preparation for MBEC Date: Tue, 5 May 2026 21:52:01 +0200 Message-ID: <20260505195226.563317-4-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260505195226.563317-1-pbonzini@redhat.com> References: <20260505195226.563317-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Jon Kohler Update SPTE_MMIO_ALLOWED_MASK to allow EPT user executable (bit 10) to be treated like EPT RWX bit2:0, as when mode-based execute control is enabled, bit 10 can act like a "present" bit. Likewise do not include it in FROZEN_SPTE. No functional changes intended, other than the reduction of the maximum MMIO generation that is stored in page tables. Cc: Kai Huang Signed-off-by: Jon Kohler Message-ID: <20251223054806.1611168-4-jon@nutanix.com> Reviewed-by: Kai Huang Tested-by: David Riley Signed-off-by: Paolo Bonzini Reviewed-by: Maxim Levitsky --- arch/x86/include/asm/vmx.h | 2 ++ arch/x86/kvm/mmu/spte.h | 20 +++++++++++--------- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h index b2291a766e3f..2b30b921b375 100644 --- a/arch/x86/include/asm/vmx.h +++ b/arch/x86/include/asm/vmx.h @@ -560,10 +560,12 @@ enum vmcs_field { #define VMX_EPT_ACCESS_BIT (1ull << 8) #define VMX_EPT_DIRTY_BIT (1ull << 9) #define VMX_EPT_SUPPRESS_VE_BIT (1ull << 63) + #define VMX_EPT_RWX_MASK (VMX_EPT_READABLE_MASK | = \ VMX_EPT_WRITABLE_MASK | \ VMX_EPT_EXECUTABLE_MASK) #define VMX_EPT_MT_MASK (7ull << VMX_EPT_MT_EPTE_SHIFT) +#define VMX_EPT_USER_EXECUTABLE_MASK (1ull << 10) =20 static inline u8 vmx_eptp_page_walk_level(u64 eptp) { diff --git a/arch/x86/kvm/mmu/spte.h b/arch/x86/kvm/mmu/spte.h index 28086fa86fe0..4283cea3e66c 100644 --- a/arch/x86/kvm/mmu/spte.h +++ b/arch/x86/kvm/mmu/spte.h @@ -96,11 +96,11 @@ static_assert(!(EPT_SPTE_MMU_WRITABLE & SHADOW_ACC_TRAC= K_SAVED_MASK)); #undef SHADOW_ACC_TRACK_SAVED_MASK =20 /* - * Due to limited space in PTEs, the MMIO generation is a 19 bit subset of + * Due to limited space in PTEs, the MMIO generation is an 18 bit subset of * the memslots generation and is derived as follows: * - * Bits 0-7 of the MMIO generation are propagated to spte bits 3-10 - * Bits 8-18 of the MMIO generation are propagated to spte bits 52-62 + * Bits 0-6 of the MMIO generation are propagated to spte bits 3-9 + * Bits 7-17 of the MMIO generation are propagated to spte bits 52-62 * * The KVM_MEMSLOT_GEN_UPDATE_IN_PROGRESS flag is intentionally not includ= ed in * the MMIO generation number, as doing so would require stealing a bit fr= om @@ -111,7 +111,7 @@ static_assert(!(EPT_SPTE_MMU_WRITABLE & SHADOW_ACC_TRAC= K_SAVED_MASK)); */ =20 #define MMIO_SPTE_GEN_LOW_START 3 -#define MMIO_SPTE_GEN_LOW_END 10 +#define MMIO_SPTE_GEN_LOW_END 9 =20 #define MMIO_SPTE_GEN_HIGH_START 52 #define MMIO_SPTE_GEN_HIGH_END 62 @@ -133,7 +133,8 @@ static_assert(!(SPTE_MMU_PRESENT_MASK & * and so they're off-limits for generation; additional checks ensure the = mask * doesn't overlap legal PA bits), and bit 63 (carved out for future usage= ). */ -#define SPTE_MMIO_ALLOWED_MASK (BIT_ULL(63) | GENMASK_ULL(51, 12) | GENMAS= K_ULL(2, 0)) +#define SPTE_MMIO_ALLOWED_MASK (BIT_ULL(63) | GENMASK_ULL(51, 12) | \ + BIT_ULL(10) | GENMASK_ULL(2, 0)) static_assert(!(SPTE_MMIO_ALLOWED_MASK & (SPTE_MMU_PRESENT_MASK | MMIO_SPTE_GEN_LOW_MASK | MMIO_SPTE_GEN_HIGH_MAS= K))); =20 @@ -141,7 +142,7 @@ static_assert(!(SPTE_MMIO_ALLOWED_MASK & #define MMIO_SPTE_GEN_HIGH_BITS (MMIO_SPTE_GEN_HIGH_END - MMIO_SPTE_GEN_H= IGH_START + 1) =20 /* remember to adjust the comment above as well if you change these */ -static_assert(MMIO_SPTE_GEN_LOW_BITS =3D=3D 8 && MMIO_SPTE_GEN_HIGH_BITS = =3D=3D 11); +static_assert(MMIO_SPTE_GEN_LOW_BITS =3D=3D 7 && MMIO_SPTE_GEN_HIGH_BITS = =3D=3D 11); =20 #define MMIO_SPTE_GEN_LOW_SHIFT (MMIO_SPTE_GEN_LOW_START - 0) #define MMIO_SPTE_GEN_HIGH_SHIFT (MMIO_SPTE_GEN_HIGH_START - MMIO_SPTE_GEN= _LOW_BITS) @@ -217,10 +218,11 @@ extern u64 __read_mostly shadow_nonpresent_or_rsvd_ma= sk; * * Only used by the TDP MMU. */ -#define FROZEN_SPTE (SHADOW_NONPRESENT_VALUE | 0x5a0ULL) +#define FROZEN_SPTE (SHADOW_NONPRESENT_VALUE | 0x1a0ULL) =20 -/* Frozen SPTEs must not be misconstrued as shadow present PTEs. */ -static_assert(!(FROZEN_SPTE & SPTE_MMU_PRESENT_MASK)); +/* Frozen SPTEs must not be misconstrued as shadow or MMU present PTEs. */ +static_assert(!(FROZEN_SPTE & (SPTE_MMU_PRESENT_MASK | + VMX_EPT_RWX_MASK | VMX_EPT_USER_EXECUTABLE_MASK))); =20 static inline bool is_frozen_spte(u64 spte) { --=20 2.54.0 From nobody Fri Jun 12 08:48:46 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 37DA43C2796 for ; Tue, 5 May 2026 19:52:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010764; cv=none; b=WPvObSI+hgKzUets+q2KKIm9or5lQg+8MBmJjRPWAnctsUCWHNcW/D+gS86oK3KUb7s4mXRH0tL5dj+n7fcrTs8qB518fl4U11Y9jvg4jMoqb7bJQ4A5BKOnDSPVfCSabaWc9q8r/PJLyX3q943OI/6WRN/5/WbrxJb79kPQvhw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010764; c=relaxed/simple; bh=nJeYpELUiDcRSbIXmLTI6IC3tPIoc48xDRP+R+rbBgY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=gq0sdXo9LWHyQDnTsR4vqa+KuHfh3nwWUEfoqiKP0WwSdAm++O/P2lN52DTIXOoG/pxCLNoVL9e5ZqDSddHYLq995PVACKgySkgCSrz8oWMh4IGHqRcxcZ2ZWrb0io3nOgdUgnfHGQEpUJiMZ6ftodyYUMV4o6w2uMwAF/M75oA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=Qc/933V5; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=rOiMaAb2; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="Qc/933V5"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="rOiMaAb2" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778010762; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nK8zNlHgmpkXUn4LpCw2HngzRpbAF8Tg67xFKU1xx/A=; b=Qc/933V5jvJK3touo/0CfBT1owXKHXG+aN+yj3iqIJL68hoBDIYNM/EcpXSeAeGTkBPdBa dwVRRrDgADvkWl4AnWfxDGGKAToWKDOhWGsbSiQMGwC0y3xdIMJV1SgixrNhk/OTiKMVPK k0OOEUds/XNgOys+1fBxjB/d93yBrn8= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-171-2pPuI9j7MzqmMuHQrUl-jQ-1; Tue, 05 May 2026 15:52:41 -0400 X-MC-Unique: 2pPuI9j7MzqmMuHQrUl-jQ-1 X-Mimecast-MFC-AGG-ID: 2pPuI9j7MzqmMuHQrUl-jQ_1778010760 Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-488c2cc0cbaso49328565e9.3 for ; Tue, 05 May 2026 12:52:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1778010759; x=1778615559; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=nK8zNlHgmpkXUn4LpCw2HngzRpbAF8Tg67xFKU1xx/A=; b=rOiMaAb2EekyuO7xCdUI/RjGVH4XWK5vp9UVzXc43BO5pCW8PQKOvQ+7WYbCU8jAXm 6/oLLJ/5eybP8NmWVuCPTJ/bJFIcmX11gdCADrm7IQKq0jeJyoKTo2XMLxtCjWhAlyyg ubE9p81IAN7yMv8GCT0thRcQM8dWDRFR1opnqsPS2uR4tEij135w221UhhxDRyIwWDyI jBu7kCdp9R1HelXSMsctpbqNl3X1SRkpPL8KNyUia5tAZ4cw9fMJQHhTwdkYKMlgMLKk 8HGARMUZGqwxUNgDxswSPosPGa3DjSnuXBezE99ryYE6TN/Z4YT1BIgv5003JSQ6D8K7 mLtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778010759; x=1778615559; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=nK8zNlHgmpkXUn4LpCw2HngzRpbAF8Tg67xFKU1xx/A=; b=f/xlwymPxd2k/vPH32VMdhD/inFuRzaESUnwMPyvZxOVlKCr0+XFFBJwrVKyMc0SQd +GgxfJ6vaUxPwx/pAEVW+RwHerdfE6dNyhFoKY3KK4tSOYqfSCUHhC9420gIh18F8POW c0Bc6bCW3vkrNc9ClXHiDU0eiJxbzdmcta+EeOnNqlGsvIixIPh/V8oKNA6RFOwb0Ldq cVg9RYk1nbc2RPSxcL0sm5flEzzOFdMxYZVNB0C89/0GfxPDLPNykM3fcALZ0vBYeDrV wyRRxpJK1zGn71mCuHmAeWqTr9skR4PWmq4kIA8PVGxuyOYqE0BzXQAf3F8VGYbejuga PvaQ== X-Gm-Message-State: AOJu0YyZy9hAKkfzbUx+bedzXdzp7k+WWwjgMv+wH7cCQjOrQ5lbFKhq FkoiwhENRRSTDHnQMQUpNEBPRidhKv0u9SzLRIdidi/lUqYKZYWGJbDkyp/KhPMZ809vFT3Y2Tg CisxW7fQb3r1ix+auofyjzaLu74cw3qGB3MrlL6A2VlSm29eDPLTvHHsf5YVl6IzkXqmiCU44m/ ebYxN0Ggt85qHvWL2tYE8kS34D8qDGl/qlYRXir4sjObTyqs+1gg== X-Gm-Gg: AeBDieve5co0dcXzp0LrfjuFko0aPJToiR9dJBlEYyS7qob0oLnnAyglwc6FHoGPlUn 0/Nbmck000tzFaeNPuYiDoks+/bmr32qLK3KXzdpxYtrfdCksOz6xszrQnSQ9ZYpCCf6ZAfXrAU FW6Z2icdAgnNXhCRJHBRCrkAAraCKT1k3bZ/MtVmYtBVCGrG7dZ5qpc8/L5jWL/dLjOXkxJmQLN 3xuz6YKfSzievIkpnMJ5/c94A5IB8YSFvTO/nml3wKAlKEHjHSfx+ET1VTfqu+0wK6e+nFX0cwz 9wpzh1KTGR3oceggS+B9yAxa8Hs6Fz3At0PRSrnTJzQVOPGFsEmQkBApNMPYccHNHv6eoctu70Q lb6K9cEWw5C//4VFqI+BzCxMMiGh9sCXWDBEK2OrCjtYWI9cTx6quWFsho0rugdwcHUBjf7MpGQ 0l3ObKIlysbGo4D+3keQhJFAOihBEwn8Xy4y0otT0= X-Received: by 2002:a05:600c:1d11:b0:488:a916:14a8 with SMTP id 5b1f17b1804b1-48e51f2c7eemr10704075e9.10.1778010759050; Tue, 05 May 2026 12:52:39 -0700 (PDT) X-Received: by 2002:a05:600c:1d11:b0:488:a916:14a8 with SMTP id 5b1f17b1804b1-48e51f2c7eemr10703595e9.10.1778010758527; Tue, 05 May 2026 12:52:38 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48a820c8556sm414102265e9.4.2026.05.05.12.52.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 12:52:37 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: d.riley@proxmox.com, jon@nutanix.com Subject: [PATCH 04/28] KVM: x86/mmu: shuffle high bits of SPTEs in preparation for MBEC Date: Tue, 5 May 2026 21:52:02 +0200 Message-ID: <20260505195226.563317-5-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260505195226.563317-1-pbonzini@redhat.com> References: <20260505195226.563317-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Access tracking will need to save bit 10 when MBEC is enabled. Right now it is simply shifting the R and X bits into bits 54 and 56, but bit 10 would not fit with the same scheme. Reorganize the high bits so that access tracking will use bits 52, 54 and 62. As a side effect, the free bits are compacted slightly, with 56-59 still unused. Tested-by: David Riley Signed-off-by: Paolo Bonzini Reviewed-by: Maxim Levitsky --- arch/x86/kvm/mmu/spte.h | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/arch/x86/kvm/mmu/spte.h b/arch/x86/kvm/mmu/spte.h index 4283cea3e66c..317b9cd1537c 100644 --- a/arch/x86/kvm/mmu/spte.h +++ b/arch/x86/kvm/mmu/spte.h @@ -17,10 +17,20 @@ */ #define SPTE_MMU_PRESENT_MASK BIT_ULL(11) =20 +/* + * The ignored high bits are allocated as follows: + * - bits 52, 54: saved X-R bits for access tracking when EPT does not hav= e A/D + * - bits 53 (EPT only): host writable + * - bits 55 (EPT only): MMU-writable + * - bits 56-59: unused + * - bits 60-61: type of A/D tracking + * - bits 62: unused + */ + /* * TDP SPTES (more specifically, EPT SPTEs) may not have A/D bits, and may= also * be restricted to using write-protection (for L2 when CPU dirty logging,= i.e. - * PML, is enabled). Use bits 52 and 53 to hold the type of A/D tracking = that + * PML, is enabled). Use bits 60 and 61 to hold the type of A/D tracking = that * is must be employed for a given TDP SPTE. * * Note, the "enabled" mask must be '0', as bits 62:52 are _reserved_ for = PAE @@ -29,7 +39,7 @@ * TDP with CPU dirty logging (PML). If NPT ever gains PML-like support, = it * must be restricted to 64-bit KVM. */ -#define SPTE_TDP_AD_SHIFT 52 +#define SPTE_TDP_AD_SHIFT 60 #define SPTE_TDP_AD_MASK (3ULL << SPTE_TDP_AD_SHIFT) #define SPTE_TDP_AD_ENABLED (0ULL << SPTE_TDP_AD_SHIFT) #define SPTE_TDP_AD_DISABLED (1ULL << SPTE_TDP_AD_SHIFT) @@ -65,7 +75,7 @@ static_assert(SPTE_TDP_AD_ENABLED =3D=3D 0); */ #define SHADOW_ACC_TRACK_SAVED_BITS_MASK (SPTE_EPT_READABLE_MASK | \ SPTE_EPT_EXECUTABLE_MASK) -#define SHADOW_ACC_TRACK_SAVED_BITS_SHIFT 54 +#define SHADOW_ACC_TRACK_SAVED_BITS_SHIFT 52 #define SHADOW_ACC_TRACK_SAVED_MASK (SHADOW_ACC_TRACK_SAVED_BITS_MASK << \ SHADOW_ACC_TRACK_SAVED_BITS_SHIFT) static_assert(!(SPTE_TDP_AD_MASK & SHADOW_ACC_TRACK_SAVED_MASK)); @@ -84,8 +94,8 @@ static_assert(!(SPTE_TDP_AD_MASK & SHADOW_ACC_TRACK_SAVED= _MASK)); * to not overlap the A/D type mask or the saved access bits of access-tra= cked * SPTEs when A/D bits are disabled. */ -#define EPT_SPTE_HOST_WRITABLE BIT_ULL(57) -#define EPT_SPTE_MMU_WRITABLE BIT_ULL(58) +#define EPT_SPTE_HOST_WRITABLE BIT_ULL(53) +#define EPT_SPTE_MMU_WRITABLE BIT_ULL(55) =20 static_assert(!(EPT_SPTE_HOST_WRITABLE & SPTE_TDP_AD_MASK)); static_assert(!(EPT_SPTE_MMU_WRITABLE & SPTE_TDP_AD_MASK)); --=20 2.54.0 From nobody Fri Jun 12 08:48:46 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 564793C8729 for ; Tue, 5 May 2026 19:52:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010770; cv=none; b=E/C3aBScD03s1d5EFnq/jOJfLZ8CFSsoV7YSAoXiy882Uhjcvry8tYiv6DBrEaWiJrNqhO7Yu11KaSUf9mES7Unayh19sbRi+TMs0/6DoDSvYgwK1Va61S6Zm65ErpaYGGDoDYuZ1ioAdBJzh+VFPj7Ck/qm69Mv8vRciqlj9EM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010770; c=relaxed/simple; bh=VT7zfiiVRapsXV419bLXWnYe/GDkcopj88qVydXofgY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=cfCZDSrvCYiBF0M6tVxXjC+LuXJ0M5u3yIuW1mpWYw+11tPAF1sUU76L5TXGBa88AHRcmSW36wOaJzmppHrJGQRdfD51N5nAFlFLTIa4FfB6m1RaUB1ffYGVWvyltppIjWUSdokUdPjiYMlSGWFn5qi0FoUeT62lhJtBN5H3xFU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=chUTYCF3; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=A/cPSxuO; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="chUTYCF3"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="A/cPSxuO" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778010764; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KmTlPbplzaPUyaXoZZq4ubiOPxj9lSeMSfGVlOAgc48=; b=chUTYCF3ZQYJctA8Mie/Ss0wXueyS73iefUe1tZfTVNRXcnwna7XUwgsHSm63g7Ixay0BX mtfoOH7euJt9AwbLaUqLwr8dL4RbSydtP2CfoNPhhbn1Tv6H2XiHSGvWIrSI5gwf4xVybP zn1/T8K3jdn8fsqpRSSre1jHcm15cwI= Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-543-7CNYsuNSOBuj5mPDRNrc3Q-1; Tue, 05 May 2026 15:52:43 -0400 X-MC-Unique: 7CNYsuNSOBuj5mPDRNrc3Q-1 X-Mimecast-MFC-AGG-ID: 7CNYsuNSOBuj5mPDRNrc3Q_1778010762 Received: by mail-wm1-f71.google.com with SMTP id 5b1f17b1804b1-48d05e7b117so21764375e9.0 for ; Tue, 05 May 2026 12:52:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1778010761; x=1778615561; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=KmTlPbplzaPUyaXoZZq4ubiOPxj9lSeMSfGVlOAgc48=; b=A/cPSxuOlMM3uVIS6HUMaiOuzAkkpSa0V8Iggonfl4FOgxOCXtdlE13dSzXu+su/OM JHyAFQrRHwgGA/+6utWLpxg0QncEG7zsCRLTlsZiaRCbzhu77T9eqMyyEnj6a/0/JNWb y6LTnVuEq4w4BDRUee6EuCbh78hTkHSaLG/GZ0Sr1D5KNq2/5eHvk4vzqNlV5TDtZ12u m+NSH1/oc8zS0XijnyB3M6hsbMdhLSQOwMhNxkAqU8bTDet7/yxT+bKdDbvh38Md+CTu gADBnCDtVNVn14CgOXVkom16EDuzDrmaFK3k6zEckTWjozDX0I65BAQKJoidpOYrEk12 QZcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778010761; x=1778615561; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=KmTlPbplzaPUyaXoZZq4ubiOPxj9lSeMSfGVlOAgc48=; b=P7ifGtLEPpgWF8URk8ePKzVLERTzwkJExe50+749zq17YEu/zRoO+ZUaDcfcV7Tw3D x6YlYupU7N25KPu7+yeJ0IVnE44GPbAeo4NIHfHHY9+GWijXGudIKIzcP9dUHjc/6sEV MJXTcntrIFgXdziFrieti8/RJCfETeustbObMYWaDA6LY1nBCdog3BlfPDc1Hu8kGCE9 4BwjA5PBZH5eW40keEy2JxiJbfzZqmKj5XTIZfGeVDDEi1KcNAy450XainFfvRZ/8vVl wz23Zg845bA/mguNePKLKsZpdgE5B4ApbKq02wYg21I3CbCLjzsS3PIXSs8qR/OJVT5O 1hzw== X-Gm-Message-State: AOJu0YxS1h1sMi3pF5kTjnezq+Xg7XmARp0AxbuIV0Dnh+oGRNUaY0GC R5MbJ/lVgPeeV4D6peBpAC/MQRtcIjRtoX0vvXmp9L8Z7O6WbFgbN8c80H/TKTK9WCK2eTxUZB5 0vyGhJ2zddgjLQNjXyxE2w/Y1t13CWJ5C5KBUjA9hEtfTlu3GcDN5UN2FdQ8QLgUgC6xzsNojtw 7vshRhG0IQgGC3jinkLO3Cr2I6Spuv+ArtI28taEPhc6YXyswuiA== X-Gm-Gg: AeBDievTl4Svf0viD3eBl11euASwrVQ5/KqWIL9UbeIdQEkqh6LYwx+VH/TPYgXZLi2 jOjlBsPg7TOydZYAk+2YdNCY4ZQnZXzy+1rEnBZZwaNSqAfeZ9ZNSZjrXceGQ6+/eUmInT7rBF0 m3rsloBLEgAJe9jU2j9X3Let/xcLuoiAHf13tFMw4jJi6UNMMo87OuG2iPtWp5fqa2aH3kgoz1q NCND7TxklMgoNLvMnceHX/V+E0+7cPCgjGiMpmuZ3CdezpZ4Wm3UCENdQgQ0KkOUvGWCJ0NhDqE KQYRJXpi9t/kD4bW22EBny+93G5f+qrH7LAEUZMF585XHl77I2W+C2MnoezL6GGpppEFNbKmt9m ptZ8U5kdiskgq7vpvAcXifEHD+jsVhhGNAMy0urm050+Ul4irpUsMxcxWnyCV9qx8xP+urZ6iHt hhZXjcBsi4wwhaGpNvlFCUHabbVhOBCklin4w+x1M= X-Received: by 2002:a05:600c:811a:b0:483:7903:c3b1 with SMTP id 5b1f17b1804b1-48e51f35d0emr11587445e9.20.1778010761289; Tue, 05 May 2026 12:52:41 -0700 (PDT) X-Received: by 2002:a05:600c:811a:b0:483:7903:c3b1 with SMTP id 5b1f17b1804b1-48e51f35d0emr11586915e9.20.1778010760852; Tue, 05 May 2026 12:52:40 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48a8eb6fffcsm398234745e9.4.2026.05.05.12.52.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 12:52:40 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: d.riley@proxmox.com, jon@nutanix.com Subject: [PATCH 05/28] KVM: x86/mmu: remove SPTE_EPT_* Date: Tue, 5 May 2026 21:52:03 +0200 Message-ID: <20260505195226.563317-6-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260505195226.563317-1-pbonzini@redhat.com> References: <20260505195226.563317-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" spte.h is already including vmx.h, use the constants it defines. Tested-by: David Riley Signed-off-by: Paolo Bonzini Reviewed-by: Maxim Levitsky --- arch/x86/kvm/mmu/spte.h | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/arch/x86/kvm/mmu/spte.h b/arch/x86/kvm/mmu/spte.h index 317b9cd1537c..bc02a2e89a31 100644 --- a/arch/x86/kvm/mmu/spte.h +++ b/arch/x86/kvm/mmu/spte.h @@ -57,10 +57,6 @@ static_assert(SPTE_TDP_AD_ENABLED =3D=3D 0); #define ACC_USER_MASK PT_USER_MASK #define ACC_ALL (ACC_EXEC_MASK | ACC_WRITE_MASK | ACC_USER_MASK) =20 -/* The mask for the R/X bits in EPT PTEs */ -#define SPTE_EPT_READABLE_MASK 0x1ull -#define SPTE_EPT_EXECUTABLE_MASK 0x4ull - #define SPTE_LEVEL_BITS 9 #define SPTE_LEVEL_SHIFT(level) __PT_LEVEL_SHIFT(level, SPTE_LEVEL_BITS) #define SPTE_INDEX(address, level) __PT_INDEX(address, level, SPTE_LEVEL_B= ITS) @@ -73,8 +69,8 @@ static_assert(SPTE_TDP_AD_ENABLED =3D=3D 0); * restored only when a write is attempted to the page. This mask obvious= ly * must not overlap the A/D type mask. */ -#define SHADOW_ACC_TRACK_SAVED_BITS_MASK (SPTE_EPT_READABLE_MASK | \ - SPTE_EPT_EXECUTABLE_MASK) +#define SHADOW_ACC_TRACK_SAVED_BITS_MASK (VMX_EPT_READABLE_MASK | \ + VMX_EPT_EXECUTABLE_MASK) #define SHADOW_ACC_TRACK_SAVED_BITS_SHIFT 52 #define SHADOW_ACC_TRACK_SAVED_MASK (SHADOW_ACC_TRACK_SAVED_BITS_MASK << \ SHADOW_ACC_TRACK_SAVED_BITS_SHIFT) --=20 2.54.0 From nobody Fri Jun 12 08:48:46 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CA8613C061F for ; Tue, 5 May 2026 19:52:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010771; cv=none; b=PjA1dkzmPtkUcndFw2rLkVcLBNNQpkb0hVAXHgygNbZBKX19AjlZIY8+XDa0m0ikEBYrlCa/rFOnU5yg8lVL1K8wKNIBzhQ2qsiKiQvwRTAC0ARQ1APP2L0gkNY3//0tA2zIIOOif2n/mE20In2g7QI5mDveWiLYAVx4ourg6jU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010771; c=relaxed/simple; bh=6KNQirbx2Vihou6DaVeh7jHQnbN8YaGebFopG1grF8I=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=dgXaanJV95tDr2X1UjcG9tUtiKAsYIbgMUIXnzx1lVAY+2x6sZB9oalsKYa9s8F7TjzXdAS6hj1h405EHqy3nl/JSqCxrx1PqPHTsIltsiSSB40kgu9JLAKIU2KQ2Wvwl6FDo6gvt5ABA0c/cJnQCNVsgvbdDhKgfmoD4xVkRWc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=H4LS8Qs0; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=C0CeIc2G; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="H4LS8Qs0"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="C0CeIc2G" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778010766; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9PYNfAaEV38buKctZeF6dh10BP+mDAO9Hnu887EwhKQ=; b=H4LS8Qs0wVjtQcq0eubzdRu8NuPqmsi/bqgXAcJtf3+uddRidOZ10Ak51dE6wrL2i4ruFj Jmlkau2IZ8vzEczUZPaNO47kvkku1sE0oincBKRJ4rjj008nn5SOfwBkENhEbijEMqYNFz sKWifClxkFtkbriWoXfCmO2wtFY+9sI= Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-630-FGXBNvtpOuWOhIhEhAULcQ-1; Tue, 05 May 2026 15:52:45 -0400 X-MC-Unique: FGXBNvtpOuWOhIhEhAULcQ-1 X-Mimecast-MFC-AGG-ID: FGXBNvtpOuWOhIhEhAULcQ_1778010764 Received: by mail-wr1-f70.google.com with SMTP id ffacd0b85a97d-43d789cebcfso121540f8f.1 for ; Tue, 05 May 2026 12:52:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1778010764; x=1778615564; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=9PYNfAaEV38buKctZeF6dh10BP+mDAO9Hnu887EwhKQ=; b=C0CeIc2G33zxtmldOXlZAMniqeTCWxhX6SppB9SXw2BUZ1pE39UypxnhFZYhewcNeM HJk9Aik+ZPNdUmuy9Rx5r6Arn/Lp1JiXSitm51u4XCdtHduATKZRWdWJpCAlazGgxhl1 C0tg8dHRln1r6eUqyKF1Pv8Z/DUOQJXTP3x4Vu0xF6FREPFrzzppkdzELr1pYZGi1Bi0 5bwlc9xlHRVZf5hfATBCKjcQGJrpCPACKcCLkEz5kanCzekuPrZzlRGuB2VC9BbTpN8u HvW3CshSzKCJPHkQoPDKOny+TntmBfgxdlgmvCKmVFPFvmkAtDMt2QOYNKYJ5Y2TqLJK xr7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778010764; x=1778615564; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=9PYNfAaEV38buKctZeF6dh10BP+mDAO9Hnu887EwhKQ=; b=iZn9LFcBExWR/fcfQWDViyezlpFV9vQ81P8k2AhzhUp0npml5g/xd0Q2p2tnVBLTJy 2yEIH7zDKhdJ1VoN5MRchhqBrLMyb9uJdPyGfz/ujGpeV2hIR2fvtZzfJ9U/ueaaLe0k n6fYOlYL/ymRJy9GzmWesffr5u/py++39AOeQ+/3GCTI7bdlCFmPc+KqCLMFlCSl+Vsf gyTMAmZZMBuJSvYpq1BPveYcJer6PhrZG3s7Bj3fDMErxHDCiL703rWc4i8htuosPLgE 5C4f3fZbNRkeZRtQesMU9LQmCCQQjVDrwj+99GM01UDJJQnVw+0Rakfa0mbJHqrMBdz9 SeKQ== X-Gm-Message-State: AOJu0Yze2OP287jR9cmckXEUdgmb37uBvjGuQ0Np5YNQe7/XN/+eWeF0 y5jheap8lohe9hUriZhMAPYgDrlBN3b7S/4EYnJJgdT9iMKHF8+N1kACwscINaEqT25M2yB543T 6tLVmkCaLH7bJsrieF8wWqFn1cSUc/GS1GIaOhlgMVRTNU8U/x9hRWGzULNa+P+jqOKHnXZV6y3 Ns9y/cqEe6nQqt3jrixOtz7KvK6CJbm4tys+AJZYNNuuEcliv3vw== X-Gm-Gg: AeBDiesAb9Mq26rWS0Cr5YubVGhoQylI3XVTagk+yqefdQrfYLdCX/rbhFFru/TX/GJ n8PHrMERN+3xJFuOHUWBYwRvnC2YaqeMDa9NPgvuTKtqmJw0qGAJkaFPZCXjxkjVnVPIv/2rmup RUsKsK16U732A/uQ47uhZJ0F1PiQbNkmnaDTk79sOV2eh1fS973ySAoh9QLZYCiMC7SGpSSNnOA OSfs3MaeL4yu6hXhXTaPpmsL52ug9AQCj5BVjuHqGyxM5BNvpzTal63WzyhN4ohAmEARiG7GoKq um//X/UEh3zunxhnhhWcYjIzeJqyA5cwckkj1FWpYpCZ0ryQTHCCPfbAkAiCKnXDKOXzYRVFaaw gRg0uIRQZ5UVqY7V9SsC6cfOAyL0BMA8/JPpyhjWrVwZwo+s8OzIPsR26fZjCWR2EJzckSPDugg asup32vC1dPpqrBLdZTuTr98chtL66PZ4toA2wehI= X-Received: by 2002:a05:600c:14c2:b0:48a:65ab:8059 with SMTP id 5b1f17b1804b1-48d142725a6mr61497135e9.13.1778010763715; Tue, 05 May 2026 12:52:43 -0700 (PDT) X-Received: by 2002:a05:600c:14c2:b0:48a:65ab:8059 with SMTP id 5b1f17b1804b1-48d142725a6mr61496915e9.13.1778010763358; Tue, 05 May 2026 12:52:43 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4505238e7c0sm6115716f8f.3.2026.05.05.12.52.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 12:52:42 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: d.riley@proxmox.com, jon@nutanix.com Subject: [PATCH 06/28] KVM: x86/mmu: merge make_spte_{non,}executable Date: Tue, 5 May 2026 21:52:04 +0200 Message-ID: <20260505195226.563317-7-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260505195226.563317-1-pbonzini@redhat.com> References: <20260505195226.563317-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" As the logic will become more complicated with the introduction of MBEC, at least write it only once. Tested-by: David Riley Signed-off-by: Paolo Bonzini Reviewed-by: Maxim Levitsky --- arch/x86/kvm/mmu/spte.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/arch/x86/kvm/mmu/spte.c b/arch/x86/kvm/mmu/spte.c index 85a0473809b0..849a1c1c92b5 100644 --- a/arch/x86/kvm/mmu/spte.c +++ b/arch/x86/kvm/mmu/spte.c @@ -317,14 +317,16 @@ static u64 modify_spte_protections(u64 spte, u64 set,= u64 clear) return spte; } =20 -static u64 make_spte_executable(u64 spte) +static u64 change_spte_executable(u64 spte, u8 access) { - return modify_spte_protections(spte, shadow_x_mask, shadow_nx_mask); -} + u64 set, clear; =20 -static u64 make_spte_nonexecutable(u64 spte) -{ - return modify_spte_protections(spte, shadow_nx_mask, shadow_x_mask); + if (access & ACC_EXEC_MASK) + set =3D shadow_x_mask; + else + set =3D shadow_nx_mask; + clear =3D set ^ (shadow_nx_mask | shadow_x_mask); + return modify_spte_protections(spte, set, clear); } =20 /* @@ -356,8 +358,8 @@ u64 make_small_spte(struct kvm *kvm, u64 huge_spte, * the page executable as the NX hugepage mitigation no longer * applies. */ - if ((role.access & ACC_EXEC_MASK) && is_nx_huge_page_enabled(kvm)) - child_spte =3D make_spte_executable(child_spte); + if (is_nx_huge_page_enabled(kvm)) + child_spte =3D change_spte_executable(child_spte, role.access); } =20 return child_spte; @@ -379,7 +381,7 @@ u64 make_huge_spte(struct kvm *kvm, u64 small_spte, int= level) huge_spte &=3D KVM_HPAGE_MASK(level) | ~PAGE_MASK; =20 if (is_nx_huge_page_enabled(kvm)) - huge_spte =3D make_spte_nonexecutable(huge_spte); + huge_spte =3D change_spte_executable(huge_spte, 0); =20 return huge_spte; } --=20 2.54.0 From nobody Fri Jun 12 08:48:46 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8F389191F98 for ; Tue, 5 May 2026 19:52:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010772; cv=none; b=Zwnrs6zAdWuQL03mKZ5vt1Gt/SqN3NJRPFMe2dLtKdYDFMTCn5kAbVcIpVS6xlF9a7YVN4meSL3+vFJZs3y+O6enVsQphGdcFsn4C4/ZI5HPE8hO/8IpN6Vfb0IkixhVOywPa7Edd8Ph7kQ5/4t8RVrrLs2cT0IUYb3oPjNnaC8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010772; c=relaxed/simple; bh=n914WZYqhkOaCKJ0McdUUGJMd21irzhRtKtZO14Gp/E=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ZeraZkF7I39qN/3Gq9Jt9vRLc338DER/a57jVOepmVrw8JhoAsVy1y/ytjheOWEkrT5X9hW5Js9OMXgW6waQRpFhD1pr/5bk7NjKo4259djXWLwBZiJnUHdkBWiWpwzMlf8BqkcusRtKwJQzP71qgnSAvRxDWLEbq4WLGVptVio= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=WjYHUOev; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=f2dzltRq; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="WjYHUOev"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="f2dzltRq" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778010769; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ENJAbnOsm1YwG89mEdJ0Oje+RHlfu4M62QGrbP0ZB78=; b=WjYHUOevXjr92clMXO8bTZW3Rkplz2G0qz9rEGECAsJjo2zHjJ8zSSo+C22sXm+JpkqlZa Ixl60cax4eiAQbFHsk6OOJ0uD4id3r3udbatM12gVAmKGMB6mfieG/a9w9cX0FeRLC0g56 2tWtsC8+kzlPi6I6sl41eipYBbvej8c= Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-172-UGybcJ6ZMcKXdBiQelz8mw-1; Tue, 05 May 2026 15:52:48 -0400 X-MC-Unique: UGybcJ6ZMcKXdBiQelz8mw-1 X-Mimecast-MFC-AGG-ID: UGybcJ6ZMcKXdBiQelz8mw_1778010767 Received: by mail-wr1-f71.google.com with SMTP id ffacd0b85a97d-43fe791a398so4987603f8f.0 for ; Tue, 05 May 2026 12:52:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1778010766; x=1778615566; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ENJAbnOsm1YwG89mEdJ0Oje+RHlfu4M62QGrbP0ZB78=; b=f2dzltRqOvURC566Sm6psM0BYVarhbuZXZil2yqE+RpA5kXBZ15cgrA9qWPcrRckAu FX3fmddJRYUULgp0VNHY6yQnCe9uPZAnENM7TOP3yvK8Xy0uOz44flXF5M7+lZ6u6/Rl AL8G6VmGdcnIRkPQ1KOzOwkWiejWQhbsera/rl7RRSNSn6F3pbq6ZReKmv143wcv2MgD fgaY6DfpH4HFgBI3bwzUCn1KhKy5cXtp/ArvWlEeSTFmzzgKWRcpNlk59id44Wi1YtQf ckPyJ8GAnChBFkClZWgESX95IbI8wDDmOIH/x1H3FzvfpDPwrt9QHPoOzi4Yf5GSUrdp wUKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778010766; x=1778615566; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=ENJAbnOsm1YwG89mEdJ0Oje+RHlfu4M62QGrbP0ZB78=; b=bUeuDOTzhSVCcb/j27OPptl15AqiQfMyvIxFU4pYwTFsERq0lJdeAWGNnLrPQD9Nsd lX7YlEfs3FAulJPUEAjOosYmk2uu8O17x4w3RR/ZLiImxO4bbteLgG4LNMXdKtlinxfm Sza28Z5xy4JeVnPN9KG96ZaExQh2MW4YtmQGvwSVbfUtXvT4oFhDBcy5k/+EOrIYm6AT LmZInZSNDrDlAzI/vcjU80OB2t5V5HStVa8Xubu2G27k+R5FxOVKd+lYWtCwCvZPShVs Biol1teaSZD+gsLlsXQarOKGr/7AN2Pbiwx9mAVGG7pHbaXs3Ft41GPREBIrbDXbP4Wx 7cfA== X-Gm-Message-State: AOJu0YzHQ54bGZCY2mrLNuOUbK1pvyEEcuUlXEVtR8RZhVVM4oFiUsjZ jhNXQ96QBqbM8WZ7HlVNy4E5Ps3JvqPHvSaBJBR4MC7x8hfRhV3RbfnOtUbl7IX+KfBqL5kf4VZ /+x9MLr9wKNVPwfgYaSg2moXFXofwqWNluykfxN7y45ElsAQCJ3agdzJDrvz0lOZfW4ZhoIv8CT AZ1GxSTOdMZj0lAu6pumhFZHapTuoOb/EmnLOldj8U7aSTI7wSnw== X-Gm-Gg: AeBDiesKL+GLcOXlEQXxNTRdRKR9DaCY/ZvN+lTSLjA30EahY9QLDgQlg+linwetCQE X1fSBUY1y0NSj8oYh/5gjjf8DQJgzrvuYlnPfj2MadFmYu1UgDi7+8dCgpOvhAwPZ4dey5Zzw6T dvJJIXeD+w3O0unHF5pXiz8oUbXXHiUU2ev2bDkt4AxPERWPT1h8Q3SnK9QJLXLrCVCE4MGpkUe SMWA8/IklS2GrSgDNNIcCvw2kf9IKOAHg9v7EoxfdVLBc4GCENJMVjNEeQ3gNfzQOQNdABSH1gM dvdTnTKJ5bmy2qHk3ifuvEnc/1eULHTxfytf26GiPUgW2qyMrl+j1wWL8wSlp5BVrd9eUolcrA/ v0jy+TIdgokwWZPvKpT8xIlx4Qozp38AmZElfQoP51pa0609wuwWn9EYMsmSQLPz/eHgrFQrFyv ITGiIQWDFd+GDBiA/KQvgf8zxn2bWVorbJUsmg6H4= X-Received: by 2002:a05:6000:4014:b0:44f:db87:8919 with SMTP id ffacd0b85a97d-4515b056a63mr793933f8f.4.1778010766416; Tue, 05 May 2026 12:52:46 -0700 (PDT) X-Received: by 2002:a05:6000:4014:b0:44f:db87:8919 with SMTP id ffacd0b85a97d-4515b056a63mr793903f8f.4.1778010765956; Tue, 05 May 2026 12:52:45 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-45055d381c8sm6486934f8f.33.2026.05.05.12.52.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 12:52:44 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: d.riley@proxmox.com, jon@nutanix.com Subject: [PATCH 07/28] KVM: x86/mmu: rename and clarify BYTE_MASK Date: Tue, 5 May 2026 21:52:05 +0200 Message-ID: <20260505195226.563317-8-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260505195226.563317-1-pbonzini@redhat.com> References: <20260505195226.563317-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The BYTE_MASK macro is the central point of the black magic in update_permission_bitmask(). Rename it to something that relates to how it is used, and add a comment explaining how it works. Using shifts instead of powers of two was actually suggested by David Hildenbrand back in 2017 for clarity[1] but I evidently forgot his suggestion when applying to kvm.git. [1] https://lore.kernel.org/kvm/e4b5df86-31ae-2f4e-0666-393753e256df@redhat= .com/ Tested-by: David Riley Signed-off-by: Paolo Bonzini Reviewed-by: Maxim Levitsky --- arch/x86/kvm/mmu/mmu.c | 63 ++++++++++++++++++++++++++++-------------- 1 file changed, 43 insertions(+), 20 deletions(-) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 24fbc9ea502a..d94a488db79d 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -5529,31 +5529,55 @@ reset_ept_shadow_zero_bits_mask(struct kvm_mmu *con= text, bool execonly) max_huge_page_level); } =20 -#define BYTE_MASK(access) \ - ((1 & (access) ? 2 : 0) | \ - (2 & (access) ? 4 : 0) | \ - (3 & (access) ? 8 : 0) | \ - (4 & (access) ? 16 : 0) | \ - (5 & (access) ? 32 : 0) | \ - (6 & (access) ? 64 : 0) | \ - (7 & (access) ? 128 : 0)) - +/* + * Build a mask with all combinations of PTE access rights that + * include the given access bit. The mask can be queried with + * "mask & (1 << access)", where access is a combination of + * ACC_* bits. + * + * By mixing and matching multiple masks returned by ACC_BITS_MASK, + * update_permission_bitmask() builds what is effectively a + * two-dimensional array of bools. The second dimension is + * provided by individual bits of permissions[pfec >> 1], and + * logical &, | and ~ operations operate on all the 8 possible + * combinations of ACC_* bits. + */ +#define ACC_BITS_MASK(access) \ + ((1 & (access) ? 1 << 1 : 0) | \ + (2 & (access) ? 1 << 2 : 0) | \ + (3 & (access) ? 1 << 3 : 0) | \ + (4 & (access) ? 1 << 4 : 0) | \ + (5 & (access) ? 1 << 5 : 0) | \ + (6 & (access) ? 1 << 6 : 0) | \ + (7 & (access) ? 1 << 7 : 0)) =20 static void update_permission_bitmask(struct kvm_mmu *mmu, bool ept) { - unsigned byte; + unsigned index; =20 - const u8 x =3D BYTE_MASK(ACC_EXEC_MASK); - const u8 w =3D BYTE_MASK(ACC_WRITE_MASK); - const u8 u =3D BYTE_MASK(ACC_USER_MASK); + const u8 x =3D ACC_BITS_MASK(ACC_EXEC_MASK); + const u8 w =3D ACC_BITS_MASK(ACC_WRITE_MASK); + const u8 u =3D ACC_BITS_MASK(ACC_USER_MASK); =20 bool cr4_smep =3D is_cr4_smep(mmu); bool cr4_smap =3D is_cr4_smap(mmu); bool cr0_wp =3D is_cr0_wp(mmu); bool efer_nx =3D is_efer_nx(mmu); =20 - for (byte =3D 0; byte < ARRAY_SIZE(mmu->permissions); ++byte) { - unsigned pfec =3D byte << 1; + /* + * In hardware, page fault error codes are generated (as the name + * suggests) on any kind of page fault. permission_fault() and + * paging_tmpl.h already use the same bits after a successful page + * table walk, to indicate the kind of access being performed. + * + * However, PFERR_PRESENT_MASK and PFERR_RSVD_MASK are never set here, + * exactly because the page walk is successful. PFERR_PRESENT_MASK is + * removed by the shift, while PFERR_RSVD_MASK is repurposed in + * permission_fault() to indicate accesses that are *not* subject to + * SMAP restrictions. + */ + for (index =3D 0; index < ARRAY_SIZE(mmu->permissions); ++index) { + unsigned pfec =3D index << 1; =20 /* * Each "*f" variable has a 1 bit for each UWX value @@ -5598,16 +5622,15 @@ static void update_permission_bitmask(struct kvm_mm= u *mmu, bool ept) * - The access is supervisor mode * - If implicit supervisor access or X86_EFLAGS_AC is clear * - * Here, we cover the first four conditions. - * The fifth is computed dynamically in permission_fault(); - * PFERR_RSVD_MASK bit will be set in PFEC if the access is - * *not* subject to SMAP restrictions. + * Here, we cover the first four conditions. The fifth + * is computed dynamically in permission_fault() and + * communicated by setting PFERR_RSVD_MASK. */ if (cr4_smap) smapf =3D (pfec & (PFERR_RSVD_MASK|PFERR_FETCH_MASK)) ? 0 : kf; } =20 - mmu->permissions[byte] =3D ff | uf | wf | smepf | smapf; + mmu->permissions[index] =3D ff | uf | wf | smepf | smapf; } } =20 --=20 2.54.0 From nobody Fri Jun 12 08:48:46 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DB21B3DBD47 for ; Tue, 5 May 2026 19:52:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010778; cv=none; b=OwrnXQOAwq5Fuo3hyLYuyMEWRsy6+SR2G3B+FP6s4PyVvANs6L7OC3I3Sh3DMHG7OT7sP6OzHFZorsQpm2GmSagIGsDLwAgSpz2vkh5gGJ2Di5VPbQdxicLNy3mu1AaHSKDCiSl3abJNVxfOy0+CRj/+hfLXCjZnW+fPdxfI9lk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010778; c=relaxed/simple; bh=A+1lOYkdtnvg2SkTvtSOKColo3PwzJPGsi6uKT4HdMQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=hzvlnTKpi0Z8wRlMZcVo7QNtpTqpPgy6hB8ETSd7oKDdb2ajqmK4pFaRv9ZXuWNgg7fl27W0d6AymWkeEnNfpAb+dz6TlyMyETRhTptXdKprv7GOrnblGcdA9Uyw1WEG3ngtYkm/hR+mTAGH3G2YL9CHyQKoZ5a2WzTBveZukaI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=Quo6P803; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=gLM5EYn1; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="Quo6P803"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="gLM5EYn1" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778010773; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=V476EO8yuC0CrlvdRRJREdNPE2It58vwHqgvy1pOsNo=; b=Quo6P803fYHzZj/Y/yXK+O2hdFF1ZY2PtmmjHhx3UrbPlgAI5tCf0KkKL0uwmdwzen6Ubg NAehNCDNEbUqLS/qKB/xXDHFRBsTcP+OATMZDCvhFjXz/kbdoEbnDoS081BMPzSo2ZbcN0 H485MYgU64yj7i0ONyKufliZsHAb6jw= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-456-UzSjL0oiMJ-10xKyCLxYnQ-1; Tue, 05 May 2026 15:52:51 -0400 X-MC-Unique: UzSjL0oiMJ-10xKyCLxYnQ-1 X-Mimecast-MFC-AGG-ID: UzSjL0oiMJ-10xKyCLxYnQ_1778010771 Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-4837bfcfe0dso70675565e9.1 for ; Tue, 05 May 2026 12:52:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1778010770; x=1778615570; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=V476EO8yuC0CrlvdRRJREdNPE2It58vwHqgvy1pOsNo=; b=gLM5EYn1pwQfiNAPU55JFNYoocpmLz4SjOrjMT5Rex6W4DxuWZmMY6u6/25M1rCTHn wWW2koO/3z4cqZiagO6u8y3p6JtkW2A89zLBVLVRRn16wk9LDMQZ3vdP6vwcSC6cMDkJ B3kLGu6sF3yCRGwLf3CX7VS/qISPMzEX9kTC+2wCJlshUL+e2odSCe9QTwnCba5unSqt rnCVCPmdv+gqexhtNguct28LsTxlDXPo844ogNucIhEmE+K0MqsAAq0mBe3AiMmJYu5x qwCu9lEpbiZgRuMiC5VhtXqDAoEa0DPBV7EO6a8RUK63KaQb4fr2fI3YZMOuWUle+VFs Q7ww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778010770; x=1778615570; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=V476EO8yuC0CrlvdRRJREdNPE2It58vwHqgvy1pOsNo=; b=UPkHgDFu34RoOp2CvXYArO901od4tHDZgcgXolHXFf3Ev3ci9cp+Gron5TGypNQ38u 8jTsjrUM16a8H/dSapGMX0dPFL5GEW+WGjqpIFz8fgKphSx3XONNyUCRit0oUEO5OiRJ OXctsRE4/J3nEe2Cgh1c8LKbaILtSXm6T591yZqqYs6iqZ1oGmHDkwBLbNNrg/JT5rqK w3gIvjKdKsONfbf980pMm71iTF+VTtfyAF28eerg03+FcqbCWc4YrRfcvPkKVBe0IAPu uR2o5TyM+2Ekg6ewo7Xcj7+oFlkhkwXQ0TRuWJoq4OsTGEB2zaXTDHBBbY5+XVBMcQAq u7zw== X-Gm-Message-State: AOJu0YxBHNfxob6X4ESSgxx+duC8h2SXBwYyj1+rMgK5iTloBXJUigGV x/N3PH5SrHYRCjno7s9jl0ux/BsjGFgcaPnRhG0KJRttWl3IG/VNASTkDXmyJAjivg9IoNBSLfl kfSq2W4C0vfLLf01xnXRRXSIl7ZMEO1gjq0qSGDt0ECZ0oeEu/w0nZKjubmRZVAX23DSzJnxMhm rsPIEJDqQfxc8QrGEQVcDeQumFXnociTLu8PrxYHsRE6hrpvnziA== X-Gm-Gg: AeBDietDbEi741+bOhJXSSyOufPJwZuNKFPfKS8u8UVipH1QJg7oaCXS0O5qwnSrf0Y SiFqDG8t3je01uWtSVWyWluoO+AIQW0XFqvRt9BE/lN/RblcpeJrwsLmArHq8D8RqKBnwl8o8uw B/xpnRWpzRP33ZgAvRik27d906EuXBtNqz6sWjxW9AH+i/jxXcQdtw6nBL4E2IP6pnxnZnkWXJi BIV5bKaKKTVui5o+IUBcw2r3jjL+mjHK/d5yNO0NRVPveKmboQij2/VX21ckWIV1r6zbXg5mONz rQMZuKPxDTlBbnQieMX5wpd/mwXdEEJOHLhe518OX7pxBVgvZ2PDFag5l/hIHliDrt6AIYRvkp+ Xr8G4A0MhMBFWM3SJ5dKAEwpbCtGXXJtlsOy5zSWXGhR+2hWbX9trKOADw+uksfXmBBcIvT1JMZ VDVMqDqAflrgTB9VSXVI6vihZZucMo5qfc+chJSoo= X-Received: by 2002:a05:600c:a10d:b0:48a:563c:c8e0 with SMTP id 5b1f17b1804b1-48e51f21e7bmr8375975e9.1.1778010769787; Tue, 05 May 2026 12:52:49 -0700 (PDT) X-Received: by 2002:a05:600c:a10d:b0:48a:563c:c8e0 with SMTP id 5b1f17b1804b1-48e51f21e7bmr8375705e9.1.1778010769349; Tue, 05 May 2026 12:52:49 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48a82301b7bsm496832835e9.11.2026.05.05.12.52.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 12:52:47 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: d.riley@proxmox.com, jon@nutanix.com Subject: [PATCH 08/28] KVM: x86/mmu: separate more EPT/non-EPT permission_fault() Date: Tue, 5 May 2026 21:52:06 +0200 Message-ID: <20260505195226.563317-9-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260505195226.563317-1-pbonzini@redhat.com> References: <20260505195226.563317-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Move more of EPT handling entirely in the existing "if (!ept)" conditional. Use a new "rf" variable instead of uf for read permissions for clarity. Merge smepf and ff into a single variable because EPT's "SMEP" (actually MBEC) is defined differently and does not need smepf. Tested-by: David Riley Signed-off-by: Paolo Bonzini Reviewed-by: Maxim Levitsky --- arch/x86/kvm/mmu/mmu.c | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index d94a488db79d..fc34536c536b 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -5584,24 +5584,28 @@ static void update_permission_bitmask(struct kvm_mm= u *mmu, bool ept) * that causes a fault with the given PFEC. */ =20 + /* Faults from reads to non-readable pages */ + u8 rf =3D 0; /* Faults from writes to non-writable pages */ u8 wf =3D (pfec & PFERR_WRITE_MASK) ? (u8)~w : 0; /* Faults from user mode accesses to supervisor pages */ - u8 uf =3D (pfec & PFERR_USER_MASK) ? (u8)~u : 0; - /* Faults from fetches of non-executable pages*/ - u8 ff =3D (pfec & PFERR_FETCH_MASK) ? (u8)~x : 0; - /* Faults from kernel mode fetches of user pages */ - u8 smepf =3D 0; + u8 uf =3D 0; + /* Faults from fetches of non-executable pages */ + u8 ff =3D 0; /* Faults from kernel mode accesses of user pages */ u8 smapf =3D 0; =20 - if (!ept) { + if (ept) { + rf =3D (pfec & PFERR_USER_MASK) ? (u8)~u : 0; + ff =3D (pfec & PFERR_FETCH_MASK) ? (u8)~x : 0; + } else { /* Faults from kernel mode accesses to user pages */ u8 kf =3D (pfec & PFERR_USER_MASK) ? 0 : u; =20 - /* Not really needed: !nx will cause pte.nx to fault */ - if (!efer_nx) - ff =3D 0; + uf =3D (pfec & PFERR_USER_MASK) ? (u8)~u : 0; + + if (efer_nx) + ff =3D (pfec & PFERR_FETCH_MASK) ? (u8)~x : 0; =20 /* Allow supervisor writes if !cr0.wp */ if (!cr0_wp) @@ -5609,7 +5613,7 @@ static void update_permission_bitmask(struct kvm_mmu = *mmu, bool ept) =20 /* Disallow supervisor fetches of user code if cr4.smep */ if (cr4_smep) - smepf =3D (pfec & PFERR_FETCH_MASK) ? kf : 0; + ff |=3D (pfec & PFERR_FETCH_MASK) ? kf : 0; =20 /* * SMAP:kernel-mode data accesses from user-mode @@ -5630,7 +5634,7 @@ static void update_permission_bitmask(struct kvm_mmu = *mmu, bool ept) smapf =3D (pfec & (PFERR_RSVD_MASK|PFERR_FETCH_MASK)) ? 0 : kf; } =20 - mmu->permissions[index] =3D ff | uf | wf | smepf | smapf; + mmu->permissions[index] =3D ff | uf | wf | rf | smapf; } } =20 --=20 2.54.0 From nobody Fri Jun 12 08:48:46 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AC4613CF683 for ; Tue, 5 May 2026 19:52:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010779; cv=none; b=CHuUi9kL+CHlfuNxCSA60OWUNIRhEjxrNs5CgNiBHuvxgfIdB2X3pNS+I+NUihL1yl8hllCRwfOINv4Zp3Zd4v0ER51GMpxW42jzvdK1L+ALUFl4QgyTPo0ljduV1PPEfBx3yPWdxFUTxZDL0aXn7o/MAHLZMWSCEDUAKS/28MQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010779; c=relaxed/simple; bh=R2IXZ10vRme19c+Gk4ccRI6jVQXDt3gPieeiCBImRik=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=F/tQe/N2u/3aDs/XVblsVaeN64k8ZwzfUAVN387Z/SNySlkD0x1FsOJk4WKR6mHHjQGLP5eNf1qMMPvdMV97TS8wAHcy0J3LIvdf2xEhqBcoB2LvzzWIR/jycnlm6rJTIwhx594yHf0T2ASvJOFXFwVVreKavdf0JPVWmhyaVQQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=bf8tC4ok; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=cSo/3qpd; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="bf8tC4ok"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="cSo/3qpd" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778010775; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=p1eg0oRZL9p2dzmvyJdmoHA1p2W7/BHTuZQBuaEk5HA=; b=bf8tC4okWibu9pRtsoQfJSFA6mFSOXos0CmW3wziwjkvvaH6bAQ8NxgQfGqhLHG4cmoyP8 5tlpjvlj1zDrHynKe7VdehuYB/HKGYnKCfp7tW+pJgu0IfCwSF7FPGUDFv2x6syW4v1/uv tfBnG80SWFZF8YsZM7sa3Nw3U+2sObg= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-671-9O7KltFaO3eVABjQTi6S1A-1; Tue, 05 May 2026 15:52:54 -0400 X-MC-Unique: 9O7KltFaO3eVABjQTi6S1A-1 X-Mimecast-MFC-AGG-ID: 9O7KltFaO3eVABjQTi6S1A_1778010773 Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-48a5952c635so60355675e9.2 for ; Tue, 05 May 2026 12:52:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1778010772; x=1778615572; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=p1eg0oRZL9p2dzmvyJdmoHA1p2W7/BHTuZQBuaEk5HA=; b=cSo/3qpd/AIocWQez8l26UO1HRpSZEEL+q2RDwk7XfYzLknebefjK3Mt9VCeJcoM5e AdrtQItWYqGg1llqhxWr4+r4ZXwlPEUv0Ho1Yfy21QgNy5fLNgmQbmReyzqa0Amb2ByU CrdhxWy8M9NnNRgWSS7DiJKucKVi+fz7KirJRJTnTOKbH+0pXEFcOvTfkQxW9dKaM7G8 wUMNXZ08dOEfJ/mgbfFHMOPZupRMfgR+b1rltYAi6M7dEQBFMh0MAVf3A4Lsi8KZSycZ sSkPuANsZ9j9pkxw0/Gk339RoJ5TnUGSA9oYhC3VunFBs/dKuR2ihTuVDZxgHcMGLrMW heLA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778010772; x=1778615572; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=p1eg0oRZL9p2dzmvyJdmoHA1p2W7/BHTuZQBuaEk5HA=; b=Vb3oX/HrOegydBD91D1FQkj5t4TQHkROhFB6xYGX6poW4ksB35WmWLczCg3qgiDGJB 06s8/EV7F/GPyX4xAOmz72McBuE6PFgMkQOGQHFSymwbchMPNKxDRAg0euh+s3/wwt3N aWm9L6U2Rpp3qNSLemlx8svSC54ZsBUundLBQPhBpZr9w8H0HYGpvFkDia+PB9lYERyZ yIYFxrEFFNevJTH5Hf2Zwoycm4adJnqa8CTnVeMHjSbQv1srNdYikCIr5uzZOu/OBRoU 549ZOkRFExtTRn5zSIaLGBnQIvhvlMmpMpe+Y2TQIxioPVDg9a4zKB8HjcAFZ3yXTNJz Z/MA== X-Gm-Message-State: AOJu0Yx0kOD1VoZ92MYY7K8abkI68EMpek2HX4T1jRGYT/Rg1eu+GqRQ T+bKral0ZmRNzRPBSLow6rSqnc08BxHOr58cR48xF4io19g8NV6s5b98ZzHZIBiZuwGvKi5obA7 7LVM63IQL4KAbfC32TxcS4fP4jnNfx05JjTuEQIBXaeANMH2WKwc9/Xg8AKxZxXhavixbTbQDiM vUyIsQt3dbYSFMWO6AKaaumCbnPbHQjqMIXUXbefKibt9HQfH/AQ== X-Gm-Gg: AeBDievElYS1H15q3JJ5OpyKTkJmUSNkTdWX2tIvL5Uf/BRkXNSdTpqnhWcogF73fwr jn2EVXQ+DuZUs7iAz7DJIy6+UfMuQuu1rCsvKUW5A2US9AORuDanZmn2TRSpwhGHnrgYPvqgB7m ux+HN2C1nCfQiydYqWfn59ThTuG33vHdyujBlWstGz8O7KGqt0EfEPvDmfwhlBg3zTF3h0GVnta sI5oUiuS/jo2EsET4npaMSpj3RgcMBLW//3alv5dvr7F1zHDtu0vrwH9SihDrM8mwLFTCsIVUVH 9szEyoXVEeIj/pqlSCPfBQgYOMMrgm9dx4PXFIIczRu6zMjqxx6wPMI73axw4hyQ/ZGSroCUNY4 Bh7Zm2ZwMeCl0mA5vPbQ7LMsmQz5ctvItucDrQKcwVjaLCcI9P8DJ6svopu+qT2WAuEP5HYYw11 2tDgfj0M2An11Ha+KmHcNezrfQFLRRvr1aFHWqtQs= X-Received: by 2002:a05:600c:4e0c:b0:48a:54fd:54ea with SMTP id 5b1f17b1804b1-48e51e21378mr12454145e9.12.1778010772064; Tue, 05 May 2026 12:52:52 -0700 (PDT) X-Received: by 2002:a05:600c:4e0c:b0:48a:54fd:54ea with SMTP id 5b1f17b1804b1-48e51e21378mr12453485e9.12.1778010771457; Tue, 05 May 2026 12:52:51 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48e51f5a8c5sm4220615e9.1.2026.05.05.12.52.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 12:52:50 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: d.riley@proxmox.com, jon@nutanix.com Subject: [PATCH 09/28] KVM: x86/mmu: introduce ACC_READ_MASK Date: Tue, 5 May 2026 21:52:07 +0200 Message-ID: <20260505195226.563317-10-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260505195226.563317-1-pbonzini@redhat.com> References: <20260505195226.563317-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Read permissions so far were only needed for EPT, which does not need ACC_USER_MASK. Therefore, for EPT page tables ACC_USER_MASK was repurposed as a read permission bit. In order to implement nested MBEC, EPT will genuinely have four kinds of accesses, and there will be no room for such hacks; bite the bullet at last, enlarging ACC_ALL to four bits and permissions[] to 2^4 bits (u16). The new code does not enforce that the XWR bits on non-execonly processors have their R bit set, even when running nested: none of the shadow_*_mask values have bit 0 set, and make_spte() genuinely relies on ACC_READ_MASK being requested! This works because, if execonly is not supported by the processor, shadow EPT will generate an EPT misconfig vmexit if the XWR bits represent a non-readable page, and therefore the pte_access argument to make_spte() will also always have ACC_READ_MASK set. Tested-by: David Riley Signed-off-by: Paolo Bonzini Reviewed-by: Maxim Levitsky --- arch/x86/include/asm/kvm_host.h | 12 ++++----- arch/x86/kvm/mmu.h | 2 +- arch/x86/kvm/mmu/mmu.c | 45 ++++++++++++++++++++------------- arch/x86/kvm/mmu/mmutrace.h | 3 ++- arch/x86/kvm/mmu/paging_tmpl.h | 35 +++++++++++++++---------- arch/x86/kvm/mmu/spte.c | 18 +++++-------- arch/x86/kvm/mmu/spte.h | 5 ++-- arch/x86/kvm/vmx/capabilities.h | 5 ---- arch/x86/kvm/vmx/common.h | 5 +--- arch/x86/kvm/vmx/vmx.c | 3 +-- 10 files changed, 69 insertions(+), 64 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_hos= t.h index c470e40a00aa..8f2a1b915df9 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -328,11 +328,11 @@ struct kvm_kernel_irq_routing_entry; * the number of unique SPs that can theoretically be created is 2^n, wher= e n * is the number of bits that are used to compute the role. * - * But, even though there are 20 bits in the mask below, not all combinati= ons + * But, even though there are 21 bits in the mask below, not all combinati= ons * of modes and flags are possible: * * - invalid shadow pages are not accounted, mirror pages are not shadow= ed, - * so the bits are effectively 18. + * so the bits are effectively 19. * * - quadrant will only be used if has_4_byte_gpte=3D1 (non-PAE paging); * execonly and ad_disabled are only used for nested EPT which has @@ -347,7 +347,7 @@ struct kvm_kernel_irq_routing_entry; * cr0_wp=3D0, therefore these three bits only give rise to 5 possibil= ities. * * Therefore, the maximum number of possible upper-level shadow pages for a - * single gfn is a bit less than 2^13. + * single gfn is a bit less than 2^14. */ union kvm_mmu_page_role { u32 word; @@ -356,7 +356,7 @@ union kvm_mmu_page_role { unsigned has_4_byte_gpte:1; unsigned quadrant:2; unsigned direct:1; - unsigned access:3; + unsigned access:4; unsigned invalid:1; unsigned efer_nx:1; unsigned cr0_wp:1; @@ -366,7 +366,7 @@ union kvm_mmu_page_role { unsigned guest_mode:1; unsigned passthrough:1; unsigned is_mirror:1; - unsigned :4; + unsigned:3; =20 /* * This is left at the top of the word so that @@ -492,7 +492,7 @@ struct kvm_mmu { * Byte index: page fault error code [4:1] * Bit index: pte permissions in ACC_* format */ - u8 permissions[16]; + u16 permissions[16]; =20 u64 *pae_root; u64 *pml4_root; diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h index 830f46145692..23f37535c0ce 100644 --- a/arch/x86/kvm/mmu.h +++ b/arch/x86/kvm/mmu.h @@ -81,7 +81,7 @@ u8 kvm_mmu_get_max_tdp_level(void); void kvm_mmu_set_mmio_spte_mask(u64 mmio_value, u64 mmio_mask, u64 access_= mask); void kvm_mmu_set_mmio_spte_value(struct kvm *kvm, u64 mmio_value); void kvm_mmu_set_me_spte_mask(u64 me_value, u64 me_mask); -void kvm_mmu_set_ept_masks(bool has_ad_bits, bool has_exec_only); +void kvm_mmu_set_ept_masks(bool has_ad_bits); =20 void kvm_init_mmu(struct kvm_vcpu *vcpu); void kvm_init_shadow_npt_mmu(struct kvm_vcpu *vcpu, unsigned long cr0, diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index fc34536c536b..fa6a5e4ee09a 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -2033,7 +2033,7 @@ static bool kvm_sync_page_check(struct kvm_vcpu *vcpu= , struct kvm_mmu_page *sp) */ const union kvm_mmu_page_role sync_role_ign =3D { .level =3D 0xf, - .access =3D 0x7, + .access =3D ACC_ALL, .quadrant =3D 0x3, .passthrough =3D 0x1, }; @@ -5539,7 +5539,7 @@ reset_ept_shadow_zero_bits_mask(struct kvm_mmu *conte= xt, bool execonly) * update_permission_bitmask() builds what is effectively a * two-dimensional array of bools. The second dimension is * provided by individual bits of permissions[pfec >> 1], and - * logical &, | and ~ operations operate on all the 8 possible + * logical &, | and ~ operations operate on all the 16 possible * combinations of ACC_* bits. */ #define ACC_BITS_MASK(access) \ @@ -5549,15 +5549,23 @@ reset_ept_shadow_zero_bits_mask(struct kvm_mmu *con= text, bool execonly) (4 & (access) ? 1 << 4 : 0) | \ (5 & (access) ? 1 << 5 : 0) | \ (6 & (access) ? 1 << 6 : 0) | \ - (7 & (access) ? 1 << 7 : 0)) + (7 & (access) ? 1 << 7 : 0) | \ + (8 & (access) ? 1 << 8 : 0) | \ + (9 & (access) ? 1 << 9 : 0) | \ + (10 & (access) ? 1 << 10 : 0) | \ + (11 & (access) ? 1 << 11 : 0) | \ + (12 & (access) ? 1 << 12 : 0) | \ + (13 & (access) ? 1 << 13 : 0) | \ + (14 & (access) ? 1 << 14 : 0) | \ + (15 & (access) ? 1 << 15 : 0)) =20 static void update_permission_bitmask(struct kvm_mmu *mmu, bool ept) { unsigned index; =20 - const u8 x =3D ACC_BITS_MASK(ACC_EXEC_MASK); - const u8 w =3D ACC_BITS_MASK(ACC_WRITE_MASK); - const u8 u =3D ACC_BITS_MASK(ACC_USER_MASK); + const u16 x =3D ACC_BITS_MASK(ACC_EXEC_MASK); + const u16 w =3D ACC_BITS_MASK(ACC_WRITE_MASK); + const u16 r =3D ACC_BITS_MASK(ACC_READ_MASK); =20 bool cr4_smep =3D is_cr4_smep(mmu); bool cr4_smap =3D is_cr4_smap(mmu); @@ -5580,32 +5588,33 @@ static void update_permission_bitmask(struct kvm_mm= u *mmu, bool ept) unsigned pfec =3D index << 1; =20 /* - * Each "*f" variable has a 1 bit for each UWX value + * Each "*f" variable has a 1 bit for each ACC_* combo * that causes a fault with the given PFEC. */ =20 /* Faults from reads to non-readable pages */ - u8 rf =3D 0; + u16 rf =3D (pfec & (PFERR_WRITE_MASK|PFERR_FETCH_MASK)) ? 0 : (u16)~r; /* Faults from writes to non-writable pages */ - u8 wf =3D (pfec & PFERR_WRITE_MASK) ? (u8)~w : 0; + u16 wf =3D (pfec & PFERR_WRITE_MASK) ? (u16)~w : 0; /* Faults from user mode accesses to supervisor pages */ - u8 uf =3D 0; + u16 uf =3D 0; /* Faults from fetches of non-executable pages */ - u8 ff =3D 0; + u16 ff =3D 0; /* Faults from kernel mode accesses of user pages */ - u8 smapf =3D 0; + u16 smapf =3D 0; =20 if (ept) { - rf =3D (pfec & PFERR_USER_MASK) ? (u8)~u : 0; - ff =3D (pfec & PFERR_FETCH_MASK) ? (u8)~x : 0; + ff =3D (pfec & PFERR_FETCH_MASK) ? (u16)~x : 0; } else { - /* Faults from kernel mode accesses to user pages */ - u8 kf =3D (pfec & PFERR_USER_MASK) ? 0 : u; + const u16 u =3D ACC_BITS_MASK(ACC_USER_MASK); =20 - uf =3D (pfec & PFERR_USER_MASK) ? (u8)~u : 0; + /* Faults from kernel mode accesses to user pages */ + u16 kf =3D (pfec & PFERR_USER_MASK) ? 0 : u; + + uf =3D (pfec & PFERR_USER_MASK) ? (u16)~u : 0; =20 if (efer_nx) - ff =3D (pfec & PFERR_FETCH_MASK) ? (u8)~x : 0; + ff =3D (pfec & PFERR_FETCH_MASK) ? (u16)~x : 0; =20 /* Allow supervisor writes if !cr0.wp */ if (!cr0_wp) diff --git a/arch/x86/kvm/mmu/mmutrace.h b/arch/x86/kvm/mmu/mmutrace.h index 764e3015d021..dcfdfedfc4e9 100644 --- a/arch/x86/kvm/mmu/mmutrace.h +++ b/arch/x86/kvm/mmu/mmutrace.h @@ -25,7 +25,8 @@ #define KVM_MMU_PAGE_PRINTK() ({ \ const char *saved_ptr =3D trace_seq_buffer_ptr(p); \ static const char *access_str[] =3D { \ - "---", "--x", "w--", "w-x", "-u-", "-ux", "wu-", "wux" \ + "----", "r---", "-w--", "rw--", "--u-", "r-u-", "-wu-", "rwu-", \ + "---x", "r--x", "-w-x", "rw-x", "--ux", "r-ux", "-wux", "rwux" \ }; \ union kvm_mmu_page_role role; \ \ diff --git a/arch/x86/kvm/mmu/paging_tmpl.h b/arch/x86/kvm/mmu/paging_tmpl.h index 901cd2bd40b8..fb1b5d8b23e5 100644 --- a/arch/x86/kvm/mmu/paging_tmpl.h +++ b/arch/x86/kvm/mmu/paging_tmpl.h @@ -170,25 +170,24 @@ static bool FNAME(prefetch_invalid_gpte)(struct kvm_v= cpu *vcpu, return true; } =20 -/* - * For PTTYPE_EPT, a page table can be executable but not readable - * on supported processors. Therefore, set_spte does not automatically - * set bit 0 if execute only is supported. Here, we repurpose ACC_USER_MASK - * to signify readability since it isn't used in the EPT case - */ static inline unsigned FNAME(gpte_access)(u64 gpte) { unsigned access; #if PTTYPE =3D=3D PTTYPE_EPT access =3D ((gpte & VMX_EPT_WRITABLE_MASK) ? ACC_WRITE_MASK : 0) | ((gpte & VMX_EPT_EXECUTABLE_MASK) ? ACC_EXEC_MASK : 0) | - ((gpte & VMX_EPT_READABLE_MASK) ? ACC_USER_MASK : 0); + ((gpte & VMX_EPT_READABLE_MASK) ? ACC_READ_MASK : 0); #else - BUILD_BUG_ON(ACC_EXEC_MASK !=3D PT_PRESENT_MASK); - BUILD_BUG_ON(ACC_EXEC_MASK !=3D 1); + /* + * P is set here, so the page is always readable and W/U/!NX represent + * allowed accesses. + */ + BUILD_BUG_ON(ACC_READ_MASK !=3D PT_PRESENT_MASK); + BUILD_BUG_ON(ACC_WRITE_MASK !=3D PT_WRITABLE_MASK); + BUILD_BUG_ON(ACC_USER_MASK !=3D PT_USER_MASK); + BUILD_BUG_ON(ACC_EXEC_MASK & (PT_WRITABLE_MASK | PT_USER_MASK | PT_PRESEN= T_MASK)); access =3D gpte & (PT_WRITABLE_MASK | PT_USER_MASK | PT_PRESENT_MASK); - /* Combine NX with P (which is set here) to get ACC_EXEC_MASK. */ - access ^=3D (gpte >> PT64_NX_SHIFT); + access |=3D gpte & PT64_NX_MASK ? 0 : ACC_EXEC_MASK; #endif =20 return access; @@ -501,10 +500,18 @@ static int FNAME(walk_addr_generic)(struct guest_walk= er *walker, =20 if (write_fault) walker->fault.exit_qualification |=3D EPT_VIOLATION_ACC_WRITE; - if (user_fault) - walker->fault.exit_qualification |=3D EPT_VIOLATION_ACC_READ; - if (fetch_fault) + else if (fetch_fault) walker->fault.exit_qualification |=3D EPT_VIOLATION_ACC_INSTR; + else + walker->fault.exit_qualification |=3D EPT_VIOLATION_ACC_READ; + + /* + * Accesses to guest paging structures are either "reads" or + * "read+write" accesses, so consider them the latter if write_fault + * is true. + */ + if (access & PFERR_GUEST_PAGE_MASK) + walker->fault.exit_qualification |=3D EPT_VIOLATION_ACC_READ; =20 /* * Note, pte_access holds the raw RWX bits from the EPTE, not diff --git a/arch/x86/kvm/mmu/spte.c b/arch/x86/kvm/mmu/spte.c index 849a1c1c92b5..1b7fb508098b 100644 --- a/arch/x86/kvm/mmu/spte.c +++ b/arch/x86/kvm/mmu/spte.c @@ -194,12 +194,6 @@ bool make_spte(struct kvm_vcpu *vcpu, struct kvm_mmu_p= age *sp, int is_host_mmio =3D -1; bool wrprot =3D false; =20 - /* - * For the EPT case, shadow_present_mask has no RWX bits set if - * exec-only page table entries are supported. In that case, - * ACC_USER_MASK and shadow_user_mask are used to represent - * read access. See FNAME(gpte_access) in paging_tmpl.h. - */ WARN_ON_ONCE((pte_access | shadow_present_mask) =3D=3D SHADOW_NONPRESENT_= VALUE); =20 if (sp->role.ad_disabled) @@ -228,6 +222,9 @@ bool make_spte(struct kvm_vcpu *vcpu, struct kvm_mmu_pa= ge *sp, pte_access &=3D ~ACC_EXEC_MASK; } =20 + if (pte_access & ACC_READ_MASK) + spte |=3D PT_PRESENT_MASK; /* or VMX_EPT_READABLE_MASK */ + if (pte_access & ACC_EXEC_MASK) spte |=3D shadow_x_mask; else @@ -391,6 +388,7 @@ u64 make_nonleaf_spte(u64 *child_pt, bool ad_disabled) u64 spte =3D SPTE_MMU_PRESENT_MASK; =20 spte |=3D __pa(child_pt) | shadow_present_mask | PT_WRITABLE_MASK | + PT_PRESENT_MASK /* or VMX_EPT_READABLE_MASK */ | shadow_user_mask | shadow_x_mask | shadow_me_value; =20 if (ad_disabled) @@ -491,18 +489,16 @@ void kvm_mmu_set_me_spte_mask(u64 me_value, u64 me_ma= sk) } EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_mmu_set_me_spte_mask); =20 -void kvm_mmu_set_ept_masks(bool has_ad_bits, bool has_exec_only) +void kvm_mmu_set_ept_masks(bool has_ad_bits) { kvm_ad_enabled =3D has_ad_bits; =20 - shadow_user_mask =3D VMX_EPT_READABLE_MASK; + shadow_user_mask =3D 0; shadow_accessed_mask =3D VMX_EPT_ACCESS_BIT; shadow_dirty_mask =3D VMX_EPT_DIRTY_BIT; shadow_nx_mask =3D 0ull; shadow_x_mask =3D VMX_EPT_EXECUTABLE_MASK; - /* VMX_EPT_SUPPRESS_VE_BIT is needed for W or X violation. */ - shadow_present_mask =3D - (has_exec_only ? 0ull : VMX_EPT_READABLE_MASK) | VMX_EPT_SUPPRESS_VE_BIT; + shadow_present_mask =3D VMX_EPT_SUPPRESS_VE_BIT; =20 shadow_acc_track_mask =3D VMX_EPT_RWX_MASK; shadow_host_writable_mask =3D EPT_SPTE_HOST_WRITABLE; diff --git a/arch/x86/kvm/mmu/spte.h b/arch/x86/kvm/mmu/spte.h index bc02a2e89a31..121bfb2217e8 100644 --- a/arch/x86/kvm/mmu/spte.h +++ b/arch/x86/kvm/mmu/spte.h @@ -52,10 +52,11 @@ static_assert(SPTE_TDP_AD_ENABLED =3D=3D 0); #define SPTE_BASE_ADDR_MASK (((1ULL << 52) - 1) & ~(u64)(PAGE_SIZE-1)) #endif =20 -#define ACC_EXEC_MASK 1 +#define ACC_READ_MASK PT_PRESENT_MASK #define ACC_WRITE_MASK PT_WRITABLE_MASK #define ACC_USER_MASK PT_USER_MASK -#define ACC_ALL (ACC_EXEC_MASK | ACC_WRITE_MASK | ACC_USER_MASK) +#define ACC_EXEC_MASK 8 +#define ACC_ALL (ACC_EXEC_MASK | ACC_WRITE_MASK | ACC_USER_MASK |= ACC_READ_MASK) =20 #define SPTE_LEVEL_BITS 9 #define SPTE_LEVEL_SHIFT(level) __PT_LEVEL_SHIFT(level, SPTE_LEVEL_BITS) diff --git a/arch/x86/kvm/vmx/capabilities.h b/arch/x86/kvm/vmx/capabilitie= s.h index 56cacc06225e..7e59eb0f41bb 100644 --- a/arch/x86/kvm/vmx/capabilities.h +++ b/arch/x86/kvm/vmx/capabilities.h @@ -300,11 +300,6 @@ static inline bool cpu_has_vmx_flexpriority(void) cpu_has_vmx_virtualize_apic_accesses(); } =20 -static inline bool cpu_has_vmx_ept_execute_only(void) -{ - return vmx_capability.ept & VMX_EPT_EXECUTE_ONLY_BIT; -} - static inline bool cpu_has_vmx_ept_4levels(void) { return vmx_capability.ept & VMX_EPT_PAGE_WALK_4_BIT; diff --git a/arch/x86/kvm/vmx/common.h b/arch/x86/kvm/vmx/common.h index adf925500b9e..1afbf272efae 100644 --- a/arch/x86/kvm/vmx/common.h +++ b/arch/x86/kvm/vmx/common.h @@ -85,11 +85,8 @@ static inline int __vmx_handle_ept_violation(struct kvm_= vcpu *vcpu, gpa_t gpa, { u64 error_code; =20 - /* Is it a read fault? */ - error_code =3D (exit_qualification & EPT_VIOLATION_ACC_READ) - ? PFERR_USER_MASK : 0; /* Is it a write fault? */ - error_code |=3D (exit_qualification & EPT_VIOLATION_ACC_WRITE) + error_code =3D (exit_qualification & EPT_VIOLATION_ACC_WRITE) ? PFERR_WRITE_MASK : 0; /* Is it a fetch fault? */ error_code |=3D (exit_qualification & EPT_VIOLATION_ACC_INSTR) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index a29896a9ef14..337bbfecc021 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -8683,8 +8683,7 @@ __init int vmx_hardware_setup(void) set_bit(0, vmx_vpid_bitmap); /* 0 is reserved for host */ =20 if (enable_ept) - kvm_mmu_set_ept_masks(enable_ept_ad_bits, - cpu_has_vmx_ept_execute_only()); + kvm_mmu_set_ept_masks(enable_ept_ad_bits); else vt_x86_ops.get_mt_mask =3D NULL; =20 --=20 2.54.0 From nobody Fri Jun 12 08:48:46 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 050153CFF48 for ; Tue, 5 May 2026 19:52:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010779; cv=none; b=K85BrX9QX0bEyzowwbOMZ4pYf79ZXrGlIgEn/ut5qACw7iVvQY7WbwygbPyMDOqxVe+qPWPq8ymO8aIhrS8I6Ch4FnaA0h5yJBuAkFEz9RZ62sKF2m4iAt19P7oWiHFp+rUbIdXh8DeARUL8+/X1Y4oEMm6Bu9Libe5Ab7+1M1U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010779; c=relaxed/simple; bh=xcs8N8Ir2k2QH3s5gxdqyKJrgcgQ/V8AjLlcJ3QFRiI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=FoGNpvHjtRDG0IRmaq0MT2F6EBkodRB7RKBwxpjHF0D+wH4yn2Vu5qbMLNzh9Nt5aoTnTK9k6rI3/bb3HlrlRUf0E1pAidUF38lzzk9t7mmPSmda69YfIeb3uLc5ly+CUN37NrUYsaJqdF0DE3uhl7URqC56/Wx8X7fm8J1skJE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=T3lzYs2u; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=WhiIDW3a; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="T3lzYs2u"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="WhiIDW3a" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778010776; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=qA4QxJ4Rlo1GYMPxqmoz7ie3e/DH4wp8z5r8HqmqNfQ=; b=T3lzYs2uRO5B2WvYFS7RvKVupnzUIujwQyy5vKf6GE174qsvDIRL7/3zlvKNUVZtg9WHZR 1H2kX5f3nb1poRQhQIN18u2/FbyhboMNgnY0lZ0U4aZcjpBej2QuTkjM9gs5to02QTMNED FnwyoVS5dCxyDv//YxiWmUveIlrb5vs= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-588-WpjLBdlbPoSNaSEXcFZB-w-1; Tue, 05 May 2026 15:52:55 -0400 X-MC-Unique: WpjLBdlbPoSNaSEXcFZB-w-1 X-Mimecast-MFC-AGG-ID: WpjLBdlbPoSNaSEXcFZB-w_1778010774 Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-48a7994e8ddso54369375e9.0 for ; Tue, 05 May 2026 12:52:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1778010773; x=1778615573; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=qA4QxJ4Rlo1GYMPxqmoz7ie3e/DH4wp8z5r8HqmqNfQ=; b=WhiIDW3aTECtSvkMJdv9UcbPLH8EpKv/Vv7OIcnxWJO4tMjKoeqt/Q5ohfZ5zy3b9D x/PZT7hB8zO4ICQ3QOadP0v3Lc51OTvZ2IKB4YaWYpy7sgyJhVmfIaKT2dJLOHHNQnJW 4Xgvy3OwMGxWDrGHRR2LPsg2EclYQp0IRFiqCw6wCCbKyVm0Ov6bOvAdCsQuaXfRlLv2 zL38rCHIHbhfWVURanS29JsJlO2lzR6QHAfW89hMckvDrF9zGNnNsVdIdtXwTGx1LhF/ BKwPryuLXBO4HxvbpmBgY5YYk7wnC+8iL2TzPqYul1+oAcVn3dXzSZShujl4ceJzbZJh ikxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778010773; x=1778615573; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=qA4QxJ4Rlo1GYMPxqmoz7ie3e/DH4wp8z5r8HqmqNfQ=; b=Pj3jZ7GiWFVI/E1gn2/ae4jMUskois9djMEXpHjB/QMhiSMRqMbKEzOP41LCySB6yb s1mEoLV/NR7A1cWEaYlspiNg5sJV3fd7lNarpDnM0Yxn+/tqpksm8RBWdLCPWisNHQ/M Nob3X+6spAqU+8YR7mom8TOxPBEAaexGzryOpuWYs31KzuNTwEkDhClq5LECLncPuPK1 WSL1nmz8bQkZ83+mhnYgRGem1fhWS5Pn0sZh2ChltTHJMHvBAPKXtVYXujqYEldgCD98 3R7wW/v6VAfWpB0sfY3Sz1gOcFcP+jdDWjmE5UEGhE2cA2/yWpJBcx46Wh7Gk97cLnJL 4qgw== X-Gm-Message-State: AOJu0YwCv0PuWymqFep9iVVVSeLlrboVIiDI5P3LOZIyUlHfkblaQ5al KMGdU8Pkrik5UszIrlx9ccjENzOBvMX8jX+ojmK45eWpCN4G653okPer+nmv+uPxINZeITxBFtS 0kE66MvgO1bNAIvWyUYyXQ8nr0AZWgzvwpCsE9f/sWuwgKh44DlTUfhDkhQnlcqhrydc8UmNu4S 55NylumkZ+puHoQVKLF5UcSurOzHAwfjUpYSu0sN1mlr+fE+V/TQ== X-Gm-Gg: AeBDiesRlhxp0ZHoZgvSMoQAJ8hFulncZGypEP38hF+gUiklqwUgs07fMewBXX5eVY6 xwLGi6a0NSDb4uBcytcMjc3pSuP708AFQwKAMwS8XYzJ2NMd7G4fpOGPgzLr2HBW908ccGz2UiN mHW9beRBGQwCl4RMUkBoUizTpRiNYpzai0aTPHDGGUWBGDbADgTjs3z3A5jQAuKS6tay1BofVV4 /kzoYfTjhzMh7wJy3rvswRVc/ifw9sUyRiiSFj+N83otfOefV5mi6y/t7vDHGj7G5e5SpHSdAE2 VZJXuWpB/lAVGS+VSiMF/tZz8FW2BV/4RxA65wVOudl0f+0FcxEVCMH9c0m2mEDzbzIUr3CkAie 32x1+TO/KkpNMYrInNg9b4JLYFiXc8s5X8EzJa3Qky5Hc+gZAbmR0/VPrwNg2lAveqkFuyBkLpI Hmmc9YyJmG282iFTJmVSJNuq/HL6Oi9Aldkyywx70= X-Received: by 2002:a05:600c:1d18:b0:489:1f97:6b1d with SMTP id 5b1f17b1804b1-48e51f4844emr10534415e9.28.1778010773135; Tue, 05 May 2026 12:52:53 -0700 (PDT) X-Received: by 2002:a05:600c:1d18:b0:489:1f97:6b1d with SMTP id 5b1f17b1804b1-48e51f4844emr10534035e9.28.1778010772750; Tue, 05 May 2026 12:52:52 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48a8eba865fsm334741325e9.10.2026.05.05.12.52.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 12:52:52 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: d.riley@proxmox.com, jon@nutanix.com Subject: [PATCH 10/28] KVM: x86/mmu: pass PFERR_GUEST_PAGE/FINAL_MASK to kvm_translate_gpa Date: Tue, 5 May 2026 21:52:08 +0200 Message-ID: <20260505195226.563317-11-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260505195226.563317-1-pbonzini@redhat.com> References: <20260505195226.563317-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The XS/XU bit for EPT are only applied to final accesses, and use the U bit from the page walk itself. While strictly speaking not necessary (any value of PFERR_USER_MASK would be the same for page table accesses, because they're reads and writes only), it is clearer and less hackish to only apply MBEC to PFERR_GUEST_FINAL_MASK. Allow kvm-intel.ko to distinguish the two cases. Tested-by: David Riley Signed-off-by: Paolo Bonzini Reviewed-by: Maxim Levitsky --- arch/x86/kvm/hyperv.c | 3 ++- arch/x86/kvm/mmu/mmu.c | 3 ++- arch/x86/kvm/mmu/paging_tmpl.h | 7 +++++-- arch/x86/kvm/x86.c | 3 ++- 4 files changed, 11 insertions(+), 5 deletions(-) diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c index 9b140bbdc1d8..cf9dd565b894 100644 --- a/arch/x86/kvm/hyperv.c +++ b/arch/x86/kvm/hyperv.c @@ -2041,7 +2041,8 @@ static u64 kvm_hv_flush_tlb(struct kvm_vcpu *vcpu, st= ruct kvm_hv_hcall *hc) * read with kvm_read_guest(). */ if (!hc->fast && is_guest_mode(vcpu)) { - hc->ingpa =3D translate_nested_gpa(vcpu, hc->ingpa, 0, NULL); + hc->ingpa =3D translate_nested_gpa(vcpu, hc->ingpa, + PFERR_GUEST_FINAL_MASK, NULL); if (unlikely(hc->ingpa =3D=3D INVALID_GPA)) return HV_STATUS_INVALID_HYPERCALL_INPUT; } diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index fa6a5e4ee09a..46412e4d207f 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -4348,7 +4348,8 @@ static gpa_t nonpaging_gva_to_gpa(struct kvm_vcpu *vc= pu, struct kvm_mmu *mmu, { if (exception) exception->error_code =3D 0; - return kvm_translate_gpa(vcpu, mmu, vaddr, access, exception); + return kvm_translate_gpa(vcpu, mmu, vaddr, access | PFERR_GUEST_FINAL_MAS= K, + exception); } =20 static bool mmio_info_in_cache(struct kvm_vcpu *vcpu, u64 addr, bool direc= t) diff --git a/arch/x86/kvm/mmu/paging_tmpl.h b/arch/x86/kvm/mmu/paging_tmpl.h index fb1b5d8b23e5..567f8b77ffe0 100644 --- a/arch/x86/kvm/mmu/paging_tmpl.h +++ b/arch/x86/kvm/mmu/paging_tmpl.h @@ -376,7 +376,8 @@ static int FNAME(walk_addr_generic)(struct guest_walker= *walker, walker->pte_gpa[walker->level - 1] =3D pte_gpa; =20 real_gpa =3D kvm_translate_gpa(vcpu, mmu, gfn_to_gpa(table_gfn), - nested_access, &walker->fault); + nested_access | PFERR_GUEST_PAGE_MASK, + &walker->fault); =20 /* * FIXME: This can happen if emulation (for of an INS/OUTS @@ -444,7 +445,9 @@ static int FNAME(walk_addr_generic)(struct guest_walker= *walker, gfn +=3D pse36_gfn_delta(pte); #endif =20 - real_gpa =3D kvm_translate_gpa(vcpu, mmu, gfn_to_gpa(gfn), access, &walke= r->fault); + real_gpa =3D kvm_translate_gpa(vcpu, mmu, gfn_to_gpa(gfn), + access | PFERR_GUEST_FINAL_MASK, + &walker->fault); if (real_gpa =3D=3D INVALID_GPA) return 0; =20 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 0a1b63c63d1a..ef1e3ae13887 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1072,7 +1072,8 @@ int load_pdptrs(struct kvm_vcpu *vcpu, unsigned long = cr3) * to an L1 GPA. */ real_gpa =3D kvm_translate_gpa(vcpu, mmu, gfn_to_gpa(pdpt_gfn), - PFERR_USER_MASK | PFERR_WRITE_MASK, NULL); + PFERR_USER_MASK | PFERR_WRITE_MASK | + PFERR_GUEST_PAGE_MASK, NULL); if (real_gpa =3D=3D INVALID_GPA) return 0; =20 --=20 2.54.0 From nobody Fri Jun 12 08:48:46 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9A9373DA5D4 for ; Tue, 5 May 2026 19:53:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010784; cv=none; b=QotYYI2zNP3ZplHHpK96EcRrmoKflt215XYAnCybzHl95SILS9veirfBRE545rddGML8XGbM6NouPFj5NZ/YdDAIS0yhJFv9paVngKzvM5uV1wz/GHv1OB9qN0HW3IEfFeJ+Z86JAd3oSiagZrFsmF/jHgl3dcx4MQ54eGm/u3c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010784; c=relaxed/simple; bh=2U/3jefBJ7l9O2M5+c2UmKDUFVhFYy7ZCfqlYg7Tm+k=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=NCgsR/BYhiH59jtDBjK1h73GlkVHdujRHn59+tK45Yhnsry1RVa0Yl5XhnawEAwyrLH2ugPX9MRgWCe3Q1YnvP7gYpND9ChyR59rS5pVLl7FlZ1eq3KHjcBWzky5P7kJAL5QGR3DXukG+FsnHdSFEDGKNF/htNMgAqMHi/8qkyk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=SNIefv24; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=J6IS3dEm; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="SNIefv24"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="J6IS3dEm" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778010779; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HUdoCfMIvzOtOBmQ5/8GVTfaJ3h1aQni9LagJneRo0w=; b=SNIefv24h4OyBwG+LbnthTakgoVBSVuCE6J/qzoxA2McbM4YrJNKJ8y3OsBA/jvExydzPI OV7PVJP9e5k74YgeRs+A+pqoSoBQS8SKP6/GQf3xDwrkEYKbqp1voKoqnAggy7s0OeIklC lXAwHhsyNtcWQRtaaj37lDiIBf3v+Ds= Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-17-bQu2CwJFOxWOikePnmuKbQ-1; Tue, 05 May 2026 15:52:58 -0400 X-MC-Unique: bQu2CwJFOxWOikePnmuKbQ-1 X-Mimecast-MFC-AGG-ID: bQu2CwJFOxWOikePnmuKbQ_1778010777 Received: by mail-wr1-f69.google.com with SMTP id ffacd0b85a97d-44bf1ac8893so3406400f8f.0 for ; Tue, 05 May 2026 12:52:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1778010776; x=1778615576; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=HUdoCfMIvzOtOBmQ5/8GVTfaJ3h1aQni9LagJneRo0w=; b=J6IS3dEmg558wrFgQvCow10/bR7VBnPjlIJfFTfOJ7POUpcQ3H0STzRzhfVzAUbetw v2zslx/OUShS6RPtH6as4gjFGhcXJ4acopFLFIQpQeG9ChWt5nNU4Jr2OpCLsIorm88h 3bPhwYSvkgvdQlhKN+xGrditO2zt+cD6Nx4nHDusVT2UeuwW/7NTi+H3uru3HBdeeZ8/ 0u8eWs2lsnWRVdvuvOKrovpAgjJjdSGMYHDwFdtVZJBV1LHaj4/EPsqpeQJaB9WpWD5n tvst1CV63XxhsJGwwD+mUIPyfQmVmSO8eottJ6wDuE5/+y6Dm5CHCeDei3ljGdqrzNao eGqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778010776; x=1778615576; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=HUdoCfMIvzOtOBmQ5/8GVTfaJ3h1aQni9LagJneRo0w=; b=b8VNYbWlgTdsJvHaJOSUTWXX+hy/HtO4k6WaOqLiD9rG/kJ76vV1LQPY9I7WI+s0LK 3kR6Q/6H5JR4psfAzYtEzlrhdZOdekECDOJjVSgsUdMRmA+Kf8e77KA8VU0bYJmaHaki 8wwWNL4W6Uw1/7rewPn5cBQ5obr7z/2UQhUl8TEVtcMTAT8aPrz6zBQDGWCke3ZysdlV x9K+x9wMaZJGoUDRTQFxY3WmxZO2Mg47Z5+Filcqz8UJm6FFTHTaQEbinRCE8QrCypHg EQ3n3cHCkmHlmlMGx8hUkf7NW4kcvs2QbHSQIdNQXoBIycoJl7SHqgSlXb61AogWBCZ0 RTmA== X-Gm-Message-State: AOJu0YzicKQKTI6/jj/yNiD1MgIJmi+NdNHluiXi8ema+FGJWAQGz1Uu ab/lrok1Nr79Bv3/nDgYRkH9aBBdF1UtL1wp9L45SmuZ900h3thhx+4x1buWWL6QitsI+jHKNXv PHSzHFJ8kj3bM/SxKyGAVzrNSE8E0nU+8S/tI32pSod7pWqgMDjJYO1cpYu6TY8+r6JOh+az6CO v/i89QyyRopHPaNw05S3esak8KA9Tn3nO+aRznNA1f5LuoBX7sOQ== X-Gm-Gg: AeBDieuin3XOXmEY9kW8hE8ZnKkjmWKCrabZAAAFKwfuTUe9uIz/HIsE8Hb82RuC74+ dteYzPCrdJkCwyqIp0Cdu2v7C0R0BJYUSXf4circOHode9bENkidVvla9q6Jb997BmSdqRzV7U3 Vv7rau9zO30vA7iVk0lTsqoWMAxsMQca6o9+qxRYr54LWyCiHpw+Hf9jx5GNfMiwylHBiEoNDWJ jTqrbWVVVgRCcVQEAphCgIpdb31bIq5A5a/lXGGwtCJ2K6JuoKg8/XhXRRTm7ZmH8X9soFy/rlz rvQ3udU+Ex6mMdIJzSGM/r8CoCWB+0clVKQTPSnOm4eceprHp4LLFdbraVfXjJ2UffJT3YSGML5 xDqfDURnZxEymZ72WaBfJMEiiVjgJ1DjTOvN/0NTMNDDzLxMJZXo+aOQNTSD6WZ0deGFVGFm1GM oNGrqyCitvECrnHhzFdIE4ysbHjpcEnDKpdr74kRI= X-Received: by 2002:a05:6000:22c6:b0:44b:df83:473e with SMTP id ffacd0b85a97d-4515b056d0bmr922875f8f.3.1778010776097; Tue, 05 May 2026 12:52:56 -0700 (PDT) X-Received: by 2002:a05:6000:22c6:b0:44b:df83:473e with SMTP id ffacd0b85a97d-4515b056d0bmr922826f8f.3.1778010775568; Tue, 05 May 2026 12:52:55 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-45052a48911sm6878298f8f.11.2026.05.05.12.52.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 12:52:53 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: d.riley@proxmox.com, jon@nutanix.com Subject: [PATCH 11/28] KVM: x86/mmu: pass pte_access for final nGPA->GPA walk Date: Tue, 5 May 2026 21:52:09 +0200 Message-ID: <20260505195226.563317-12-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260505195226.563317-1-pbonzini@redhat.com> References: <20260505195226.563317-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The XS/XU bit for EPT are only applied to final accesses, and use the U bit from the page walk itself. This is available in the page walker as pte_access & ACC_USER_MASK but not available to translate_nested_gpa, so pass it down. Tested-by: David Riley Signed-off-by: Paolo Bonzini Reviewed-by: Maxim Levitsky --- arch/x86/kvm/hyperv.c | 2 +- arch/x86/kvm/mmu.h | 15 ++++++++++++--- arch/x86/kvm/mmu/mmu.c | 8 +++++++- arch/x86/kvm/mmu/paging_tmpl.h | 4 ++-- arch/x86/kvm/mmu/spte.h | 6 ------ arch/x86/kvm/x86.c | 5 +++-- 6 files changed, 25 insertions(+), 15 deletions(-) diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c index cf9dd565b894..53688f7b76eb 100644 --- a/arch/x86/kvm/hyperv.c +++ b/arch/x86/kvm/hyperv.c @@ -2042,7 +2042,7 @@ static u64 kvm_hv_flush_tlb(struct kvm_vcpu *vcpu, st= ruct kvm_hv_hcall *hc) */ if (!hc->fast && is_guest_mode(vcpu)) { hc->ingpa =3D translate_nested_gpa(vcpu, hc->ingpa, - PFERR_GUEST_FINAL_MASK, NULL); + PFERR_GUEST_FINAL_MASK, NULL, 0); if (unlikely(hc->ingpa =3D=3D INVALID_GPA)) return HV_STATUS_INVALID_HYPERCALL_INPUT; } diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h index 23f37535c0ce..635c2e5d8513 100644 --- a/arch/x86/kvm/mmu.h +++ b/arch/x86/kvm/mmu.h @@ -37,6 +37,12 @@ extern bool __read_mostly enable_mmio_caching; #define PT32_ROOT_LEVEL 2 #define PT32E_ROOT_LEVEL 3 =20 +#define ACC_READ_MASK PT_PRESENT_MASK +#define ACC_WRITE_MASK PT_WRITABLE_MASK +#define ACC_USER_MASK PT_USER_MASK +#define ACC_EXEC_MASK 8 +#define ACC_ALL (ACC_EXEC_MASK | ACC_WRITE_MASK | ACC_USER_MASK |= ACC_READ_MASK) + #define KVM_MMU_CR4_ROLE_BITS (X86_CR4_PSE | X86_CR4_PAE | X86_CR4_LA57 | \ X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_PKE) =20 @@ -289,16 +295,19 @@ static inline void kvm_update_page_stats(struct kvm *= kvm, int level, int count) } =20 gpa_t translate_nested_gpa(struct kvm_vcpu *vcpu, gpa_t gpa, u64 access, - struct x86_exception *exception); + struct x86_exception *exception, + u64 pte_access); =20 static inline gpa_t kvm_translate_gpa(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, gpa_t gpa, u64 access, - struct x86_exception *exception) + struct x86_exception *exception, + u64 pte_access) { if (mmu !=3D &vcpu->arch.nested_mmu) return gpa; - return translate_nested_gpa(vcpu, gpa, access, exception); + return translate_nested_gpa(vcpu, gpa, access, exception, + pte_access); } =20 static inline bool kvm_has_mirrored_tdp(const struct kvm *kvm) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 46412e4d207f..3dbac7ad044f 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -4348,8 +4348,14 @@ static gpa_t nonpaging_gva_to_gpa(struct kvm_vcpu *v= cpu, struct kvm_mmu *mmu, { if (exception) exception->error_code =3D 0; + /* + * EPT MBEC uses the effective access bits from the PTE to distinguish + * user and supervisor accesses, and treats every linear address as a + * user-mode address if CR0.PG=3D0. Therefore *include* ACC_USER_MASK in + * the last argument to kvm_translate_gpa (which NPT does not use). + */ return kvm_translate_gpa(vcpu, mmu, vaddr, access | PFERR_GUEST_FINAL_MAS= K, - exception); + exception, ACC_ALL); } =20 static bool mmio_info_in_cache(struct kvm_vcpu *vcpu, u64 addr, bool direc= t) diff --git a/arch/x86/kvm/mmu/paging_tmpl.h b/arch/x86/kvm/mmu/paging_tmpl.h index 567f8b77ffe0..8dd9d510fc34 100644 --- a/arch/x86/kvm/mmu/paging_tmpl.h +++ b/arch/x86/kvm/mmu/paging_tmpl.h @@ -377,7 +377,7 @@ static int FNAME(walk_addr_generic)(struct guest_walker= *walker, =20 real_gpa =3D kvm_translate_gpa(vcpu, mmu, gfn_to_gpa(table_gfn), nested_access | PFERR_GUEST_PAGE_MASK, - &walker->fault); + &walker->fault, 0); =20 /* * FIXME: This can happen if emulation (for of an INS/OUTS @@ -447,7 +447,7 @@ static int FNAME(walk_addr_generic)(struct guest_walker= *walker, =20 real_gpa =3D kvm_translate_gpa(vcpu, mmu, gfn_to_gpa(gfn), access | PFERR_GUEST_FINAL_MASK, - &walker->fault); + &walker->fault, walker->pte_access); if (real_gpa =3D=3D INVALID_GPA) return 0; =20 diff --git a/arch/x86/kvm/mmu/spte.h b/arch/x86/kvm/mmu/spte.h index 121bfb2217e8..8a4c09c5cdbf 100644 --- a/arch/x86/kvm/mmu/spte.h +++ b/arch/x86/kvm/mmu/spte.h @@ -52,12 +52,6 @@ static_assert(SPTE_TDP_AD_ENABLED =3D=3D 0); #define SPTE_BASE_ADDR_MASK (((1ULL << 52) - 1) & ~(u64)(PAGE_SIZE-1)) #endif =20 -#define ACC_READ_MASK PT_PRESENT_MASK -#define ACC_WRITE_MASK PT_WRITABLE_MASK -#define ACC_USER_MASK PT_USER_MASK -#define ACC_EXEC_MASK 8 -#define ACC_ALL (ACC_EXEC_MASK | ACC_WRITE_MASK | ACC_USER_MASK |= ACC_READ_MASK) - #define SPTE_LEVEL_BITS 9 #define SPTE_LEVEL_SHIFT(level) __PT_LEVEL_SHIFT(level, SPTE_LEVEL_BITS) #define SPTE_INDEX(address, level) __PT_INDEX(address, level, SPTE_LEVEL_B= ITS) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index ef1e3ae13887..67979b7de5d6 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1073,7 +1073,7 @@ int load_pdptrs(struct kvm_vcpu *vcpu, unsigned long = cr3) */ real_gpa =3D kvm_translate_gpa(vcpu, mmu, gfn_to_gpa(pdpt_gfn), PFERR_USER_MASK | PFERR_WRITE_MASK | - PFERR_GUEST_PAGE_MASK, NULL); + PFERR_GUEST_PAGE_MASK, NULL, 0); if (real_gpa =3D=3D INVALID_GPA) return 0; =20 @@ -7849,7 +7849,8 @@ void kvm_get_segment(struct kvm_vcpu *vcpu, } =20 gpa_t translate_nested_gpa(struct kvm_vcpu *vcpu, gpa_t gpa, u64 access, - struct x86_exception *exception) + struct x86_exception *exception, + u64 pte_access) { struct kvm_mmu *mmu =3D vcpu->arch.mmu; gpa_t t_gpa; --=20 2.54.0 From nobody Fri Jun 12 08:48:46 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 234BC3DB64A for ; Tue, 5 May 2026 19:53:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010783; cv=none; b=nJtZHr4+ozISOU8pgRefjivHyRDvO7SIkWYA5thmYKEaIq3iySb5zBY92b6jpKOWffRML0gb5BA1+WPBkw8p9yOOtoC6r1DnPi3XzhcHmbanJ7TvdoJGV+77E6zpg9+vm5lRwwm/UhR4m5zE+ECRnK0EteVkTztGWkxgDQu/AOI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010783; c=relaxed/simple; bh=7mx2Rcdlygnmrs2vjtPcfbzzCBA11TiFb3NszhIEg/A=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=RyD/b66Ug7J8CU483f+jtrPNpQjYYfDPDU7TYk/OWSeAn5ibncZY0mhA0SA7o4U/fL/H1A7cbhuI37yJFagOTvL3S0fHvTZbPUGaw8aOFW1DVvvbIX8T/VfMBx02HxV2m+C8LGIe/8ncRRwKGondU0/WRTSEy3esBLW9zoau2/M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=O+ZfGEjd; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=tZ5iXO7R; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="O+ZfGEjd"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="tZ5iXO7R" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778010781; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=N4tj7QeNb58lXu2azaV28nS46uz+bzJfiBhVJBY6iLw=; b=O+ZfGEjdJsX6RBQaHwmZkaT3FQFAEhGq74GZv8ExMdR7psORpMiwoFyz78cvwCUDN0I/Zf wasbw5O1jw3w9LM4g/lNSVZSXfH9dAidebwv23XvS3REqSx5syNQ/CtPLZFWnyEGt/dN7U Tsaypl6BgG7PLyhOFlD4ZEb0iz8jtvw= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-658-XMVVcrx-PNyQR7ZVYfLzjw-1; Tue, 05 May 2026 15:53:00 -0400 X-MC-Unique: XMVVcrx-PNyQR7ZVYfLzjw-1 X-Mimecast-MFC-AGG-ID: XMVVcrx-PNyQR7ZVYfLzjw_1778010779 Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-488f973ddfeso41385985e9.3 for ; Tue, 05 May 2026 12:53:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1778010778; x=1778615578; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=N4tj7QeNb58lXu2azaV28nS46uz+bzJfiBhVJBY6iLw=; b=tZ5iXO7R2uu7dSc/U34XdWUUcqe1kNxapnTfxIzf3LAU+krSiW0/r7ii8IbqjPW/Et FndRqFTGWTwBssgJhwrlczhA18VNFxuPtRpavP2t+T0M+b0kOpBAtLDnE3938+rvdktk fqfBd4WSbRrYI29JHu+rFBFc4BZQ8dmKu+8D2bTwm0CQI7h63efTtUd23NrdNz6+6QA3 JDmknYjf0PurvU1w1FprnCXHWqOSbJiLKw0qkwppBO8MC/HlLoVYa85IdzIVeoTUcCgR TP+yRtyGoSmxMoN4WJLll57esiJsUnWxScYFx6HNtYITrW8sLd+oOw+Vd8BMUPdqfWFJ epsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778010778; x=1778615578; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=N4tj7QeNb58lXu2azaV28nS46uz+bzJfiBhVJBY6iLw=; b=qUyQ8zNykInFPDnasiWUqtR+n0vNte1xos5LSpD14IwrL2JTizLKq/JBwtT08mWk7d w2To179C92h/EZvpxla/Lg3WV3LRAh3nClkYp2yYeoENIRe51aDliyIzzD/A7ytJTQRs B4U67gJY4h+VYRe1CrIKnEpmKRqqBrS4MuGPhYratXGSZeSi9pRc9W7y6Jnv4bWlCjyU ASs7fziNB0R9AQ1zWVwLcU1b0jhGtTe1RyFKYCUewxh2DlOsrn3WuF+5KrY77lWs89Y7 ebZbLEREe3RjwPIV5EtZmwVIrOrKDIle9Yc1QX99XZd5D4fAyF6VcQioxGZ5IYHSGnrB N54A== X-Gm-Message-State: AOJu0Ywzvvi97U95ERYrKd8Jj9E66cIbetpIFKPW2G3thBQRjp8w/EMY WVvd1jF1ErqVzUCaFMt/fr+F51CeuKvkJxbyju99X+zG4JBi3rIOY/Yxr5lvVDiPSQAzbM8PcFT rIPtDUrgnAcaTNstADsukpAimk1KjBI0QxWHMAlhDgHJVvqxcxlNGr7wJ13bWRqFoFxrsMnzOB0 t1nMYS7xP97DjV+AaMSDnCnqeSk9bRHA2LnmIodPTgEMyuMJ+wxg== X-Gm-Gg: AeBDietIYLgq/6GAnMuX7WNoq5Hz4SW8P57HIAoYLUdIvnDweY2UGlv6E3G2TS5nZA3 trAuksHKWrBKeCXXGwMmSlkbgs5ZtdhIloMVeX09ehv8fpn/U1y89AghHHOKr602p7KnCz3nZAM qv7paG4r+a2timzDqRU1rXkfwtWzc3bgvwrd1YcIDr6XL4pRkuxyAo8+NdUlfy1g027GtLuWERN ikKfF8GGJ/UUMGMEkwuC/ylnOiq4+/jbR+bAsmBtp5wZ+cwW8JOgCanyYMhOxztlOKUnZ7gyks7 XvDwqLV5j/u2f9Kk6Jmr5s5XjudJ85OX+JVJbpq7/Nn+RPqw3el4Tllke13+LQrQArRx+o/1h8l 6HhOYoiCZp0quhevQc7hEyDmPqZ92E3Pul2eWPhnk9k6KlzxwyVwdDxNrmr8+5EiraWcE49WPw3 OGAh6TAgqsFDB0xSllQ4CmiddDdSAZOCzm9DrxFAc= X-Received: by 2002:a05:600c:34c8:b0:486:fba7:b150 with SMTP id 5b1f17b1804b1-48e51f2ed22mr11863885e9.15.1778010778348; Tue, 05 May 2026 12:52:58 -0700 (PDT) X-Received: by 2002:a05:600c:34c8:b0:486:fba7:b150 with SMTP id 5b1f17b1804b1-48e51f2ed22mr11863355e9.15.1778010777821; Tue, 05 May 2026 12:52:57 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48e52859ac7sm1615405e9.1.2026.05.05.12.52.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 12:52:56 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: d.riley@proxmox.com, jon@nutanix.com Subject: [PATCH 12/28] KVM: x86: make translate_nested_gpa vendor-specific Date: Tue, 5 May 2026 21:52:10 +0200 Message-ID: <20260505195226.563317-13-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260505195226.563317-1-pbonzini@redhat.com> References: <20260505195226.563317-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" EPT and NPT have different rules for passing PFERR_USER_MASK to the nested page table walk. In particular, for final addresses EPT uses the U bit of the guest (nGVA->nGPA) walk. While at it, remove PFERR_USER_MASK from the VMX version of the function, since it is actually ignored by the tables that update_permission_bitmask() generates for EPT. Tested-by: David Riley Signed-off-by: Paolo Bonzini Reviewed-by: Maxim Levitsky --- arch/x86/include/asm/kvm_host.h | 4 ++++ arch/x86/kvm/hyperv.c | 3 ++- arch/x86/kvm/mmu.h | 9 +++------ arch/x86/kvm/svm/nested.c | 15 +++++++++++++++ arch/x86/kvm/vmx/nested.c | 12 ++++++++++++ arch/x86/kvm/x86.c | 16 ---------------- 6 files changed, 36 insertions(+), 23 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_hos= t.h index 8f2a1b915df9..62dc782b2dd3 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -2010,6 +2010,10 @@ struct kvm_x86_nested_ops { struct kvm_nested_state *kvm_state); bool (*get_nested_state_pages)(struct kvm_vcpu *vcpu); int (*write_log_dirty)(struct kvm_vcpu *vcpu, gpa_t l2_gpa); + gpa_t (*translate_nested_gpa)(struct kvm_vcpu *vcpu, gpa_t gpa, + u64 access, + struct x86_exception *exception, + u64 pte_access); =20 int (*enable_evmcs)(struct kvm_vcpu *vcpu, uint16_t *vmcs_version); diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c index 53688f7b76eb..f35fae3a7b3d 100644 --- a/arch/x86/kvm/hyperv.c +++ b/arch/x86/kvm/hyperv.c @@ -2041,7 +2041,8 @@ static u64 kvm_hv_flush_tlb(struct kvm_vcpu *vcpu, st= ruct kvm_hv_hcall *hc) * read with kvm_read_guest(). */ if (!hc->fast && is_guest_mode(vcpu)) { - hc->ingpa =3D translate_nested_gpa(vcpu, hc->ingpa, + hc->ingpa =3D kvm_x86_ops.nested_ops->translate_nested_gpa( + vcpu, hc->ingpa, PFERR_GUEST_FINAL_MASK, NULL, 0); if (unlikely(hc->ingpa =3D=3D INVALID_GPA)) return HV_STATUS_INVALID_HYPERCALL_INPUT; diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h index 635c2e5d8513..63be5c5efed9 100644 --- a/arch/x86/kvm/mmu.h +++ b/arch/x86/kvm/mmu.h @@ -294,10 +294,6 @@ static inline void kvm_update_page_stats(struct kvm *k= vm, int level, int count) atomic64_add(count, &kvm->stat.pages[level - 1]); } =20 -gpa_t translate_nested_gpa(struct kvm_vcpu *vcpu, gpa_t gpa, u64 access, - struct x86_exception *exception, - u64 pte_access); - static inline gpa_t kvm_translate_gpa(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, gpa_t gpa, u64 access, @@ -306,8 +302,9 @@ static inline gpa_t kvm_translate_gpa(struct kvm_vcpu *= vcpu, { if (mmu !=3D &vcpu->arch.nested_mmu) return gpa; - return translate_nested_gpa(vcpu, gpa, access, exception, - pte_access); + return kvm_x86_ops.nested_ops->translate_nested_gpa(vcpu, gpa, access, + exception, + pte_access); } =20 static inline bool kvm_has_mirrored_tdp(const struct kvm *kvm) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 961804df5f45..df232153eb24 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -2071,8 +2071,23 @@ static bool svm_get_nested_state_pages(struct kvm_vc= pu *vcpu) return true; } =20 +static gpa_t svm_translate_nested_gpa(struct kvm_vcpu *vcpu, gpa_t gpa, + u64 access, + struct x86_exception *exception, + u64 pte_access) +{ + struct kvm_mmu *mmu =3D vcpu->arch.mmu; + + BUG_ON(!mmu_is_nested(vcpu)); + + /* NPT walks are always user-walks */ + access |=3D PFERR_USER_MASK; + return mmu->gva_to_gpa(vcpu, mmu, gpa, access, exception); +} + struct kvm_x86_nested_ops svm_nested_ops =3D { .leave_nested =3D svm_leave_nested, + .translate_nested_gpa =3D svm_translate_nested_gpa, .is_exception_vmexit =3D nested_svm_is_exception_vmexit, .check_events =3D svm_check_nested_events, .triple_fault =3D nested_svm_triple_fault, diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 3fe88f29be7a..cd1924c6e075 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -7438,8 +7438,20 @@ __init int nested_vmx_hardware_setup(int (*exit_hand= lers[])(struct kvm_vcpu *)) return 0; } =20 +static gpa_t vmx_translate_nested_gpa(struct kvm_vcpu *vcpu, gpa_t gpa, + u64 access, + struct x86_exception *exception, + u64 pte_access) +{ + struct kvm_mmu *mmu =3D vcpu->arch.mmu; + + BUG_ON(!mmu_is_nested(vcpu)); + return mmu->gva_to_gpa(vcpu, mmu, gpa, access, exception); +} + struct kvm_x86_nested_ops vmx_nested_ops =3D { .leave_nested =3D vmx_leave_nested, + .translate_nested_gpa =3D vmx_translate_nested_gpa, .is_exception_vmexit =3D nested_vmx_is_exception_vmexit, .check_events =3D vmx_check_nested_events, .has_events =3D vmx_has_nested_events, diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 67979b7de5d6..7c6942afae81 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -7848,22 +7848,6 @@ void kvm_get_segment(struct kvm_vcpu *vcpu, kvm_x86_call(get_segment)(vcpu, var, seg); } =20 -gpa_t translate_nested_gpa(struct kvm_vcpu *vcpu, gpa_t gpa, u64 access, - struct x86_exception *exception, - u64 pte_access) -{ - struct kvm_mmu *mmu =3D vcpu->arch.mmu; - gpa_t t_gpa; - - BUG_ON(!mmu_is_nested(vcpu)); - - /* NPT walks are always user-walks */ - access |=3D PFERR_USER_MASK; - t_gpa =3D mmu->gva_to_gpa(vcpu, mmu, gpa, access, exception); - - return t_gpa; -} - gpa_t kvm_mmu_gva_to_gpa_read(struct kvm_vcpu *vcpu, gva_t gva, struct x86_exception *exception) { --=20 2.54.0 From nobody Fri Jun 12 08:48:46 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 664FA3DD511 for ; Tue, 5 May 2026 19:53:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010787; cv=none; b=h+Diin6m38RsFdWIzQFZMBFhWCzfr+fK4oQwVb+UMdtqepCGW4oG8+B6b8YTGiwz97G6DxjSA1hnkXaeh6xzDOeiH9QF5KG2M5HtuKPaXuaqejmOUGHM0rfdmJg+elnuvXzMt3nj6JhaJ3XztUZxGeNw5GmdSA8VDsr9UFuJIkg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010787; c=relaxed/simple; bh=UISj4AsBjDScyfEz+zzOrB16K7LyM3cpBQKP4JxoC+s=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=tGptzXBjpa65NaNoFsZtK7HKD3DjfFCzgDozAcOP/yZRM/mGQwavMi4dBg8Rqibf4edm8Y03yUQLsskIP9DLvQlG5R6jCT/no8EtIC1UUlvHphkavaKkWTBOlVXSk0Rh+Ghy0N1V6XQgyxZKQL1xpMWDzadOQALVD3tTKdpOKQk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=FGKyFK2E; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=ox/e0sMF; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="FGKyFK2E"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="ox/e0sMF" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778010784; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kvp/N7DhJzlwzkEgaDhfKLJnVV+wtnlptrY57TizXX4=; b=FGKyFK2EZA6ZWhUgTitzhS78aH+3lyju38fZ1sqqgo1kFyW7vFoBCCp/wambZxb0Qakxmw h9X6veGUjZb11H+eqKrUI5LvGCFDGFtfLjyRH3SDifkxudalXtVwmGnhBwcVsfrk8L7Fk9 +doLqH42X9uHlnniVUFXDZ8MS2DekTc= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-372-ZuJuxjznOjSsPruBfwae5w-1; Tue, 05 May 2026 15:53:03 -0400 X-MC-Unique: ZuJuxjznOjSsPruBfwae5w-1 X-Mimecast-MFC-AGG-ID: ZuJuxjznOjSsPruBfwae5w_1778010782 Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-488f973ddfeso41386285e9.3 for ; Tue, 05 May 2026 12:53:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1778010781; x=1778615581; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=kvp/N7DhJzlwzkEgaDhfKLJnVV+wtnlptrY57TizXX4=; b=ox/e0sMFVWLkcIz7h9zxNlIfEAdItPdaMFKS6/9a3qKXntfDbRVh12O+YY8x7VYuFe YJnIUuSnDJbURUnfM9Xvvs2HK0bVGIIgRCMbLUWOzbp3X+MWr7bcPLCOlp0psOJb8Vfw w80SC/79f7Y9CNDA9YqCQ9+mGvFBcPOrdhXtznU8hn1/NumJrZpRnmmTMzxnlj/Uh3Pz 3IKvbGVQn2SJgGho6bOB/PgMwSIC6iVktOaZbqv/F2cqLWQS1jDL0pWFtXhZt64SXILy Hiz2KnabwXljV02kgjxCa/tHu238oll9Xa0wYcherbtV9rW36afmr3mcv+ww2s3HLBxM a4fQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778010781; x=1778615581; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=kvp/N7DhJzlwzkEgaDhfKLJnVV+wtnlptrY57TizXX4=; b=puFr/BbnayY5pJiNrLHYbInrKJpH72GYLIHTKglqcUU8uwgp9XQVzLJIvbMGrtrNV5 bWt1VjdVl7qy6am5hCe9L373Zp0OddQ3doEnTorsRR2hoMQRkZktmTXEb0QXbn0YqQ0F Hosn8UdVI2ScmzJhZkzTzvseFzrkHCzk21ldZPmbLziiKI00zz50TlTf8SXF49ihd1Da STEGGA9lQoXPiKAkq3ZUsEkXME0rLHUGvB6dzykjdTSUI2UsFucEw//rNt+zWLjpqRRt 0kKo1DvCaT+vqQM+lqs5VyDZAriq27vGxNoaxFUrkPK3appvr6l/k0NjY+WnkpOOUdRf kptw== X-Gm-Message-State: AOJu0YxwRpSZt+NYL8GAVjrkbnsf0TBTrbOnxupqvbJB5XC13j+LsgT2 WMZhmBs4F9V5vKS4+B78nWN1FujIuzIcDd7GwiSvWWCg0Pnu0tL9FGPeQyJOlSadKclpDHs09ip 70Jt0NAKw+ZqIvx0wMMixOwnE8S7StRmeGvfjP2N7UM2VO0i73CKtWi0Kwf7oaTOOr24wlDAB0j Bfwd1SOwI9C530EdVdN3V9fO5SNZ+hD8qXR/1m2I46TUvcVXpI5A== X-Gm-Gg: AeBDieuvU8t951bmw26sVGpeV9fRGCKTxeS+FBDkaTwBShzc98vFLs0PTQIvdEF6Fzh O51kpTHTRvA837Zq20HaDnuA63CR0Bq56+E8AgKtcFnQxaAQD4kwrTKhE4TeQzD5THf1FHPJsbM MwAHF7SByWwYnOhqrxpB7lDdDKHFsnYO4uuWDcLVIIltRRajn8R3pE7lw0ijrxyLv9EXZ1MkJHL jSAw+vj+W1pdR///QXU3oVNiyBQuvsIDNKmrEiV/FgdTi78sN7bT4gbOHRcbKXRxYoW6OcEOmoC vazlCEDnyJlFSzjLkeYXrmILxxP7iDQ8cJfYTju1Q8REJD1EwYW8z2VfDN8zIrlTQEcSM0PKJJd ldQftNoev7ybiyHsXGnMBhpCofmf5Y/VxMwOBGoFRoPm5m36xczwwebq8Jk1WldlVyM73t+kcOr yZ0Y1Bw1CjH4uhUj9dRhR13dzVGTwRMO31IIle4uI= X-Received: by 2002:a05:600c:2d16:b0:48a:72ab:f88c with SMTP id 5b1f17b1804b1-48e52be1069mr568855e9.17.1778010781056; Tue, 05 May 2026 12:53:01 -0700 (PDT) X-Received: by 2002:a05:600c:2d16:b0:48a:72ab:f88c with SMTP id 5b1f17b1804b1-48e52be1069mr568655e9.17.1778010780518; Tue, 05 May 2026 12:53:00 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4505238e174sm6945118f8f.1.2026.05.05.12.52.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 12:52:58 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: d.riley@proxmox.com, jon@nutanix.com Subject: [PATCH 13/28] KVM: x86/mmu: split XS/XU bits for EPT Date: Tue, 5 May 2026 21:52:11 +0200 Message-ID: <20260505195226.563317-14-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260505195226.563317-1-pbonzini@redhat.com> References: <20260505195226.563317-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When EPT is in use, replace ACC_USER_MASK with ACC_USER_EXEC_MASK, so that supervisor and user-mode execution can be controlled independently (ACC_USER_MASK would not allow a setting similar to XU=3D0 XS=3D1 W=3D1 R=3D1). Replace shadow_x_mask with shadow_xs_mask/shadow_xu_mask, to allow setting XS and XU bits separately in EPT entries. In fact, ACC_USER_EXEC_MASK is already set through ACC_ALL in the kvm_mmu_page roles and propagates to the XU bit of sPTEs even if MBEC is not (yet) enabled in the execution controls. This is fine, because the XU bit is ignored by the processor, and even once KVM supports MBEC this mode will remain for processors that lack the feature. Tested-by: David Riley Signed-off-by: Paolo Bonzini Reviewed-by: Maxim Levitsky --- arch/x86/kvm/mmu.h | 3 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/mmu/mmutrace.h | 6 ++-- arch/x86/kvm/mmu/spte.c | 62 ++++++++++++++++++++++++++----------- arch/x86/kvm/mmu/spte.h | 16 +++++++--- 5 files changed, 62 insertions(+), 27 deletions(-) diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h index 63be5c5efed9..d8c13e43c2d7 100644 --- a/arch/x86/kvm/mmu.h +++ b/arch/x86/kvm/mmu.h @@ -39,7 +39,8 @@ extern bool __read_mostly enable_mmio_caching; =20 #define ACC_READ_MASK PT_PRESENT_MASK #define ACC_WRITE_MASK PT_WRITABLE_MASK -#define ACC_USER_MASK PT_USER_MASK +#define ACC_USER_MASK PT_USER_MASK /* non EPT */ +#define ACC_USER_EXEC_MASK ACC_USER_MASK /* EPT only */ #define ACC_EXEC_MASK 8 #define ACC_ALL (ACC_EXEC_MASK | ACC_WRITE_MASK | ACC_USER_MASK |= ACC_READ_MASK) =20 diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 3dbac7ad044f..16eaf413b299 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -5491,7 +5491,7 @@ static void reset_shadow_zero_bits_mask(struct kvm_vc= pu *vcpu, static inline bool boot_cpu_is_amd(void) { WARN_ON_ONCE(!tdp_enabled); - return shadow_x_mask =3D=3D 0; + return shadow_xs_mask =3D=3D 0; } =20 /* diff --git a/arch/x86/kvm/mmu/mmutrace.h b/arch/x86/kvm/mmu/mmutrace.h index dcfdfedfc4e9..3429c1413f42 100644 --- a/arch/x86/kvm/mmu/mmutrace.h +++ b/arch/x86/kvm/mmu/mmutrace.h @@ -357,8 +357,8 @@ TRACE_EVENT( __entry->sptep =3D virt_to_phys(sptep); __entry->level =3D level; __entry->r =3D shadow_present_mask || (__entry->spte & PT_PRESENT_MASK); - __entry->x =3D is_executable_pte(__entry->spte); - __entry->u =3D shadow_user_mask ? !!(__entry->spte & shadow_user_mask) := -1; + __entry->x =3D (__entry->spte & (shadow_xs_mask | shadow_nx_mask)) =3D= =3D shadow_xs_mask; + __entry->u =3D !!(__entry->spte & (shadow_xu_mask | shadow_user_mask)); ), =20 TP_printk("gfn %llx spte %llx (%s%s%s%s) level %d at %llx", @@ -366,7 +366,7 @@ TRACE_EVENT( __entry->r ? "r" : "-", __entry->spte & PT_WRITABLE_MASK ? "w" : "-", __entry->x ? "x" : "-", - __entry->u =3D=3D -1 ? "" : (__entry->u ? "u" : "-"), + __entry->u ? "u" : "-", __entry->level, __entry->sptep ) ); diff --git a/arch/x86/kvm/mmu/spte.c b/arch/x86/kvm/mmu/spte.c index 1b7fb508098b..f41573b0ccfa 100644 --- a/arch/x86/kvm/mmu/spte.c +++ b/arch/x86/kvm/mmu/spte.c @@ -29,8 +29,9 @@ bool __read_mostly kvm_ad_enabled; u64 __read_mostly shadow_host_writable_mask; u64 __read_mostly shadow_mmu_writable_mask; u64 __read_mostly shadow_nx_mask; -u64 __read_mostly shadow_x_mask; /* mutual exclusive with nx_mask */ u64 __read_mostly shadow_user_mask; +u64 __read_mostly shadow_xs_mask; /* mutual exclusive with nx_mask and use= r_mask */ +u64 __read_mostly shadow_xu_mask; /* mutual exclusive with nx_mask and use= r_mask */ u64 __read_mostly shadow_accessed_mask; u64 __read_mostly shadow_dirty_mask; u64 __read_mostly shadow_mmio_value; @@ -217,21 +218,26 @@ bool make_spte(struct kvm_vcpu *vcpu, struct kvm_mmu_= page *sp, * would tie make_spte() further to vCPU/MMU state, and add complexity * just to optimize a mode that is anything but performance critical. */ - if (level > PG_LEVEL_4K && (pte_access & ACC_EXEC_MASK) && - is_nx_huge_page_enabled(vcpu->kvm)) { + if (level > PG_LEVEL_4K && is_nx_huge_page_enabled(vcpu->kvm)) { pte_access &=3D ~ACC_EXEC_MASK; + if (shadow_xu_mask) + pte_access &=3D ~ACC_USER_EXEC_MASK; } =20 if (pte_access & ACC_READ_MASK) spte |=3D PT_PRESENT_MASK; /* or VMX_EPT_READABLE_MASK */ =20 - if (pte_access & ACC_EXEC_MASK) - spte |=3D shadow_x_mask; - else - spte |=3D shadow_nx_mask; - - if (pte_access & ACC_USER_MASK) - spte |=3D shadow_user_mask; + if (shadow_nx_mask) { + if (!(pte_access & ACC_EXEC_MASK)) + spte |=3D shadow_nx_mask; + if (pte_access & ACC_USER_MASK) + spte |=3D shadow_user_mask; + } else { + if (pte_access & ACC_EXEC_MASK) + spte |=3D shadow_xs_mask; + if (pte_access & ACC_USER_EXEC_MASK) + spte |=3D shadow_xu_mask; + } =20 if (level > PG_LEVEL_4K) spte |=3D PT_PAGE_SIZE_MASK; @@ -318,11 +324,13 @@ static u64 change_spte_executable(u64 spte, u8 access) { u64 set, clear; =20 - if (access & ACC_EXEC_MASK) - set =3D shadow_x_mask; + if (shadow_nx_mask) + set =3D (access & ACC_EXEC_MASK) ? 0 : shadow_nx_mask; else - set =3D shadow_nx_mask; - clear =3D set ^ (shadow_nx_mask | shadow_x_mask); + set =3D + (access & ACC_EXEC_MASK ? shadow_xs_mask : 0) | + (access & ACC_USER_EXEC_MASK ? shadow_xu_mask : 0); + clear =3D set ^ (shadow_nx_mask | shadow_xs_mask | shadow_xu_mask); return modify_spte_protections(spte, set, clear); } =20 @@ -389,7 +397,7 @@ u64 make_nonleaf_spte(u64 *child_pt, bool ad_disabled) =20 spte |=3D __pa(child_pt) | shadow_present_mask | PT_WRITABLE_MASK | PT_PRESENT_MASK /* or VMX_EPT_READABLE_MASK */ | - shadow_user_mask | shadow_x_mask | shadow_me_value; + shadow_user_mask | shadow_xs_mask | shadow_xu_mask | shadow_me_value; =20 if (ad_disabled) spte |=3D SPTE_TDP_AD_DISABLED; @@ -497,10 +505,27 @@ void kvm_mmu_set_ept_masks(bool has_ad_bits) shadow_accessed_mask =3D VMX_EPT_ACCESS_BIT; shadow_dirty_mask =3D VMX_EPT_DIRTY_BIT; shadow_nx_mask =3D 0ull; - shadow_x_mask =3D VMX_EPT_EXECUTABLE_MASK; + shadow_xs_mask =3D VMX_EPT_EXECUTABLE_MASK; + + /* + * The MMU always maps ACC_EXEC_MASK and ACC_USER_EXEC_MASK to the + * XS and XU bits of shadow EPT entries, regardless of whether MBEC + * is available on the host or enabled in the VMCS. + * + * For the non-nested case, pages are mapped with ACC_EXEC_MASK + * and ACC_USER_EXEC_MASK set in tandem, so XS =3D=3D XU and the + * host's MBEC setting does not matter. On hardware without MBEC + * the XU bit is reserved-as-ignored, and setting it does no harm. + * + * For nested EPT MBEC is not supported, but bit 10 of the gPTE has + * no effect because (a) is_present_gpte() does not treat it as a + * present bit, and (b) permission_fault() uses an mmu->permissions[] + * array that effectively ignores ACC_USER_EXEC_MASK. + */ + shadow_xu_mask =3D VMX_EPT_USER_EXECUTABLE_MASK; shadow_present_mask =3D VMX_EPT_SUPPRESS_VE_BIT; =20 - shadow_acc_track_mask =3D VMX_EPT_RWX_MASK; + shadow_acc_track_mask =3D VMX_EPT_RWX_MASK | VMX_EPT_USER_EXECUTABLE_MASK; shadow_host_writable_mask =3D EPT_SPTE_HOST_WRITABLE; shadow_mmu_writable_mask =3D EPT_SPTE_MMU_WRITABLE; =20 @@ -548,7 +573,8 @@ void kvm_mmu_reset_all_pte_masks(void) shadow_accessed_mask =3D PT_ACCESSED_MASK; shadow_dirty_mask =3D PT_DIRTY_MASK; shadow_nx_mask =3D PT64_NX_MASK; - shadow_x_mask =3D 0; + shadow_xs_mask =3D 0; + shadow_xu_mask =3D 0; shadow_present_mask =3D PT_PRESENT_MASK; =20 shadow_acc_track_mask =3D 0; diff --git a/arch/x86/kvm/mmu/spte.h b/arch/x86/kvm/mmu/spte.h index 8a4c09c5cdbf..f5261d993eac 100644 --- a/arch/x86/kvm/mmu/spte.h +++ b/arch/x86/kvm/mmu/spte.h @@ -24,7 +24,7 @@ * - bits 55 (EPT only): MMU-writable * - bits 56-59: unused * - bits 60-61: type of A/D tracking - * - bits 62: unused + * - bits 62 (EPT only): saved XU bit for disabled AD */ =20 /* @@ -65,7 +65,8 @@ static_assert(SPTE_TDP_AD_ENABLED =3D=3D 0); * must not overlap the A/D type mask. */ #define SHADOW_ACC_TRACK_SAVED_BITS_MASK (VMX_EPT_READABLE_MASK | \ - VMX_EPT_EXECUTABLE_MASK) + VMX_EPT_EXECUTABLE_MASK | \ + VMX_EPT_USER_EXECUTABLE_MASK) #define SHADOW_ACC_TRACK_SAVED_BITS_SHIFT 52 #define SHADOW_ACC_TRACK_SAVED_MASK (SHADOW_ACC_TRACK_SAVED_BITS_MASK << \ SHADOW_ACC_TRACK_SAVED_BITS_SHIFT) @@ -178,8 +179,9 @@ extern bool __read_mostly kvm_ad_enabled; extern u64 __read_mostly shadow_host_writable_mask; extern u64 __read_mostly shadow_mmu_writable_mask; extern u64 __read_mostly shadow_nx_mask; -extern u64 __read_mostly shadow_x_mask; /* mutual exclusive with nx_mask */ extern u64 __read_mostly shadow_user_mask; +extern u64 __read_mostly shadow_xs_mask; /* mutual exclusive with nx_mask = and user_mask */ +extern u64 __read_mostly shadow_xu_mask; /* mutual exclusive with nx_mask = and user_mask */ extern u64 __read_mostly shadow_accessed_mask; extern u64 __read_mostly shadow_dirty_mask; extern u64 __read_mostly shadow_mmio_value; @@ -357,7 +359,13 @@ static inline bool is_last_spte(u64 pte, int level) =20 static inline bool is_executable_pte(u64 spte) { - return (spte & (shadow_x_mask | shadow_nx_mask)) =3D=3D shadow_x_mask; + /* + * For now, return true if either the XS or XU bit is set + * This function is only used for fast_page_fault, + * which never processes shadow EPT, and regular page + * tables always have XS=3D=3DXU. + */ + return (spte & (shadow_xs_mask | shadow_xu_mask | shadow_nx_mask)) !=3D s= hadow_nx_mask; } =20 static inline kvm_pfn_t spte_to_pfn(u64 pte) --=20 2.54.0 From nobody Fri Jun 12 08:48:46 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 923A54ADD9A for ; Tue, 5 May 2026 19:53:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010789; cv=none; b=fG3gue0DPrsz545TFOBoYz/u7o0SKHvFXjzhnOhrs2muY8vJGe36u6FoMBTXu+Pc29d97n6NyYDCWBx3So8fVsG8x8gUdFETvGA/LMHWuAa9eKV7AofuhSwWeq1GjSZpiW1YPLHRobM8CJy8vaSekibUl3WBPuDo2FjV99mxPzY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010789; c=relaxed/simple; bh=wI5MclD6vKDbgNUt08qaSzPht5u02sZBvRiAID/r77Y=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=tFKX5IngyJGIIjwT5oXsvLnwZNDzDImbdcGD4UOyGuYU6Jmm1De4XUidTve2HrKhmLxTG34pvN9rW8wtCWfdzm5eXTOCz9yKcTwW9sWOOcWshq5m0bHsLH1v8RSXkHV8qdUP65dg+yMexhEmvtZ7eOc/7b3MnjElCUaXk+dwjM4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=h6B5pMlZ; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=AAFXdRyw; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="h6B5pMlZ"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="AAFXdRyw" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778010786; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ez9cYUWKCr2Quex9HXt94qBTCOieqPH9eIjMg0PQWG4=; b=h6B5pMlZY6y514rw8dkmeOm3kQa48P0CYwAfwbbqsJQ55WDKga6j2ITI/YIgwMsgFjlq3D gNyxG9NKSq6VhFN81IxeEoeHx+bTCFhLngrs1Hfr7OHO4lxMBkhQ8n5joIizwCqBLs8CB0 sV10Du3ZjBG3nbjrbZ2nNfq4kuBa8oI= Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-544-NReLLyftOa6nqbxw9GccfQ-1; Tue, 05 May 2026 15:53:05 -0400 X-MC-Unique: NReLLyftOa6nqbxw9GccfQ-1 X-Mimecast-MFC-AGG-ID: NReLLyftOa6nqbxw9GccfQ_1778010784 Received: by mail-wm1-f71.google.com with SMTP id 5b1f17b1804b1-488dcaf2f2fso42615645e9.0 for ; Tue, 05 May 2026 12:53:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1778010784; x=1778615584; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ez9cYUWKCr2Quex9HXt94qBTCOieqPH9eIjMg0PQWG4=; b=AAFXdRywwktj8zrjXQPnDcyXyMFj0c0dRsgZ27wKx8ZuWG40gg0CGiud955CkJdnJV YqcW6ali6K3WR2forpUyZRnujVGbkGlcZXJpx8fI9g0twSYwAqwbTjhF7kCZ0T8QCKYZ V3Jt9td+IiJ4dctZhkhiHUlpCjtC4BQn0Ea8FKRAixh8OqPUi1W2ZniRboIB4mzITk17 dY0BdKzjozPzjgVdnweSoaUxJfM46Z5szFB1BMkzOY14f37NmLjDirK18UhjhAYoWA0U 0YM5VbjtV8lpESZAK6wqrkZhocKU6xJlzsLFhzNL87o4yqtHBy1Ri9yGFbCZdDFA7EtQ s9oA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778010784; x=1778615584; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=ez9cYUWKCr2Quex9HXt94qBTCOieqPH9eIjMg0PQWG4=; b=iisdGFD1xsuhA0l2S+ZWoXQFKDtFe4BqIXBCnqha+HvXsfowt4SCm0F1z4KLNvxUbR urdWX8xSnNxHN/N29jPFCporCOse3T7hMUdFg7OC8c5iW4cVYRgrBbt7/k6ltVSkx90h SwEchUjlGe3CH5sJQ5gHgdAaK6jEFBaKszSXV3/EUzcT4ymD1iK2qD0+VJ1plP7kl5XW fVAY6B6Pof/s+fXrG1wrRyAVhdNLuvrSuYPZseMMcnFyTNxjgLFnZikPOSArqIx7/51M uSpAS87TU4kGYlKgDzdAd/np+VO5f6KPlIp0PjLMF/DgK3GdshK/HuI+2vdtuKX+4yWt gnmQ== X-Gm-Message-State: AOJu0YwqFCT6b48zXYkCvOxJjsTDEnhxAa+blMRhm/Nddp1N5xtkYOOt JuNSMlMH6h6uE09JoDnvbxlUwalfek0VGbHTCE99vztpcIYRLE+0CjdYqoNeE7YJ2CEK/CBTwua xuw9o1/PDRQevRFSHVMKG04boiZf7H+Uv7T4Gtu5o/qNcAcsfFg8wOcs9OHYigcfk6yUsSbjp57 tuEeK9R5+Yt48lYEynjyxJfqoln/WDdYars/Hblgheujyb9lJMKA== X-Gm-Gg: AeBDies7Cw/j1HgvCRg76InM86flQJAEXWrBbyO8za5NURbx85r0RzxW2i98VCDAvbH dUBHRWJWwpsfTasFTfpRigk6GXQGb5FM+ie6u8rkUwy4NVYjX0oTBOIxutxVsnXtk5WXBFGb42k BUP2NBC5/iwGdSFnh4N0uXglhKdJpYRqcW1zVXfugVbeK8CTil4GRx8e1QjCGmEWYTrNcvRvcxE xkpotGYF6D813zmVTG+9hXcE5bLuIjTW3ZPGTzxiaWwojAwnVtk8BhmV+6vVDJcDTefUT/WGd3C Z99YIIUflPcpDTCIZBp7Mq4yLEcNMqBRWR/yZyiuJL+SOMztU6BzPWhBwwzwUqFt9WNHKHmAJe1 SbEhk5Y37yj1o6Axh+UuG+gZkZaVCa0GenZ3d2BjKuaxUNZfRdsfIAE2euFylzVj9WbEkPrOQNX YoQvxLq9dNzubBNNy0Lo3OF2hAh7DHAuxZV5pD5Z8= X-Received: by 2002:a05:600c:8485:b0:489:1f3e:5f6f with SMTP id 5b1f17b1804b1-48e51f327f0mr10178445e9.12.1778010783479; Tue, 05 May 2026 12:53:03 -0700 (PDT) X-Received: by 2002:a05:600c:8485:b0:489:1f3e:5f6f with SMTP id 5b1f17b1804b1-48e51f327f0mr10178035e9.12.1778010782900; Tue, 05 May 2026 12:53:02 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48a8eb69698sm671793125e9.1.2026.05.05.12.53.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 12:53:01 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: d.riley@proxmox.com, jon@nutanix.com Subject: [PATCH 14/28] KVM: x86/mmu: move cr4_smep to base role Date: Tue, 5 May 2026 21:52:12 +0200 Message-ID: <20260505195226.563317-15-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260505195226.563317-1-pbonzini@redhat.com> References: <20260505195226.563317-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Guest page tables can be reused independent of the value of CR4.SMEP (at least if WP=3D1). However, this is not true of EPT MBEC pages, because presence of EPT entries is signaled by bits 0-2 when MBEC is off, and bits 0-2 + bit 10 when MBEC is on. In preparation for enabling MBEC, move cr4_smep to the base role. This makes the smep_andnot_wp bit redundant, so remove it. Tested-by: David Riley Signed-off-by: Paolo Bonzini Reviewed-by: Maxim Levitsky --- Documentation/virt/kvm/x86/mmu.rst | 10 ++++------ arch/x86/include/asm/kvm-x86-ops.h | 1 + arch/x86/include/asm/kvm_host.h | 23 +++++++++++++++-------- arch/x86/kvm/mmu/mmu.c | 6 +++--- 4 files changed, 23 insertions(+), 17 deletions(-) diff --git a/Documentation/virt/kvm/x86/mmu.rst b/Documentation/virt/kvm/x8= 6/mmu.rst index 2b3b6d442302..666aa179601a 100644 --- a/Documentation/virt/kvm/x86/mmu.rst +++ b/Documentation/virt/kvm/x86/mmu.rst @@ -184,10 +184,8 @@ Shadow pages contain the following information: Contains the value of efer.nx for which the page is valid. role.cr0_wp: Contains the value of cr0.wp for which the page is valid. - role.smep_andnot_wp: - Contains the value of cr4.smep && !cr0.wp for which the page is valid - (pages for which this is true are different from other pages; see the - treatment of cr0.wp=3D0 below). + role.cr4_smep: + Contains the value of cr4.smep for which the page is valid. role.smap_andnot_wp: Contains the value of cr4.smap && !cr0.wp for which the page is valid (pages for which this is true are different from other pages; see the @@ -435,8 +433,8 @@ from being written by the kernel after cr0.wp has chang= ed to 1, we make the value of cr0.wp part of the page role. This means that an spte created with one value of cr0.wp cannot be used when cr0.wp has a different value - it will simply be missed by the shadow page lookup code. A similar issue -exists when an spte created with cr0.wp=3D0 and cr4.smep=3D0 is used after -changing cr4.smep to 1. To avoid this, the value of !cr0.wp && cr4.smep +exists when an spte created with cr0.wp=3D0 and cr4.smap=3D0 is used after +changing cr4.smap to 1. To avoid this, the value of !cr0.wp && cr4.smap is also made a part of the page role. =20 Large pages diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-= x86-ops.h index 3776cf5382a2..e4fca997ec79 100644 --- a/arch/x86/include/asm/kvm-x86-ops.h +++ b/arch/x86/include/asm/kvm-x86-ops.h @@ -94,6 +94,7 @@ KVM_X86_OP_OPTIONAL(sync_pir_to_irr) KVM_X86_OP_OPTIONAL_RET0(set_tss_addr) KVM_X86_OP_OPTIONAL_RET0(set_identity_map_addr) KVM_X86_OP_OPTIONAL_RET0(get_mt_mask) +KVM_X86_OP_OPTIONAL_RET0(tdp_has_smep) KVM_X86_OP(load_mmu_pgd) KVM_X86_OP_OPTIONAL(link_external_spt) KVM_X86_OP_OPTIONAL(set_external_spte) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_hos= t.h index 62dc782b2dd3..23a7ac8d7fbe 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -343,8 +343,8 @@ struct kvm_kernel_irq_routing_entry; * paging has exactly one upper level, making level completely redunda= nt * when has_4_byte_gpte=3D1. * - * - on top of this, smep_andnot_wp and smap_andnot_wp are only set if - * cr0_wp=3D0, therefore these three bits only give rise to 5 possibil= ities. + * - on top of this, smap_andnot_wp is only set if cr0_wp=3D0, + * therefore these two bits only give rise to 3 possibilities. * * Therefore, the maximum number of possible upper-level shadow pages for a * single gfn is a bit less than 2^14. @@ -360,12 +360,19 @@ union kvm_mmu_page_role { unsigned invalid:1; unsigned efer_nx:1; unsigned cr0_wp:1; - unsigned smep_andnot_wp:1; unsigned smap_andnot_wp:1; unsigned ad_disabled:1; unsigned guest_mode:1; unsigned passthrough:1; unsigned is_mirror:1; + + /* + * cr4_smep is also set for EPT MBEC. Because it affects + * which pages are considered non-present (bit 10 additionally + * must be zero if MBEC is on) it has to be in the base role. + */ + unsigned cr4_smep:1; + unsigned:3; =20 /* @@ -392,10 +399,10 @@ union kvm_mmu_page_role { * tables (because KVM doesn't support Protection Keys with shadow paging)= , and * CR0.PG, CR4.PAE, and CR4.PSE are indirectly reflected in role.level. * - * Note, SMEP and SMAP are not redundant with sm*p_andnot_wp in the page r= ole. - * If CR0.WP=3D1, KVM can reuse shadow pages for the guest regardless of S= MEP and - * SMAP, but the MMU's permission checks for software walks need to be SME= P and - * SMAP aware regardless of CR0.WP. + * Note, SMAP is not redundant with smap_andnot_wp in the page role. If + * CR0.WP=3D1, KVM can reuse shadow pages for the guest regardless of SMAP, + * but the MMU's permission checks for software walks need to be SMAP + * aware regardless of CR0.WP. */ union kvm_mmu_extended_role { u32 word; @@ -405,7 +412,6 @@ union kvm_mmu_extended_role { unsigned int cr4_pse:1; unsigned int cr4_pke:1; unsigned int cr4_smap:1; - unsigned int cr4_smep:1; unsigned int cr4_la57:1; unsigned int efer_lma:1; }; @@ -1887,6 +1893,7 @@ struct kvm_x86_ops { int (*set_tss_addr)(struct kvm *kvm, unsigned int addr); int (*set_identity_map_addr)(struct kvm *kvm, u64 ident_addr); u8 (*get_mt_mask)(struct kvm_vcpu *vcpu, gfn_t gfn, bool is_mmio); + bool (*tdp_has_smep)(struct kvm *kvm); =20 void (*load_mmu_pgd)(struct kvm_vcpu *vcpu, hpa_t root_hpa, int root_level); diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 16eaf413b299..156050e22329 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -227,7 +227,7 @@ static inline bool __maybe_unused is_##reg##_##name(str= uct kvm_mmu *mmu) \ } BUILD_MMU_ROLE_ACCESSOR(base, cr0, wp); BUILD_MMU_ROLE_ACCESSOR(ext, cr4, pse); -BUILD_MMU_ROLE_ACCESSOR(ext, cr4, smep); +BUILD_MMU_ROLE_ACCESSOR(base, cr4, smep); BUILD_MMU_ROLE_ACCESSOR(ext, cr4, smap); BUILD_MMU_ROLE_ACCESSOR(ext, cr4, pke); BUILD_MMU_ROLE_ACCESSOR(ext, cr4, la57); @@ -5764,7 +5764,7 @@ static union kvm_cpu_role kvm_calc_cpu_role(struct kv= m_vcpu *vcpu, =20 role.base.efer_nx =3D ____is_efer_nx(regs); role.base.cr0_wp =3D ____is_cr0_wp(regs); - role.base.smep_andnot_wp =3D ____is_cr4_smep(regs) && !____is_cr0_wp(regs= ); + role.base.cr4_smep =3D ____is_cr4_smep(regs); role.base.smap_andnot_wp =3D ____is_cr4_smap(regs) && !____is_cr0_wp(regs= ); role.base.has_4_byte_gpte =3D !____is_cr4_pae(regs); =20 @@ -5776,7 +5776,6 @@ static union kvm_cpu_role kvm_calc_cpu_role(struct kv= m_vcpu *vcpu, else role.base.level =3D PT32_ROOT_LEVEL; =20 - role.ext.cr4_smep =3D ____is_cr4_smep(regs); role.ext.cr4_smap =3D ____is_cr4_smap(regs); role.ext.cr4_pse =3D ____is_cr4_pse(regs); =20 @@ -5835,6 +5834,7 @@ kvm_calc_tdp_mmu_root_page_role(struct kvm_vcpu *vcpu, =20 role.access =3D ACC_ALL; role.cr0_wp =3D true; + role.cr4_smep =3D kvm_x86_call(tdp_has_smep)(vcpu->kvm); role.efer_nx =3D true; role.smm =3D cpu_role.base.smm; role.guest_mode =3D cpu_role.base.guest_mode; --=20 2.54.0 From nobody Fri Jun 12 08:48:46 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4B1B94BCAD4 for ; Tue, 5 May 2026 19:53:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010791; cv=none; b=EQGLguHw9cN5e5zuSWicIZ33mJKCurI2LJDZq0v8anspFaI0BzuPH1Q4ka1GlVxNTsrJkmMEvUN4mflSrU+U+3HqYXlTCLDwrKoZsDFUzK3QAXI7ZgOcszsyrwTW2GscvRJdFLNvXQDbE3GQKAxfQ/TGFD4JyIUCBX20/w1fdMo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010791; c=relaxed/simple; bh=TbWOKH9rsA2QopJiYcgdcC9I173I1FHyrxHi/xCJ3OQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=gul7ddWpAfcnWTumYE6Arhg8LQ4bl32/sCe/P3TUI1KDCWAxgoLDdp29K3HG5JTA9Og/exsNTSPeuvkzPHPqmJ/zOeghXG5rCU6Iry3pDnq+/iXUlhqBFo+pjwjkoBOKrY7k76x+TYMLDOFo/LXJrN5aoHWWY6EuH4uZus4FszY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=WLns1nrA; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=K6F4c5IP; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="WLns1nrA"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="K6F4c5IP" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778010789; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=FbCyP56X600gyFpe4+hPwzpQtiHTgestu4OLkKSb6HU=; b=WLns1nrAidp+A067OuT9DULt3xKMbbSY4iAUWWmQfK4N2eIIgsOIfbBa8P5mKBih/QUwXe Rqpj7tqR0JdAqGSF/dJD2lvuyLzO41aEWvq2Um7a1l5Ujd008mDNFBhb/DYFbzv7N0gZ1R Nod7isKQ+V4gtNAxARAANogbw3Oq9i0= Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-618-NBlKrjH6Niuulj6G9XXS2Q-1; Tue, 05 May 2026 15:53:08 -0400 X-MC-Unique: NBlKrjH6Niuulj6G9XXS2Q-1 X-Mimecast-MFC-AGG-ID: NBlKrjH6Niuulj6G9XXS2Q_1778010787 Received: by mail-wr1-f70.google.com with SMTP id ffacd0b85a97d-43d103e46c3so3704582f8f.3 for ; Tue, 05 May 2026 12:53:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1778010786; x=1778615586; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=FbCyP56X600gyFpe4+hPwzpQtiHTgestu4OLkKSb6HU=; b=K6F4c5IPGnW5pVrFDOzLa/7I+XAPst8/DZq8uv6lk59RENJgv9MWa0OJIuyNAcHa/d MzvtZoT3OLpcWQYhwnFs9KUhrwI9Xbqs1NJnpwGdxu8CtetrqAPbGN8p6zJ6wwiiiNCX rjseueIjUgIGdRzXTK42opK5jlQGlN9v1CDFt3OR98ii6ubzqbTyTPDtvB0iv1SfMdem spz1jsebtQJCunV6MjfsjB5kujNc38rG7xEKAV86j8JkcenZGLjGS7qd2eSo0kr4GMCa iAuey3HXyBStuL+FmTJxfrmr/lwmGd4G2mbq2hpI4trmH2yKqArG+pWRgv30Nz9tFl6u W70A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778010786; x=1778615586; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=FbCyP56X600gyFpe4+hPwzpQtiHTgestu4OLkKSb6HU=; b=m7GZrfbosV9GpUhuuMfIBgEaJLL2FZSvQzOeTOr5oFArcqD879Grskcb6j9jJBIENo o6eB0LL4LFNcqQhOwYS5SrNkzNSBj8I2mVRLYlDzwNdzVij5bDNYXIThwrUBNRLlFnaA cubldwHIM0SmuHU6mp/nytVW+4d9eg8TuMt7wjTXBo0yQzUn/7dnWg70/N+ufcaB31+c NVstgNc6vZwE+Q66zydl+mTBrBrGKQAdefkgkgUo6f7LemiVfUpHRW3xEIHlhcYavk1a RgGAbk2DZWyHIQSjHh1X4lkQRVfkWIUP1zSRFkljz45aIZdFLhGZNqU25q/eZ/aLL0EP qtDw== X-Gm-Message-State: AOJu0YxR6qpm4J2y8klwGfb1Vd+9+qbZT6IcQu9GKa/Tb365KMl8KuWH jMVOeRwM2Z9/OP7xpjGRcs0jW4XzrNrbCHlRDq2aT/pIash49Vfk62LprkxU8BKxzJtf87D8FbH HufhYqEoteJcufCm0OkJhsG91+NoAsWOC0LAzvTG7hPp1iL2AtW2cRHzEHo63+DzyILeOG781aC PfPLOieAulAc+jvXUcSET69d/whBh+qPx2mVG11gUN8HURZPQk6w== X-Gm-Gg: AeBDies3NEEsRK8mWv+KVSIMoGfnY5MA9Il3sJBsf7lmb5YcPL+WwSE58Wuyv1Y2Xmw vJ/DFHp8KSXLXFE9fRqqcyr+4oTqP9iuGhIJItyuCpL33jj5nggqJ4SMaF9FCNB4tOl00IBCqmi d0ewut9gGcTxKRvVR/D814DR59Wb1aohO75i5GaAOA2RGvqx3qMRWrlykXvDXwI0Hvzz2HXP/gy tHNGcJzIfOfx/o8EdYe9hLeF5x2dL4WXw2F5fYp7Upo+v2PdI74/FCktFn0IKpIdd+JxCwy3xyv DITylAbeC2PZfePTp1woB/vyHqJYUz6lERHiIHyToRIpC3cJsn2T49kjs8Fkvt3p4CdkSGIURTx LfK3s3DrahLImePZW+jmXY9OmocRx4miAUjvgcHEQNkyNAeDK+p62TOdaCJhu1JeWrLUcqqvbQv LXJUgNDfyBK59TWCfJpo5oZmfOy5Uu6uRskZGJpSE= X-Received: by 2002:a05:6000:4203:b0:43d:6244:f8b with SMTP id ffacd0b85a97d-4515b61b7f5mr833178f8f.13.1778010785999; Tue, 05 May 2026 12:53:05 -0700 (PDT) X-Received: by 2002:a05:6000:4203:b0:43d:6244:f8b with SMTP id ffacd0b85a97d-4515b61b7f5mr833128f8f.13.1778010785393; Tue, 05 May 2026 12:53:05 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4505558e213sm7082295f8f.25.2026.05.05.12.53.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 12:53:03 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: d.riley@proxmox.com, jon@nutanix.com Subject: [PATCH 15/28] KVM: VMX: enable use of MBEC Date: Tue, 5 May 2026 21:52:13 +0200 Message-ID: <20260505195226.563317-16-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260505195226.563317-1-pbonzini@redhat.com> References: <20260505195226.563317-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" If available, set SECONDARY_EXEC_MODE_BASED_EPT_EXEC in the secondary execution controls. The changes are limited because the MMU is designed to create the same sPTEs independent of the MBEC setting. On hosts lacking support for MBEC, and in nested guests which cannot enable it as of this commit, the XU bit is ignored by the processor. Note that, as of this patch, MBEC is not available to L1 hypervisors for their guests. Tested-by: David Riley Signed-off-by: Paolo Bonzini Reviewed-by: Maxim Levitsky --- arch/x86/include/asm/vmx.h | 3 +++ arch/x86/kvm/mmu.h | 5 +++++ arch/x86/kvm/vmx/capabilities.h | 7 +++++++ arch/x86/kvm/vmx/common.h | 10 +++++----- arch/x86/kvm/vmx/main.c | 9 +++++++++ arch/x86/kvm/vmx/nested.c | 1 + arch/x86/kvm/vmx/vmx.c | 14 ++++++++++++++ arch/x86/kvm/vmx/vmx.h | 1 + arch/x86/kvm/vmx/x86_ops.h | 1 + 9 files changed, 46 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h index 2b30b921b375..54aa5be50df9 100644 --- a/arch/x86/include/asm/vmx.h +++ b/arch/x86/include/asm/vmx.h @@ -619,9 +619,12 @@ enum vm_entry_failure_code { #define EPT_VIOLATION_GVA_TRANSLATED BIT(8) =20 #define EPT_VIOLATION_RWX_TO_PROT(__epte) (((__epte) & VMX_EPT_RWX_MASK) <= < 3) +#define EPT_VIOLATION_USER_EXEC_TO_PROT(__epte) (((__epte) & VMX_EPT_USER_= EXECUTABLE_MASK) >> 4) =20 static_assert(EPT_VIOLATION_RWX_TO_PROT(VMX_EPT_RWX_MASK) =3D=3D (EPT_VIOLATION_PROT_READ | EPT_VIOLATION_PROT_WRITE | EPT_VIOLATION= _PROT_EXEC)); +static_assert(EPT_VIOLATION_USER_EXEC_TO_PROT(VMX_EPT_USER_EXECUTABLE_MASK= ) =3D=3D + (EPT_VIOLATION_PROT_USER_EXEC)); =20 /* * Exit Qualifications for NOTIFY VM EXIT diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h index d8c13e43c2d7..23bc5b18efd0 100644 --- a/arch/x86/kvm/mmu.h +++ b/arch/x86/kvm/mmu.h @@ -83,6 +83,11 @@ static inline gfn_t kvm_mmu_max_gfn(void) return (1ULL << (max_gpa_bits - PAGE_SHIFT)) - 1; } =20 +static inline bool mmu_has_mbec(struct kvm_mmu *mmu) +{ + return mmu->root_role.cr4_smep; +} + u8 kvm_mmu_get_max_tdp_level(void); =20 void kvm_mmu_set_mmio_spte_mask(u64 mmio_value, u64 mmio_mask, u64 access_= mask); diff --git a/arch/x86/kvm/vmx/capabilities.h b/arch/x86/kvm/vmx/capabilitie= s.h index 7e59eb0f41bb..07469d1cfe74 100644 --- a/arch/x86/kvm/vmx/capabilities.h +++ b/arch/x86/kvm/vmx/capabilities.h @@ -15,6 +15,7 @@ extern bool __read_mostly enable_ept; extern bool __read_mostly enable_unrestricted_guest; extern bool __read_mostly enable_ept_ad_bits; extern bool __read_mostly enable_pml; +extern bool __read_mostly enable_mbec; extern int __read_mostly pt_mode; =20 #define PT_MODE_SYSTEM 0 @@ -406,4 +407,10 @@ static inline bool cpu_has_notify_vmexit(void) SECONDARY_EXEC_NOTIFY_VM_EXITING; } =20 +static inline bool cpu_has_ept_mbec(void) +{ + return vmcs_config.cpu_based_2nd_exec_ctrl & + SECONDARY_EXEC_MODE_BASED_EPT_EXEC; +} + #endif /* __KVM_X86_VMX_CAPS_H */ diff --git a/arch/x86/kvm/vmx/common.h b/arch/x86/kvm/vmx/common.h index 1afbf272efae..40fa72f31fc7 100644 --- a/arch/x86/kvm/vmx/common.h +++ b/arch/x86/kvm/vmx/common.h @@ -91,15 +91,15 @@ static inline int __vmx_handle_ept_violation(struct kvm= _vcpu *vcpu, gpa_t gpa, /* Is it a fetch fault? */ error_code |=3D (exit_qualification & EPT_VIOLATION_ACC_INSTR) ? PFERR_FETCH_MASK : 0; - /* - * ept page table entry is present? - * note: unconditionally clear USER_EXEC until mode-based - * execute control is implemented - */ + /* ept page table entry is present? */ error_code |=3D (exit_qualification & (EPT_VIOLATION_PROT_MASK & ~EPT_VIOLATION_PROT_USER_EXEC)) ? PFERR_PRESENT_MASK : 0; =20 + if (mmu_has_mbec(vcpu->arch.mmu)) + error_code |=3D (exit_qualification & EPT_VIOLATION_PROT_USER_EXEC) + ? PFERR_PRESENT_MASK : 0; + if (exit_qualification & EPT_VIOLATION_GVA_IS_VALID) error_code |=3D (exit_qualification & EPT_VIOLATION_GVA_TRANSLATED) ? PFERR_GUEST_FINAL_MASK : PFERR_GUEST_PAGE_MASK; diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c index dbebddf648be..83d9921277ea 100644 --- a/arch/x86/kvm/vmx/main.c +++ b/arch/x86/kvm/vmx/main.c @@ -755,6 +755,14 @@ static int vt_set_identity_map_addr(struct kvm *kvm, u= 64 ident_addr) return vmx_set_identity_map_addr(kvm, ident_addr); } =20 +static bool vt_tdp_has_smep(struct kvm *kvm) +{ + if (is_td(kvm)) + return false; + + return vmx_tdp_has_smep(kvm); +} + static u64 vt_get_l2_tsc_offset(struct kvm_vcpu *vcpu) { /* TDX doesn't support L2 guest at the moment. */ @@ -966,6 +974,7 @@ struct kvm_x86_ops vt_x86_ops __initdata =3D { .set_tss_addr =3D vt_op(set_tss_addr), .set_identity_map_addr =3D vt_op(set_identity_map_addr), .get_mt_mask =3D vmx_get_mt_mask, + .tdp_has_smep =3D vt_op(tdp_has_smep), =20 .get_exit_info =3D vt_op(get_exit_info), .get_entry_info =3D vt_op(get_entry_info), diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index cd1924c6e075..299d4ca60fb3 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -2440,6 +2440,7 @@ static void prepare_vmcs02_early(struct vcpu_vmx *vmx= , struct loaded_vmcs *vmcs0 SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY | SECONDARY_EXEC_APIC_REGISTER_VIRT | SECONDARY_EXEC_ENABLE_VMFUNC | + SECONDARY_EXEC_MODE_BASED_EPT_EXEC | SECONDARY_EXEC_DESC); =20 if (nested_cpu_has(vmcs12, diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 337bbfecc021..f1d616f928a1 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -114,6 +114,9 @@ module_param(emulate_invalid_guest_state, bool, 0444); static bool __read_mostly fasteoi =3D 1; module_param(fasteoi, bool, 0444); =20 +bool __read_mostly enable_mbec =3D 1; +module_param_named(mbec, enable_mbec, bool, 0444); + module_param(enable_apicv, bool, 0444); module_param(enable_ipiv, bool, 0444); =20 @@ -2773,6 +2776,7 @@ static int setup_vmcs_config(struct vmcs_config *vmcs= _conf, return -EIO; =20 vmx_cap->ept =3D 0; + _cpu_based_2nd_exec_control &=3D ~SECONDARY_EXEC_MODE_BASED_EPT_EXEC; _cpu_based_2nd_exec_control &=3D ~SECONDARY_EXEC_EPT_VIOLATION_VE; } if (!(_cpu_based_2nd_exec_control & SECONDARY_EXEC_ENABLE_VPID) && @@ -4735,6 +4739,9 @@ static u32 vmx_secondary_exec_control(struct vcpu_vmx= *vmx) */ exec_control &=3D ~SECONDARY_EXEC_ENABLE_VMFUNC; =20 + if (!enable_mbec) + exec_control &=3D ~SECONDARY_EXEC_MODE_BASED_EPT_EXEC; + /* SECONDARY_EXEC_DESC is enabled/disabled on writes to CR4.UMIP, * in vmx_set_cr4. */ exec_control &=3D ~SECONDARY_EXEC_DESC; @@ -7823,6 +7830,11 @@ u8 vmx_get_mt_mask(struct kvm_vcpu *vcpu, gfn_t gfn,= bool is_mmio) return (MTRR_TYPE_WRBACK << VMX_EPT_MT_EPTE_SHIFT); } =20 +bool vmx_tdp_has_smep(struct kvm *kvm) +{ + return enable_mbec; +} + static void vmcs_set_secondary_exec_control(struct vcpu_vmx *vmx, u32 new_= ctl) { /* @@ -8622,6 +8634,8 @@ __init int vmx_hardware_setup(void) =20 if (!cpu_has_vmx_ept_ad_bits() || !enable_ept) enable_ept_ad_bits =3D 0; + if (!cpu_has_ept_mbec() || !enable_ept) + enable_mbec =3D 0; =20 if (!cpu_has_vmx_unrestricted_guest() || !enable_ept) enable_unrestricted_guest =3D 0; diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h index db84e8001da5..0a4e263c4095 100644 --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -567,6 +567,7 @@ static inline u8 vmx_get_rvi(void) SECONDARY_EXEC_ENABLE_VMFUNC | \ SECONDARY_EXEC_BUS_LOCK_DETECTION | \ SECONDARY_EXEC_NOTIFY_VM_EXITING | \ + SECONDARY_EXEC_MODE_BASED_EPT_EXEC | \ SECONDARY_EXEC_ENCLS_EXITING | \ SECONDARY_EXEC_EPT_VIOLATION_VE) =20 diff --git a/arch/x86/kvm/vmx/x86_ops.h b/arch/x86/kvm/vmx/x86_ops.h index d09abeac2b56..69cf276be88e 100644 --- a/arch/x86/kvm/vmx/x86_ops.h +++ b/arch/x86/kvm/vmx/x86_ops.h @@ -103,6 +103,7 @@ void vmx_load_eoi_exitmap(struct kvm_vcpu *vcpu, u64 *e= oi_exit_bitmap); int vmx_set_tss_addr(struct kvm *kvm, unsigned int addr); int vmx_set_identity_map_addr(struct kvm *kvm, u64 ident_addr); u8 vmx_get_mt_mask(struct kvm_vcpu *vcpu, gfn_t gfn, bool is_mmio); +bool vmx_tdp_has_smep(struct kvm *kvm); =20 void vmx_get_exit_info(struct kvm_vcpu *vcpu, u32 *reason, u64 *info1, u64 *info2, u32 *intr_info, u32 *error_code); --=20 2.54.0 From nobody Fri Jun 12 08:48:46 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4E68F3DB655 for ; Tue, 5 May 2026 19:53:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010793; cv=none; b=Kc9IPyNiEcNe1K327CqiW7EPdY+G2cR1Ki5bPNBfywXMduODj+5schSLPnkDQ1baok59LGRKRY1x1u3lrP+Qhrr/3/HCeanHoGKVw5owqM9NDDHIooPSH6exPRhx2MTt7/p3U/WLS+13sWOzFEcl6HmLeuJfGwP5V89+HOiIm04= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010793; c=relaxed/simple; bh=jfvm/JnkfbaGQPdbMd6FbQ2YV2ugfIWTAz91e6zk7U8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=mGHOgv5yScYxPQe6SOap9rTqG3LS2NXdtpYcXcoaHW0TIttACpTRWjlbDJiNP8D0F9MraN0DljLKCH64By0a648BMqMVNfKCbHjkijyvfsiHct4NieNT3ZhOyds9XtvHFHH9ptVRFe8YfCdN/HOXjYP02LxKKMa/apYRufyv41M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=feIgyA1l; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=OXQ/IDRv; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="feIgyA1l"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="OXQ/IDRv" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778010791; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/gfkifHMFZcUI+UK6c3nYqWoKDoO6Dy1f2zDJck75gI=; b=feIgyA1lq/LjPRZc9uVncr0lm1mBilu5Z5srfODGbQgYU+vfh5GPoWCV5hH6XivOHKFSYP TvE6WxFTzFVuXsN1Ng96/mv6K5OnlcapLW4fJG0IYQatyxUDnTLfmJwnMp26r52312tYQR CkT7ADfogDuwzaSPGSxQwvnXzNCwJ+0= Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-367-e1M_Qu_kPQaWdw6kKEi-Cg-1; Tue, 05 May 2026 15:53:10 -0400 X-MC-Unique: e1M_Qu_kPQaWdw6kKEi-Cg-1 X-Mimecast-MFC-AGG-ID: e1M_Qu_kPQaWdw6kKEi-Cg_1778010789 Received: by mail-wr1-f70.google.com with SMTP id ffacd0b85a97d-44ffa15dc73so983274f8f.1 for ; Tue, 05 May 2026 12:53:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1778010788; x=1778615588; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=/gfkifHMFZcUI+UK6c3nYqWoKDoO6Dy1f2zDJck75gI=; b=OXQ/IDRv47Bx6AMLIEKkjX2oYFQBhVnIrU1tmwwAfQbeFYASy5wMq/HN5dJEmGh2th 7/+1sf1l9jY9pF+Jx7vfj+/V6gkTjQ4i+lWnmbq/txCpR619rJK7QUEjvPZR4da6wbuJ D7amuohkVQd2p/LMzAOWjvLDfMtITm0bUSBEU1rYsZL0e31fH9Xj3s3QhmYfmfYZwY1e dykzaE8YSlDE8ojxcNetUfsJMEtLJXOsH789bIoU392UtpbLqL0hWA+WBN1cVn7+bEKT RblVVVlWgLKRvqk6Dx/wnYTY/ks/Q2L3u28K/LjHk4sLYovvjmJmO5/Cs+Kyf86KuBYA MLeA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778010788; x=1778615588; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=/gfkifHMFZcUI+UK6c3nYqWoKDoO6Dy1f2zDJck75gI=; b=WhUWjNhoT7KXMyK9ulxapf9Cib/j06P9RQi9r2QaHP/S5AXYdapgrfImcvFyVrVeG1 gxQuCA0ulStBaFCdd6DuuA8vjkdrmveQ0Gws7Mpl7urx3KfXbsqymU4dKolHVqgINWsY fZAoLC7FWkLX/kyH9JNmkDbsSpOz0JiDXu4O6miScDC4hq0NB6c1gLvB9MJBl3ftETWn mEgGC2eZdWYOmbQ24UzCsurbF93mbdXG0jATBaUWtSylipSe9P2cpyRICFeKXA0enLOH qp3h0zvvund8XmwXjI5oxCBb9e0A9ak7Kv5jJJg5srcgUf/mIr19Mvyh4GEbYurEGIaR Q8kw== X-Gm-Message-State: AOJu0Yz2YaftmuWjOwfCDH64mCYQtgKCzeXTINNFR7n+LgkI7pSGd2BX 0hrmwIc1H3FptB7BoyMWsqJH3V7vm/ZV2pFUq8IArQetEun3tRpKT7JSY2OxhwXGBFaRK0al6N9 VE2daIEdbI387C2Tqk2iLGAbfPdp+8yYAl8bmgM3/owJqOvPFLOvV7W6DApKIfWtZToY32w033D aEXh8P9I8gklT5VtNng3bcSSkgu/MKtfxqdHShQLxm3i67TUEZfA== X-Gm-Gg: AeBDiev5NlKiAN9WXVBfUEeb2P5LMaYN9ydd1jzHFQhXYArT/ycREKUCko9t++TK7kF 43LpkUUoS2l+CKWYxUkom3SpYamw3CGgWr1eQjDP9SfWnf7u+FUgeZbYEp4rNOHcXQ6KffC6kF4 rJZurKujLuZdnQiV/vNDoooaVAHKZbfrcteo/7Ed1dzLC9evRDNO7Ua85abqa2zEp0vej06eyOp l8ndLMOzHTZFq+btGXL5eqwdb8D7qMUMu52itpZp0AOn0rnIhMZPwzSRq+7S/1b/qa92ddiiKL2 vOM900rAaOdiiUUcpBWC6uWM3RmFI0G0QMEmZ/N4RUzP6NtkR+hUMFugKqJYROZCN91jRqnccuQ XrfcyewEeoQLr5/QOhMTkrgnPTaDPsq5P1mOUVc+UilnEBzbTHkrh3s0wT/Vpy3MsWGSbcpTGJK bvCW1/qgFxgqyxyaF86ecx8KKAOyvLMABI5UPF4K0= X-Received: by 2002:a5d:5f84:0:b0:43c:fe0e:5bb9 with SMTP id ffacd0b85a97d-4515b523fa3mr789632f8f.12.1778010788171; Tue, 05 May 2026 12:53:08 -0700 (PDT) X-Received: by 2002:a5d:5f84:0:b0:43c:fe0e:5bb9 with SMTP id ffacd0b85a97d-4515b523fa3mr789599f8f.12.1778010787670; Tue, 05 May 2026 12:53:07 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-450524833e1sm6878462f8f.2.2026.05.05.12.53.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 12:53:06 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: d.riley@proxmox.com, jon@nutanix.com Subject: [PATCH 16/28] KVM: nVMX: pass advanced EPT violation vmexit info to guest Date: Tue, 5 May 2026 21:52:14 +0200 Message-ID: <20260505195226.563317-17-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260505195226.563317-1-pbonzini@redhat.com> References: <20260505195226.563317-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" KVM will use advanced vmexit information for EPT violations to virtualize MBEC. Pass it to the guest since it is easy and allows testing nested nested. Tested-by: David Riley Signed-off-by: Paolo Bonzini Reviewed-by: Maxim Levitsky --- arch/x86/include/asm/vmx.h | 4 ++++ arch/x86/kvm/mmu/paging_tmpl.h | 2 +- arch/x86/kvm/vmx/nested.c | 13 +++++++++---- 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h index 54aa5be50df9..ed2ded531e55 100644 --- a/arch/x86/include/asm/vmx.h +++ b/arch/x86/include/asm/vmx.h @@ -535,6 +535,7 @@ enum vmcs_field { #define VMX_EPT_1GB_PAGE_BIT (1ull << 17) #define VMX_EPT_INVEPT_BIT (1ull << 20) #define VMX_EPT_AD_BIT (1ull << 21) +#define VMX_EPT_ADVANCED_VMEXIT_INFO_BIT (1ull << 22) #define VMX_EPT_EXTENT_CONTEXT_BIT (1ull << 25) #define VMX_EPT_EXTENT_GLOBAL_BIT (1ull << 26) =20 @@ -617,6 +618,9 @@ enum vm_entry_failure_code { EPT_VIOLATION_PROT_USER_EXEC) #define EPT_VIOLATION_GVA_IS_VALID BIT(7) #define EPT_VIOLATION_GVA_TRANSLATED BIT(8) +#define EPT_VIOLATION_GVA_USER BIT(9) +#define EPT_VIOLATION_GVA_WRITABLE BIT(10) +#define EPT_VIOLATION_GVA_NX BIT(11) =20 #define EPT_VIOLATION_RWX_TO_PROT(__epte) (((__epte) & VMX_EPT_RWX_MASK) <= < 3) #define EPT_VIOLATION_USER_EXEC_TO_PROT(__epte) (((__epte) & VMX_EPT_USER_= EXECUTABLE_MASK) >> 4) diff --git a/arch/x86/kvm/mmu/paging_tmpl.h b/arch/x86/kvm/mmu/paging_tmpl.h index 8dd9d510fc34..d4ce55195a7c 100644 --- a/arch/x86/kvm/mmu/paging_tmpl.h +++ b/arch/x86/kvm/mmu/paging_tmpl.h @@ -494,7 +494,7 @@ static int FNAME(walk_addr_generic)(struct guest_walker= *walker, * [2:0] - Derive from the access bits. The exit_qualification might be * out of date if it is serving an EPT misconfiguration. * [5:3] - Calculated by the page walk of the guest EPT page tables - * [7:8] - Derived from [7:8] of real exit_qualification + * [7:11] - Derived from [7:11] of real exit_qualification * * The other bits are set to 0. */ diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 299d4ca60fb3..46b65475765d 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -443,10 +443,14 @@ static void nested_ept_inject_page_fault(struct kvm_v= cpu *vcpu, vm_exit_reason =3D EXIT_REASON_EPT_MISCONFIG; exit_qualification =3D 0; } else { + u64 mask =3D EPT_VIOLATION_GVA_IS_VALID | + EPT_VIOLATION_GVA_TRANSLATED; + if (vmx->nested.msrs.ept_caps & VMX_EPT_ADVANCED_VMEXIT_INFO_BIT) + mask |=3D EPT_VIOLATION_GVA_USER | + EPT_VIOLATION_GVA_WRITABLE | + EPT_VIOLATION_GVA_NX; exit_qualification =3D fault->exit_qualification; - exit_qualification |=3D vmx_get_exit_qual(vcpu) & - (EPT_VIOLATION_GVA_IS_VALID | - EPT_VIOLATION_GVA_TRANSLATED); + exit_qualification |=3D vmx_get_exit_qual(vcpu) & mask; vm_exit_reason =3D EXIT_REASON_EPT_VIOLATION; } =20 @@ -7240,7 +7244,8 @@ static void nested_vmx_setup_secondary_ctls(u32 ept_c= aps, VMX_EPT_PAGE_WALK_5_BIT | VMX_EPTP_WB_BIT | VMX_EPT_INVEPT_BIT | - VMX_EPT_EXECUTE_ONLY_BIT; + VMX_EPT_EXECUTE_ONLY_BIT | + VMX_EPT_ADVANCED_VMEXIT_INFO_BIT; =20 msrs->ept_caps &=3D ept_caps; msrs->ept_caps |=3D VMX_EPT_EXTENT_GLOBAL_BIT | --=20 2.54.0 From nobody Fri Jun 12 08:48:46 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EF5694C6EF7 for ; Tue, 5 May 2026 19:53:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010796; cv=none; b=FbBmX9QexV9oP+3Z5FzWzaroLwOo5hAShEVaFuqQo5n9/1yJhllw8tsCUkQCruLj38270pvAxTmWm/c0fEhnwEo11n/fL+nvvIObyZTXXfkGsP6KfdERXaaTA7NYFJPAYgidk3MutuH2IL4DQNUtiE05uyCnvavXrcWRtbi8tuY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010796; c=relaxed/simple; bh=p/RS8mTkZARsqGGf5FHu4Sq1ULWyZ5K+JwTgdxX6Gok=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=CBUqGDCGrUa57dG9M5Eatit8xQNy5Jr1auWweeeBFctq7YzQP6qd3mE7xLQSV0B0qiBjwGWXbVYVqNgaZrzrfEeP/BfZpiNhhnQ98oAQL/0+L3Rp3BE4jhXlOp59oFUs2kh4qAuZsOTvmuz1btYKY71DyiQqX0pHIFqu0VAhNxc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=hSl8lahZ; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=T1CrrKlm; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="hSl8lahZ"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="T1CrrKlm" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778010794; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=K1LlbVVvb6bc3n6W/eomsX6pDCjgYlqb6seg4n1Vqj4=; b=hSl8lahZOVGwANPd6Nmv9VpthZ0H9lOhQHzRnbqFip0Ec3uR2+7VVjaBGgjUlQ+vRsdJfD Hz41CqSbLIXKOpCDUqVn1yEHfTOdKMAIpXhhkJ0hPL4EWcSmNf7Sq303ooNfggRsOiQnmi jhbdxgxZTTkXAKN8Noyh8osFldvX9to= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-29-4p6fgqU1NuGfCG8SaFH6pg-1; Tue, 05 May 2026 15:53:12 -0400 X-MC-Unique: 4p6fgqU1NuGfCG8SaFH6pg-1 X-Mimecast-MFC-AGG-ID: 4p6fgqU1NuGfCG8SaFH6pg_1778010791 Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-48d035e8593so17345955e9.0 for ; Tue, 05 May 2026 12:53:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1778010790; x=1778615590; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=K1LlbVVvb6bc3n6W/eomsX6pDCjgYlqb6seg4n1Vqj4=; b=T1CrrKlmAHt8ZlL2vCY5uTU+E6KB5CuTQYOav9ySq1vsUPzu3aPhAZdErvDc//O19V 6xUk8upCvibOVrf29SOnYZ+l7USzX/KOI127oMenChDIkOsTD2TTWZ94YCHnL7jLdgNy 7/b3XhCTIIqdiMu/DNCJe67EiFBeF0NqSIU7PwuQnp0BCx8Ceic3enW3NMsRCeiYrFfe BtkfoFcLfncv/sloHfGlFZxq53k0YppR7TNnvLpu7B2Zwvz13SC0j3OTSn6huF5916Zq J8YD/AAavp8kal1ZtUQ062wn1h+iluRrrwIBIekwJhZp+88RslB2d7ytVFJfdCKwIMGi XP0g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778010790; x=1778615590; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=K1LlbVVvb6bc3n6W/eomsX6pDCjgYlqb6seg4n1Vqj4=; b=aVgkDM47cbZXnukXHyQSI3zLjwHPLd5vrSzeCbw84T46R+chWf/5++DD23pY6R5gh4 CPAvUt716JuWrdMuN2DdH377V7RM1KxItH6GMnRolcJfNcpi22KHS8IbRhv+b2PTD8PI q0H8Xpfu7iRkvuo0axG/Uf/0F68UTp3nr00W7NFzQdFQRwMN+txFp9uSBZinLGIqfw7H aGJIqhkvAVOTplrB6pWGyePx+sLrf8ljdusTwff19B+lNFX4RnrvaypkIqZDAA0pQyCB cJtcTWnHKbsu1LQE7v4GT1lwUrh9u+OpzbygX/rSYh1eOJjigBhPr4uz+xAqfn0l1/nx w6nw== X-Gm-Message-State: AOJu0YyZPlvbCLKU3GHOCdedv8WdvHdZrBuxNmQ/O5mfb4aSZIip+RYj RsKHtOzyco28ttT+7g4RfuyZWNR+Vu9nCG9ydRnVUnxoyrwxz50jRqw7huvImlfLQfiXhurTGi8 Icy6BFdxZ9z7yFNqU+vfkOvDxtaUnCRVlr9gmTu+2fw9vFXyutVWjYBhrQXOvofGvWTgYqZavru GyAC/zGsf4zLZ5snFv1DvZyAcvIvwrp7ivXtu7/LuNLFY2pE9hyg== X-Gm-Gg: AeBDietpf7spRu7DvauN8LqlxPS7rfYQ1m1c5ANBZD6CmBbMgNT3V9+v9JFjsSb9mjd bQzs9tPy/C4ztElxo6t7/ciLynMF0ae7bAxwIN31ISbdHRwkYi5kXDzr9l41nPgBsTZznDj1ukq 0Nho6dWs7JXxueZcaevGjhkTgaOeF/CEy5Z5uuAouC4Qk/C+//wyF956XdjuxTDDTRNdy/Ty7Cc JfYijDH+zLlqHnlr9YrjJfpGIUms9qwVC4UaayQpwkpgMW2Lwh/IbZNY/ZCqE4wjUEiVJwrWvcZ VNrL5AIj1nEvql/+X6AbpmbtQF92Ce3wUvH5SZSce7IUANPILQOK295bfCa/XPl+DRpcdL/+G/L lKROJXbvgXIoDUtVW/AbwAdHW6S51lEwDdBYOXdRwI+Xh/RIclx5GR2jAbH+ZfAen7afmLFAerC lzTN3vtMm+NtGSAbq2hBIoxYeoct85AjljvBfM7GE= X-Received: by 2002:a05:600c:8b04:b0:47e:e2eb:bc22 with SMTP id 5b1f17b1804b1-48e51f183demr9670695e9.5.1778010790267; Tue, 05 May 2026 12:53:10 -0700 (PDT) X-Received: by 2002:a05:600c:8b04:b0:47e:e2eb:bc22 with SMTP id 5b1f17b1804b1-48e51f183demr9670255e9.5.1778010789807; Tue, 05 May 2026 12:53:09 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48a8ebb2f32sm377292575e9.13.2026.05.05.12.53.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 12:53:08 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: d.riley@proxmox.com, jon@nutanix.com Subject: [PATCH 17/28] KVM: nVMX: pass PFERR_USER_MASK to MMU on EPT violations Date: Tue, 5 May 2026 21:52:15 +0200 Message-ID: <20260505195226.563317-18-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260505195226.563317-1-pbonzini@redhat.com> References: <20260505195226.563317-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" For EPT, PFERR_USER_MASK refers not to the CPL of the guest, but to the AND of the U bits encountered while walking guest page tables; this is consistent with how MBEC differentiates between XS and XU. This is available through the "advanced vmexit information for EPT violations" feature. Tested-by: David Riley Signed-off-by: Paolo Bonzini --- arch/x86/kvm/vmx/common.h | 12 +++++++++--- arch/x86/kvm/vmx/vmx.c | 10 ++++++++++ 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/vmx/common.h b/arch/x86/kvm/vmx/common.h index 40fa72f31fc7..08005676702c 100644 --- a/arch/x86/kvm/vmx/common.h +++ b/arch/x86/kvm/vmx/common.h @@ -100,9 +100,15 @@ static inline int __vmx_handle_ept_violation(struct kv= m_vcpu *vcpu, gpa_t gpa, error_code |=3D (exit_qualification & EPT_VIOLATION_PROT_USER_EXEC) ? PFERR_PRESENT_MASK : 0; =20 - if (exit_qualification & EPT_VIOLATION_GVA_IS_VALID) - error_code |=3D (exit_qualification & EPT_VIOLATION_GVA_TRANSLATED) ? - PFERR_GUEST_FINAL_MASK : PFERR_GUEST_PAGE_MASK; + if (exit_qualification & EPT_VIOLATION_GVA_IS_VALID) { + if (exit_qualification & EPT_VIOLATION_GVA_TRANSLATED) { + error_code |=3D PFERR_GUEST_FINAL_MASK; + if (exit_qualification & EPT_VIOLATION_GVA_USER) + error_code |=3D PFERR_USER_MASK; + } else { + error_code |=3D PFERR_GUEST_PAGE_MASK; + } + } =20 if (vt_is_tdx_private_gpa(vcpu->kvm, gpa)) error_code |=3D PFERR_PRIVATE_ACCESS; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index f1d616f928a1..9d5cd358ccc5 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -2790,6 +2790,16 @@ static int setup_vmcs_config(struct vmcs_config *vmc= s_conf, vmx_cap->vpid =3D 0; } =20 + /* + * Virtualizing MBEC requires advanced vmexit information in order to + * distinguish supervisor and user accesses. For simplicity and clarity + * disable MBEC entirely if advanced vmexit information is not available, + * this way mbec=3D1 in the kvm_intel module parameters implies availabil= ity + * to nested guests as well. + */ + if (!(vmx_cap->ept & VMX_EPT_ADVANCED_VMEXIT_INFO_BIT)) + _cpu_based_2nd_exec_control &=3D ~SECONDARY_EXEC_MODE_BASED_EPT_EXEC; + if (!cpu_has_sgx()) _cpu_based_2nd_exec_control &=3D ~SECONDARY_EXEC_ENCLS_EXITING; =20 --=20 2.54.0 From nobody Fri Jun 12 08:48:46 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 069674C6F1C for ; Tue, 5 May 2026 19:53:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010798; cv=none; b=DBseHewadSsdv/iZkO3NRmFLINuzrCmCw9Y0VlGnpNrlKLbI9Zle2W/KzInvf/SFStHXhV7E1XkhZEze3BQKglHZHl2uuHLPO+9vVU1bfhQmCeSoTZTOPRddHps9ILiSImDXObeNgyXUij9tjK32fcY77BLtD95XNkyxZFsqLQI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010798; c=relaxed/simple; bh=rJPm4NDp94NZY1zF9AK5L99+BIR3MJVYPY4F2Kp0UjE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Ue4W4OqveAVs99Ar11Z0KvuhblrnLxbuFUKNaYpR4AhAeXURoIL6MzIdndcxNbbrhsJgO6Q1t0I/ODMZ7xkQXzHIUqg2b2JczT/+FPPRMrRHyublk9tbniNeml3ldnYRGA2vFqUIrF3s4//WSi8PeZ9PL9UCNY3dbUCXInabHL4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=RlgzN10w; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=h9J6peSO; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="RlgzN10w"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="h9J6peSO" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778010796; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lpUbzxtZJ85/hSmuxpEMRZGP9r8CuT9MGtmtr8hkk1w=; b=RlgzN10wlF1CAFJJCkgWJiO5Wiaejpa5myt5KvIh0dSkulaaMVS/PsXXHcVm8uQ0in5efM qI5U8yXeXs9gVKXryhae9QohjTRe37jVtEPNjNQNFHAu1GG2uTMkOc0J9PrFLPiblD4AZd YF+LHdxZWZghNznIk7AEPVY/dCLcu/4= Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-633-_VeTZIO5PhKJpckxcKx5aw-1; Tue, 05 May 2026 15:53:14 -0400 X-MC-Unique: _VeTZIO5PhKJpckxcKx5aw-1 X-Mimecast-MFC-AGG-ID: _VeTZIO5PhKJpckxcKx5aw_1778010793 Received: by mail-wm1-f71.google.com with SMTP id 5b1f17b1804b1-48d104d1d8aso14774715e9.3 for ; Tue, 05 May 2026 12:53:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1778010793; x=1778615593; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=lpUbzxtZJ85/hSmuxpEMRZGP9r8CuT9MGtmtr8hkk1w=; b=h9J6peSOQUP9K63cud8rhB5FvkDoRm52C4BHJ1FXVTf5SnDVK4etcH2/jX/WPnMwhf j4AeulcojCVz1IESrrt/Nd9ckEpjdDq1Rwjpoc0Wvzh6O71IT+4l0dUvC4FJ1dEBfL5N +qtR5zgumQb9aRx/fvRNj+2D6nM3XG29AnqKaN1YMHBNR9tS/v6r6dLhkAq4AIO7DCaZ tG5aR0Z1sWA2lCMMpBRwSzayndyATs5pKZTjm6Ffd/SBwxvbrqQpqRd05IgwOTPvOq3C +y6KIVaaQ7/phRl4791R2lYtWcI7LlA1j2KeW0Gpbpkicam4ncnLLaufDLe5DkYRDDnS ip+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778010793; x=1778615593; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=lpUbzxtZJ85/hSmuxpEMRZGP9r8CuT9MGtmtr8hkk1w=; b=O0PEtDVaRpJI1FtWjBWfMv3Wqdoz9vpPJbxisoLMWb6SqJ88/ZVQDJ5pwhddrIX+Ut SVzKBWPth+57w1GDU3Vat9LroG0b7YdcDVJhis3lZxKprHgO20BuGDX1p9J94BqJF03C dz0vht1HlrhfQKGxeBO9OfwtgZGgJG+ED3e5HVixPycS3m5XOgZptPeCTj3OYzj+fOfF cWuc+JSN4VVvvE5Ah/j/B5Q/wn/632h8Ec3G3L37Hv3pC+lHtPU2pUplxxPN54NXSGz6 d5BEpgtPUnWyRf9wX5l+/T3GBvChzHDmSsMSbU4AWO2zw4V4Mr9MhJAtdERucmSLqGKd TNUA== X-Gm-Message-State: AOJu0YyQ7PGzqdbOWlyF1ZoE+tu1dLBaND6iWG48hkFx3Ptbue57V/Yq URx1q4ElaTM6pDshwNiTu8QpLzzGbOWqhqXXScGNAP47sJBf9ot8tC8D+CCerpX1No6qjqvtPHZ w1nEcEMf1YnfUDndTzJawGBtf2UdNLK1mn8bSdB7I/oPY8QxuS8cfi61+lJi8pfFyuFVAI5zpAc FedmAaQ9qw/Y1zhOC4GDR34u6CbUISWmd7ZPFsB0CJL8Lyb8VsoQ== X-Gm-Gg: AeBDiesCa0uwTgVT8DqhqpVn3OWjmNxI82f7csaXEy1b1jv/NeuXxe+8fLzSxlCBnnX 1jregRmSqRNtaXPoiUQaicqDvv7dhMRCirPQwd37aVWBvJ41GZuI8Q6vz9QU+6fhq0JQgCtgaDT 6lMdzp4ib21hbCPdwuzqiYI3pa8C/2o7IpBJ6IHw3u1tiW3le0JJLmY/IOeJu1bhGxyYD09x6cb CShkCZIGnvO0+UUbXqkmt27wsc+vOvi/Rou7xQjUDGrGtYkp/MbPVbW/9IzAascNTjTscV7pP2o ZV/egL0m8qk+2kpH7LN+UicJ6oSWpN1EOzKsHVd4M5pMF4L4fQGB1YOtmpfa2TPzbl3k29jQzuv 249BasUhSK9KSGtmUnbbIhu75LBRMrE9Q5j6yKe3L748CnBOVcMHix8/w+uWhUH95RVtBqwMNPz jeZSJLCo4OnAPGLX1gquypS7NQHQVgWvlt1b1p+JY= X-Received: by 2002:a05:600d:10:b0:489:a4:e555 with SMTP id 5b1f17b1804b1-48e51f36fc6mr9034945e9.21.1778010792963; Tue, 05 May 2026 12:53:12 -0700 (PDT) X-Received: by 2002:a05:600d:10:b0:489:a4:e555 with SMTP id 5b1f17b1804b1-48e51f36fc6mr9034565e9.21.1778010792515; Tue, 05 May 2026 12:53:12 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48a8eb694fcsm397632315e9.3.2026.05.05.12.53.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 12:53:10 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: d.riley@proxmox.com, jon@nutanix.com Subject: [PATCH 18/28] KVM: x86/mmu: add support for MBEC to EPT page table walks Date: Tue, 5 May 2026 21:52:16 +0200 Message-ID: <20260505195226.563317-19-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260505195226.563317-1-pbonzini@redhat.com> References: <20260505195226.563317-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Extend the page walker to support moving bit 10 of the PTEs into ACC_USER_EXEC_MASK and bit 6 of the exit qualification of EPT violation VM exits. Note that while mmu_has_mbec()/cr4_smep affect the interpretation of ACC_USER_EXEC_MASK and add bit 10 as a "present bit" in guest EPT page table entries, they do not affect how KVM operates on SPTEs. That's because the MMU uses explicit ACC_USER_EXEC_MASK/shadow_xu_mask even for the non-nested EPT; the only difference is that ACC_USER_EXEC_MASK and ACC_EXEC_MASK will always be set in tandem outside the nested scenario. Tested-by: David Riley Signed-off-by: Paolo Bonzini Reviewed-by: Maxim Levitsky --- arch/x86/kvm/mmu/mmu.c | 13 +++++++++++-- arch/x86/kvm/mmu/paging_tmpl.h | 27 +++++++++++++++++++++------ arch/x86/kvm/mmu/spte.h | 2 ++ arch/x86/kvm/vmx/nested.c | 9 +++++++++ 4 files changed, 43 insertions(+), 8 deletions(-) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 156050e22329..a5b68f18b220 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -5570,7 +5570,6 @@ static void update_permission_bitmask(struct kvm_mmu = *mmu, bool ept) { unsigned index; =20 - const u16 x =3D ACC_BITS_MASK(ACC_EXEC_MASK); const u16 w =3D ACC_BITS_MASK(ACC_WRITE_MASK); const u16 r =3D ACC_BITS_MASK(ACC_READ_MASK); =20 @@ -5611,8 +5610,18 @@ static void update_permission_bitmask(struct kvm_mmu= *mmu, bool ept) u16 smapf =3D 0; =20 if (ept) { - ff =3D (pfec & PFERR_FETCH_MASK) ? (u16)~x : 0; + const u16 xs =3D ACC_BITS_MASK(ACC_EXEC_MASK); + const u16 xu =3D ACC_BITS_MASK(ACC_USER_EXEC_MASK); + + if (pfec & PFERR_FETCH_MASK) { + /* Ignore XU unless MBEC is enabled. */ + if (cr4_smep) + ff =3D pfec & PFERR_USER_MASK ? (u16)~xu : (u16)~xs; + else + ff =3D (u16)~xs; + } } else { + const u16 x =3D ACC_BITS_MASK(ACC_EXEC_MASK); const u16 u =3D ACC_BITS_MASK(ACC_USER_MASK); =20 /* Faults from kernel mode accesses to user pages */ diff --git a/arch/x86/kvm/mmu/paging_tmpl.h b/arch/x86/kvm/mmu/paging_tmpl.h index d4ce55195a7c..f741f7d4cc2d 100644 --- a/arch/x86/kvm/mmu/paging_tmpl.h +++ b/arch/x86/kvm/mmu/paging_tmpl.h @@ -124,12 +124,17 @@ static inline void FNAME(protect_clean_gpte)(struct k= vm_mmu *mmu, unsigned *acce *access &=3D mask; } =20 -static inline int FNAME(is_present_gpte)(unsigned long pte) +static inline int FNAME(is_present_gpte)(struct kvm_mmu *mmu, + unsigned long pte) { #if PTTYPE !=3D PTTYPE_EPT return pte & PT_PRESENT_MASK; #else - return pte & 7; + /* + * For EPT, an entry is present if any of bits 2:0 are set. + * With mode-based execute control, bit 10 also indicates presence. + */ + return pte & (7 | (mmu_has_mbec(mmu) ? VMX_EPT_USER_EXECUTABLE_MASK : 0)); #endif } =20 @@ -152,7 +157,7 @@ static bool FNAME(prefetch_invalid_gpte)(struct kvm_vcp= u *vcpu, struct kvm_mmu_page *sp, u64 *spte, u64 gpte) { - if (!FNAME(is_present_gpte)(gpte)) + if (!FNAME(is_present_gpte)(vcpu->arch.mmu, gpte)) goto no_present; =20 /* Prefetch only accessed entries (unless A/D bits are disabled). */ @@ -173,10 +178,17 @@ static bool FNAME(prefetch_invalid_gpte)(struct kvm_v= cpu *vcpu, static inline unsigned FNAME(gpte_access)(u64 gpte) { unsigned access; + /* + * Set bits in ACC_*_MASK even if they might not be used in the + * actual checks. For example, if EFER.NX is clear permission_fault() + * will ignore ACC_EXEC_MASK, and if MBEC is disabled it will + * ignore ACC_USER_EXEC_MASK. + */ #if PTTYPE =3D=3D PTTYPE_EPT access =3D ((gpte & VMX_EPT_WRITABLE_MASK) ? ACC_WRITE_MASK : 0) | ((gpte & VMX_EPT_EXECUTABLE_MASK) ? ACC_EXEC_MASK : 0) | - ((gpte & VMX_EPT_READABLE_MASK) ? ACC_READ_MASK : 0); + ((gpte & VMX_EPT_READABLE_MASK) ? ACC_READ_MASK : 0) | + ((gpte & VMX_EPT_USER_EXECUTABLE_MASK) ? ACC_USER_EXEC_MASK : 0); #else /* * P is set here, so the page is always readable and W/U/!NX represent @@ -331,7 +343,7 @@ static int FNAME(walk_addr_generic)(struct guest_walker= *walker, if (walker->level =3D=3D PT32E_ROOT_LEVEL) { pte =3D mmu->get_pdptr(vcpu, (addr >> 30) & 3); trace_kvm_mmu_paging_element(pte, walker->level); - if (!FNAME(is_present_gpte)(pte)) + if (!FNAME(is_present_gpte)(mmu, pte)) goto error; --walker->level; } @@ -414,7 +426,7 @@ static int FNAME(walk_addr_generic)(struct guest_walker= *walker, */ pte_access =3D pt_access & (pte ^ walk_nx_mask); =20 - if (unlikely(!FNAME(is_present_gpte)(pte))) + if (unlikely(!FNAME(is_present_gpte)(mmu, pte))) goto error; =20 if (unlikely(FNAME(is_rsvd_bits_set)(mmu, pte, walker->level))) { @@ -521,6 +533,9 @@ static int FNAME(walk_addr_generic)(struct guest_walker= *walker, * ACC_*_MASK flags! */ walker->fault.exit_qualification |=3D EPT_VIOLATION_RWX_TO_PROT(pte_acce= ss); + if (mmu_has_mbec(mmu)) + walker->fault.exit_qualification |=3D + EPT_VIOLATION_USER_EXEC_TO_PROT(pte_access); } #endif walker->fault.address =3D addr; diff --git a/arch/x86/kvm/mmu/spte.h b/arch/x86/kvm/mmu/spte.h index f5261d993eac..fe9571837fee 100644 --- a/arch/x86/kvm/mmu/spte.h +++ b/arch/x86/kvm/mmu/spte.h @@ -395,6 +395,8 @@ static inline bool __is_rsvd_bits_set(struct rsvd_bits_= validate *rsvd_check, static inline bool __is_bad_mt_xwr(struct rsvd_bits_validate *rsvd_check, u64 pte) { + if (pte & VMX_EPT_USER_EXECUTABLE_MASK) + pte |=3D VMX_EPT_EXECUTABLE_MASK; return rsvd_check->bad_mt_xwr & BIT_ULL(pte & 0x3f); } =20 diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 46b65475765d..84f5c25a1f12 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -7452,6 +7452,15 @@ static gpa_t vmx_translate_nested_gpa(struct kvm_vcp= u *vcpu, gpa_t gpa, struct kvm_mmu *mmu =3D vcpu->arch.mmu; =20 BUG_ON(!mmu_is_nested(vcpu)); + + /* + * MBEC differentiates based on the effective U/S bit of + * the guest page tables; not the processor CPL. + */ + access &=3D ~PFERR_USER_MASK; + if ((pte_access & ACC_USER_MASK) && (access & PFERR_GUEST_FINAL_MASK)) + access |=3D PFERR_USER_MASK; + return mmu->gva_to_gpa(vcpu, mmu, gpa, access, exception); } =20 --=20 2.54.0 From nobody Fri Jun 12 08:48:46 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EDA5F4C77A7 for ; Tue, 5 May 2026 19:53:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010800; cv=none; b=YRHxtzWpOR7HAgyJ+it2PJHi5+iZx7wqqdNCfMqfjeQzu0ztSMIm62aoC7LaSQn+CGDsYc1fdvGXbkBxKamkdjJwDuphvEvNA5HfADtxEWCWARnQZa/hTA+GIzYnMq+Cnh97bVfd+D8GSKNBJa3cSwWx1NIiY0wjvNTNfsSrJRw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010800; c=relaxed/simple; bh=hlFbZLuDctOr5fRl9zPu6wXHpmzUeN74wXoDTN0J3eU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Apnvp46nK4MMvCrlQ5d5XOBu3uW1oPAibGN4Io2KLuHa0FDCsNOpatyJ50sNUCtY4xvJ2bDt1zHOVkg0yA1Vx9pLVcexOnpgMnHQApHwGQ5xss/WoXIaH7qHswN8sgtYvPK2x5lBcpNE26nDu5X7wZOqBhpqpN0i+qoFk2in78A= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=KMv4/iZV; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=GgolTBct; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="KMv4/iZV"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="GgolTBct" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778010798; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=otDQpVDmvckURKbD5WKZEO96KuUH2bQ7UgJHC9+Btxk=; b=KMv4/iZVAFxZd1cTBTvlJ64t3pzamhRm2EvaVHBZswozP/zRw52YS5nMm9q5Jx5WdxOmUH BvO4k1enz44FDL3xgZmxaqHyKpnGqaJ5r6PNYJFzdupl+8n41RVgTOgNkE0CDiTO4w9e67 M4Vp+iIqCoKsbLyFTIQnAsnKhFi8f3c= Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-472-_J9c4NnKPJWKMkyBwvWo4Q-1; Tue, 05 May 2026 15:53:16 -0400 X-MC-Unique: _J9c4NnKPJWKMkyBwvWo4Q-1 X-Mimecast-MFC-AGG-ID: _J9c4NnKPJWKMkyBwvWo4Q_1778010796 Received: by mail-wm1-f70.google.com with SMTP id 5b1f17b1804b1-488f973ddfeso41387515e9.3 for ; Tue, 05 May 2026 12:53:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1778010795; x=1778615595; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=otDQpVDmvckURKbD5WKZEO96KuUH2bQ7UgJHC9+Btxk=; b=GgolTBctObFHFGxFEwVyCZmVy0A7b2S2fFV2mg3mhkbW3ruJQrbSztot6pqS9+e4g5 7LSrH5ElJefiAYy99kjsY3wnal1PCJvlNVbNV8NDhr4Pk3gZumu7p8hOqekEzDcpUIyy TSCHmLfr6Hh17V0g2fgNiN2x094QBBM2d5FQz2Iqe64ZwtiI7vHM80/GXzEeAK0+ct8m VuImQx+cPJBwxZDZuboxfQ7OLT/miF56E9aCCM/12E6Tb7y6FP8MpKjJIm2Zs7cJr5l/ /FRUpORKS0UPLyEHACYBPEmEvViV21J8Dg3lYeu/gDT/iRtgy7Wqq51j5sf5+gPaE/FY nlfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778010795; x=1778615595; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=otDQpVDmvckURKbD5WKZEO96KuUH2bQ7UgJHC9+Btxk=; b=dY0SH97YS8D7Z7vVBczVVvztBf7rrHVLERDzsDdw35/qShH6mmo1/+d74rZzYtp7X+ kW7WqRs6+4+mqVjjL39jzufWTuuodwitoVRge1TEkLQHc0O6LPxv5ycF0AyfSxOjbmbM rOF1U14V9FNpaez9qe3LlquqlbEndS95UvCWtD49gQNt1EbRdfKpBeIoVRMSocykKlAu vUhq3dy4T8o5Ih39gY8X+Lypa5H+lb91gWz5oHuBc9Czrih1Lhpst5mXpYRpFtsWWOnX qoWn8DRcTl7JLuTSndqHPLdTncQXHXuPBHgHLJ8scSc0jQgRaK+YQdqm+lrZIXIBJQSN h3VQ== X-Gm-Message-State: AOJu0YxKNiykGrKFH/zcVub51LGue29/blgUZ4U7BFo86wBRv/TpaGB1 T0HnPAmEXLb2sjsZvpVQy+CKJYca6wbQThvNdInqlrzgfiZsL4z+zwBAhozDXcVxYCDKmfONo5r hOqKR46gYglhTIvCVjVdLdSKvkb+/2E2TK4CZPFTR9ZzvaWTww8mxy1zorg1bptU3NCjfSxDP7F IK3TWstOWysEAvi3bEytzNh7i14x9l67HtxGuYzX7R34qeSxX2ug== X-Gm-Gg: AeBDievwfEsBPVqC43E1LVuyQ5gcxH2wVcnqjkSomVROel56LwPNjBOA3KUFNUX184I 9ySkz5x3ztJ5DOi/QkyLlSJyvBkI3cYXjf2rgUyPWH4WWnc2AbYGWcqWOmn1U7t6b89utxq1OSO w0F7YOiKrd+MzJ1zBppMO54N4gZ9tJWJPfPdvusot48dBzDWV5qY1FmDazg3ihDWEdkVNNNzO0a vbuVc6F87+C1ep4VT8R/sSUB1XnSrliZ8qoBIpHj2LFsinCKh2AfkaPm+I4oXSdH0X0PxovLsPO Awe+UGUoK3vIDjdVH/YLaUulX85a+U5se3Za2p7puXQms4rZN8hYNQFa6HineMGxJ99neYigfg4 O4sp8yJpfT7dGyiNXMElS3y1ZvBE+IcHqaF3KPzCp6ENknu+E7cfXJI7LI1sRgrtC511Ga+JLbT orXo0AWqWUWG21lOfKwwgJE8+ynFGzvOR/Z9ymd9E= X-Received: by 2002:a05:600c:2d16:b0:48a:72ab:f88c with SMTP id 5b1f17b1804b1-48e52be1069mr574835e9.17.1778010795334; Tue, 05 May 2026 12:53:15 -0700 (PDT) X-Received: by 2002:a05:600c:2d16:b0:48a:72ab:f88c with SMTP id 5b1f17b1804b1-48e52be1069mr574525e9.17.1778010794893; Tue, 05 May 2026 12:53:14 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48a824f9f0dsm405542435e9.15.2026.05.05.12.53.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 12:53:13 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: d.riley@proxmox.com, jon@nutanix.com Subject: [PATCH 19/28] KVM: nVMX: advertise MBEC to nested guests Date: Tue, 5 May 2026 21:52:17 +0200 Message-ID: <20260505195226.563317-20-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260505195226.563317-1-pbonzini@redhat.com> References: <20260505195226.563317-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Jon Kohler Advertise SECONDARY_EXEC_MODE_BASED_EPT_EXEC (MBEC) to userspace, which allows userspace to expose and advertise the feature to the guest. When MBEC is enabled by the guest, it is passed to the MMU via cr4_smep, and to the processor by the merging of vmcs12->secondary_vm_exec_control into the VMCS02's secondary VM execution controls. Signed-off-by: Jon Kohler Message-ID: <20251223054806.1611168-9-jon@nutanix.com> Tested-by: David Riley Signed-off-by: Paolo Bonzini Reviewed-by: Maxim Levitsky --- arch/x86/kvm/mmu.h | 2 +- arch/x86/kvm/mmu/mmu.c | 7 ++++--- arch/x86/kvm/mmu/spte.c | 10 ++++++---- arch/x86/kvm/vmx/nested.c | 11 +++++++++++ 4 files changed, 22 insertions(+), 8 deletions(-) diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h index 23bc5b18efd0..e1e3869f568b 100644 --- a/arch/x86/kvm/mmu.h +++ b/arch/x86/kvm/mmu.h @@ -100,7 +100,7 @@ void kvm_init_shadow_npt_mmu(struct kvm_vcpu *vcpu, uns= igned long cr0, unsigned long cr4, u64 efer, gpa_t nested_cr3); void kvm_init_shadow_ept_mmu(struct kvm_vcpu *vcpu, bool execonly, int huge_page_level, bool accessed_dirty, - gpa_t new_eptp); + bool mbec, gpa_t new_eptp); bool kvm_can_do_async_pf(struct kvm_vcpu *vcpu); int kvm_handle_page_fault(struct kvm_vcpu *vcpu, u64 error_code, u64 fault_address, char *insn, int insn_len); diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index a5b68f18b220..ededc26c6675 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -5959,7 +5959,7 @@ EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_init_shadow_npt_mm= u); =20 static union kvm_cpu_role kvm_calc_shadow_ept_root_page_role(struct kvm_vcpu *vcpu, bool accessed_di= rty, - bool execonly, u8 level) + bool execonly, u8 level, bool mbec) { union kvm_cpu_role role =3D {0}; =20 @@ -5969,6 +5969,7 @@ kvm_calc_shadow_ept_root_page_role(struct kvm_vcpu *v= cpu, bool accessed_dirty, */ WARN_ON_ONCE(is_smm(vcpu)); role.base.level =3D level; + role.base.cr4_smep =3D mbec; role.base.has_4_byte_gpte =3D false; role.base.direct =3D false; role.base.ad_disabled =3D !accessed_dirty; @@ -5984,13 +5985,13 @@ kvm_calc_shadow_ept_root_page_role(struct kvm_vcpu = *vcpu, bool accessed_dirty, =20 void kvm_init_shadow_ept_mmu(struct kvm_vcpu *vcpu, bool execonly, int huge_page_level, bool accessed_dirty, - gpa_t new_eptp) + bool mbec, gpa_t new_eptp) { struct kvm_mmu *context =3D &vcpu->arch.guest_mmu; u8 level =3D vmx_eptp_page_walk_level(new_eptp); union kvm_cpu_role new_mode =3D kvm_calc_shadow_ept_root_page_role(vcpu, accessed_dirty, - execonly, level); + execonly, level, mbec); =20 if (new_mode.as_u64 !=3D context->cpu_role.as_u64) { /* EPT, and thus nested EPT, does not consume CR0, CR4, nor EFER. */ diff --git a/arch/x86/kvm/mmu/spte.c b/arch/x86/kvm/mmu/spte.c index f41573b0ccfa..d2f5f7dd8fe1 100644 --- a/arch/x86/kvm/mmu/spte.c +++ b/arch/x86/kvm/mmu/spte.c @@ -517,10 +517,12 @@ void kvm_mmu_set_ept_masks(bool has_ad_bits) * host's MBEC setting does not matter. On hardware without MBEC * the XU bit is reserved-as-ignored, and setting it does no harm. * - * For nested EPT MBEC is not supported, but bit 10 of the gPTE has - * no effect because (a) is_present_gpte() does not treat it as a - * present bit, and (b) permission_fault() uses an mmu->permissions[] - * array that effectively ignores ACC_USER_EXEC_MASK. + * For nested EPT, when MBEC is disabled by L1, correctness relies + * on (a) ignoring bit 10 of the gPTE in is_present_gpte(), rather + * than treating it as a present bit, and (b) permission_fault() + * using an mmu->permissions[] array that effectively ignores + * ACC_USER_EXEC_MASK. Bit 10 of the gPTE does end up mirrored + * in the sPTEs but is ignored because L2 runs with MBEC disabled. */ shadow_xu_mask =3D VMX_EPT_USER_EXECUTABLE_MASK; shadow_present_mask =3D VMX_EPT_SUPPRESS_VE_BIT; diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 84f5c25a1f12..bc1046f32ebc 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -469,6 +469,13 @@ static void nested_ept_inject_page_fault(struct kvm_vc= pu *vcpu, vmcs12->guest_physical_address =3D fault->address; } =20 +static inline bool nested_ept_mbec_enabled(struct kvm_vcpu *vcpu) +{ + struct vmcs12 *vmcs12 =3D get_vmcs12(vcpu); + + return nested_cpu_has2(vmcs12, SECONDARY_EXEC_MODE_BASED_EPT_EXEC); +} + static void nested_ept_new_eptp(struct kvm_vcpu *vcpu) { struct vcpu_vmx *vmx =3D to_vmx(vcpu); @@ -477,6 +484,7 @@ static void nested_ept_new_eptp(struct kvm_vcpu *vcpu) =20 kvm_init_shadow_ept_mmu(vcpu, execonly, ept_lpage_level, nested_ept_ad_enabled(vcpu), + nested_ept_mbec_enabled(vcpu), nested_ept_get_eptp(vcpu)); } =20 @@ -7257,6 +7265,9 @@ static void nested_vmx_setup_secondary_ctls(u32 ept_c= aps, msrs->ept_caps |=3D VMX_EPT_AD_BIT; } =20 + if (enable_mbec) + msrs->secondary_ctls_high |=3D + SECONDARY_EXEC_MODE_BASED_EPT_EXEC; /* * Advertise EPTP switching irrespective of hardware support, * KVM emulates it in software so long as VMFUNC is supported. --=20 2.54.0 From nobody Fri Jun 12 08:48:46 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A5B554C77C8 for ; Tue, 5 May 2026 19:53:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010804; cv=none; b=CLyJ8n6/gddj3pohNq7ctsZ7Zdl0hDu1cJDc7uZCRd/YJV9pzy9EFZKOZPAp2Zyb7r4KhLpb5oCKgWevzmJUZumYUMLc3gC+NbhDwoswUOkh8zbXvhkNlcOtspC0aAG25KH1DORg320LJF7DyE7/ZpIz/9yjpI9hh9L20bGmRnY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010804; c=relaxed/simple; bh=D1zhYJbBOB61+H4UZMjf4+jfU+wYM//h7gA0HvL14Fo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=eqqliuhHEDQuRPVrThi+i0FnNxRznQX9+zqS+4/qGD4FxhqUjTKTe4BAf261ZpPGiK09bzzOHWiT6dzX7vGRNwVoSczkmxst0vd0VGJoS+3YyvptEtRJUeZ8xensxBAUTDttv5gdVTptLADTdVsD/V/0aMSrOublYfXHeoXb5sQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=KJN/asoM; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=M2DkgFNq; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="KJN/asoM"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="M2DkgFNq" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778010801; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ul+fnq/919TIDb0iApWQrJPuaWdJH8uA/BhpwtXzr+4=; b=KJN/asoM01UH5r8YUJkKUC9xcQlf78l4RG9wjNdYSHXwsLOP1fjhQHrIFRmZkA84RTE4ny nI1j9rB1B+DSVmoD53TrY4lcA2m9Amcs4mT5GfdU5P2LsZYUYexZguNOVBwHt/3ueYHax9 wUsaxW/Rk9gngzYAr/7PFnTnVQwvaZY= Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-339-SG-xicNbMQePxTW6VlqROQ-1; Tue, 05 May 2026 15:53:19 -0400 X-MC-Unique: SG-xicNbMQePxTW6VlqROQ-1 X-Mimecast-MFC-AGG-ID: SG-xicNbMQePxTW6VlqROQ_1778010798 Received: by mail-wm1-f71.google.com with SMTP id 5b1f17b1804b1-4837bfcfe0dso70678875e9.1 for ; Tue, 05 May 2026 12:53:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1778010797; x=1778615597; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ul+fnq/919TIDb0iApWQrJPuaWdJH8uA/BhpwtXzr+4=; b=M2DkgFNqsXOf+8PAtorlEYVCNfT2G81kdyoqVnflLAz7sPoyhXMbfnDMXmKbMkmOXV y8nL7O7TRnPuBOBDGx3+K3+KF1B9R1w/lL/xE9yo7IVTMX2Z94IZUr/AJDDsvU1bVwI6 k/i6RNyhu+iX4ZZL3K/B8F05ApKsXSQVhK8tZmsoNUWQHKgXUeLh6lRdb5gQG08ncgiZ ZmiyltLeDXlwu7MtoxVBpwH3ISRewMwTXvUfFBRaziEb6+qgC8HzUimF3JgrM9PKq9a4 e8yx272oFW9rvRrF165wNpHnSvBgvqNR2xVq0yIog6iGES9JpAEwWzVXYWtAVD+Pp/Uj zgzw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778010797; x=1778615597; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=ul+fnq/919TIDb0iApWQrJPuaWdJH8uA/BhpwtXzr+4=; b=o8TFXUSoMTbMaFy/2SZAldIyOhcaHIBFfFenz9IIVHm2HIsmAiNIO+4T4cjTEfVrsv tiP9Cu2W+cShXUt0GENIj5q7rOldUroTvAGwmQjQ32OtMc5Ur9dKhezCGNUAe969syai nAQBggrjLv6t9MJ21FLqug+fouWCn7Zr9t5yiqeiBSqx3CtyiudOrPIGq/xJPA7QGGus F97onet4cCyV97efFr9hdZTwWmO71TRYEFWnQtVQVJ/gaQfkdlVzibjX2wmbGLfN3GzV nv+dyzKaKAGdc9C6/jtD14KNUjot1AnTJDYYu0mxJufwVclUoApe/HFnY+lXkPdAezOe LX7Q== X-Gm-Message-State: AOJu0YwrLAuzqSmudZRyAc6jFHW0ZRSoZfWrmvU/6WBdHcC3FUOxEtwd xj+b8y+tBskOAnM2qhOgyBFKD/TdzElLExIvCQ9yNrgsTTfGSznbNQccDITf5qBVItNVXJLJThr feoSCyI+CT/TQnnFGKv1jgPUBjLC+/4YjXk1mfh9+fhafkCIy1drVmm6DVf8rv63ANEJwDthz03 0buawVcS+lkCQGyLpJ2suFXPhsRzwLDQP64o3KWNxF2ky71RkjBw== X-Gm-Gg: AeBDievnY64j6LgyGEibx2xUj3WSwF1xHP/F5MbaIjkzRzrnZI+O6TBLwj8qx8PneOZ bT102+G4tuu2iHTIva2X0y7X2a/NGQoEGpBr7Pg/Ktps5AsLGMuOWTJT99/JGuGHAyLFUweuFQ0 WW8Qsb883zMS52qvGlujFCLIPmgF48MHkReiNKc3V0fMKMoHJ2IhLCLAa6rFUwRRxGwYUckcwcH KvqM1lrOxVc58DvduyCZBLQ7BxantWoIsUpIRh0ALqpVy6cVsORrzw/NxYCoIfVJ3Jl5R8mlMMV Nw1nEIcHtaj0MxT9F6RzdVEVCdWcZe0gRUwRC2T7WKyQW9My4JNXGiCIavhsy6J0K3VRMf3/oYP 8wHljXmyhTGGCkftZGfnlfcuE/xWYYYyPpcWpyxPfgmY37mMy7WEcLxosq7swtHAxxE9NezRqWc H7fqcI5K/4d7U8dVJ2DUIOhYwtvWUTP2uarCl52TA= X-Received: by 2002:a05:600c:47d6:b0:489:1cda:bbb7 with SMTP id 5b1f17b1804b1-48e521d750fmr5444405e9.25.1778010797529; Tue, 05 May 2026 12:53:17 -0700 (PDT) X-Received: by 2002:a05:600c:47d6:b0:489:1cda:bbb7 with SMTP id 5b1f17b1804b1-48e521d750fmr5444215e9.25.1778010797109; Tue, 05 May 2026 12:53:17 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48e52859ac7sm1625355e9.1.2026.05.05.12.53.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 12:53:15 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: d.riley@proxmox.com, jon@nutanix.com Subject: [PATCH 20/28] KVM: nVMX: allow MBEC with EVMCS Date: Tue, 5 May 2026 21:52:18 +0200 Message-ID: <20260505195226.563317-21-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260505195226.563317-1-pbonzini@redhat.com> References: <20260505195226.563317-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Jon Kohler Extend EVMCS1_SUPPORTED_2NDEXEC to allow MBEC and EVMCS to coexist. Presenting both EVMCS and MBEC simultaneously causes KVM to filter out MBEC and not present it as a supported control to the guest, preventing performance gains from MBEC when Windows HVCI is enabled. The guest may choose not to use MBEC (e.g., if the admin does not enable Windows HVCI / Memory Integrity), but if they use traditional nested virt (Hyper-V, WSL2, etc.), having EVMCS exposed is important for improving nested guest performance. IOW allowing MBEC and EVMCS to coexist provides maximum optionality to Windows users without overcomplicating VM administration. Signed-off-by: Jon Kohler Message-ID: <20251223054806.1611168-8-jon@nutanix.com> Tested-by: David Riley Signed-off-by: Paolo Bonzini Reviewed-by: Maxim Levitsky --- arch/x86/kvm/vmx/hyperv_evmcs.h | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/kvm/vmx/hyperv_evmcs.h b/arch/x86/kvm/vmx/hyperv_evmc= s.h index fc7c4e7bd1bf..bc08fe40590e 100644 --- a/arch/x86/kvm/vmx/hyperv_evmcs.h +++ b/arch/x86/kvm/vmx/hyperv_evmcs.h @@ -87,6 +87,7 @@ SECONDARY_EXEC_PT_CONCEAL_VMX | \ SECONDARY_EXEC_BUS_LOCK_DETECTION | \ SECONDARY_EXEC_NOTIFY_VM_EXITING | \ + SECONDARY_EXEC_MODE_BASED_EPT_EXEC | \ SECONDARY_EXEC_ENCLS_EXITING) =20 #define EVMCS1_SUPPORTED_3RDEXEC (0ULL) --=20 2.54.0 From nobody Fri Jun 12 08:48:46 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1945A3CAE9C for ; Tue, 5 May 2026 19:53:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010805; cv=none; b=thdarBoFsPXQkulpEWPDtQDssBfgkD0vgucM5eLane3GkdB1Jtxo2AUFXlS9aG18go/hssm91RuTgdrT7jnUEwOPXX+sY9IlWfRkyaQqtqpbZM43rXlsXAz8/LkMCxYQK2j5t6MFE7Nhpe9DpLN8vxmV9AqDEEV09RGv5a2cvX4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010805; c=relaxed/simple; bh=1jWMGgRTEg1opvUDIp59sjNL13y+VIFP0obokyBO4ZE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=QT/wvRONSYK7IYKTAR4klGEYY1MwmSU1dOFzpCu9fBaXXpsyEcyIjqlFEIJ1rl+sqeysD/Gi6IIs6KlgNAgo/+fNjHJCcaaoUyh9scPTcn25x+G786KZrtmwUnJV3w4MhOsH3buf5IS1+4p25LRLzMDER7eyvEfP0YzPj88jVv8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=RIpFuKJT; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=LgpmqMbh; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="RIpFuKJT"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="LgpmqMbh" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778010803; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=1sjE0LXmhZZh2Pd32lUWWa6wdiPpKzGMu4qpIIcv7ig=; b=RIpFuKJTWgGN1M8fMFQqmgKNUavnyflDskfwUbyZdj2Sd5jBA68eO1x0T4ywgShgieqsgy OGaEBwWkbbstYpBxi3cR9oUgAmDamWOuiIyTBBVIMUkFhTB+UX4zpsvFUHDr2GLHrfOcXx IhhmTNpCWb3PclAafG491+Kr/9ymubc= Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-65-lNCXCM_5N62OH8Y2KWAHqg-1; Tue, 05 May 2026 15:53:22 -0400 X-MC-Unique: lNCXCM_5N62OH8Y2KWAHqg-1 X-Mimecast-MFC-AGG-ID: lNCXCM_5N62OH8Y2KWAHqg_1778010801 Received: by mail-wr1-f71.google.com with SMTP id ffacd0b85a97d-44d68ed8f95so116152f8f.1 for ; Tue, 05 May 2026 12:53:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1778010800; x=1778615600; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=1sjE0LXmhZZh2Pd32lUWWa6wdiPpKzGMu4qpIIcv7ig=; b=LgpmqMbhkFuUomuaiOIvHBP5e1BMLSb2fWFj67EaCV9+S5kmG8jTadt7nKgi7gPUOa JZ0vYCWTsxfVLALXbsfRH5BZrnWgS4wnwJXbNT9yAhrSRp5aXrY3/tJ3VpzTEAlB4dkY 4fYb9eF+wu5dHqJzH8Y4aFwRPZ0H5rzvpvUyvvoI6H7MSIJz7urVIDFmlQ3yY1AHwCL8 v3ykQHGmYlDN3WhxzfJnuFQZw1LvXv9s/1MsyD17i+eJLJSwxDDPFFmMPrUT4ZFGS3Ti m0tY8YPCWv/ELZYBRzyVr7JCwa3vyy9e3WIDnaZacFixs9YEnOrrzkm2JziCo5MVHfKP yt+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778010800; x=1778615600; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=1sjE0LXmhZZh2Pd32lUWWa6wdiPpKzGMu4qpIIcv7ig=; b=H0TTB2mNWNIoBKQn7Hw3RsnbzuI4AKTjq7sUVOde4fADvfqs5O/HXMIPU2VnaeA92W sRCbXvZiaCkkg0Wc06zSdfgVORpXIK141dI+C5Au300KorBeKDSti4IOBQBVB5m2d8EC QZh91xw8ria87vK8EO/CczU9Il/G6BaBryFXE6lbNmemqy346U+vA2W+u63YVN+gvpKJ 1PiVJbi3tJ2DiOBm933FViPWI7hP6OjuJUkMi+iRTu+j3/6/9BKNKnaw9+Vmh6pYYbQO /TPsdVXN7ap9oAggaYBNhZ6E09jCA+Gyn/EbyVHkK6qR/YsBok6OXYIsY0xkwy9aYOyB R38w== X-Gm-Message-State: AOJu0Yy3ULv1wmEzPpJElGOPUIHSgeIqp0tM3xaqtQ5okyqMFIS+X5xI K+ybMhH8vI5Z1AVIySOg8MEn2gSZ1fEFRmSmlrMmEooO7UXnx4z/k0EKrOudpa/Qkb5MsWFIk5j ddBBH7w3PJmAB+2O7GNfZWwd9ZSAJeigPWTkYUNNjknFby4ixsCvO7z9174r9fW0Z8EZLIUbF7B 6zY83xpQS2GEvk0QThrgCGjHUYuZKe9kShby9Ls3GlVqcCtWmagw== X-Gm-Gg: AeBDiev8cRyBEE5uFqjHlmmKL9sYKfpqsJyrOn0u3d+P0WLigw4OC+Z6KciAstVa5RO NCPW0N+ftKZahxv3UjOqtWGg+cM61ej47P/QKpwvGDJ4Q/qL48QZW/JmrM+Tds8GlpZ8GQlsCdR Uay2F0Am5HpXBYSJAnJt+fF/PPT3OXSRvHQVW7N9+9IdnTZCPy+SN+zvPW5ECh63SH7zIYGUe8w B6+3KUa0iOv2wQCk3knmycFvAXB4S0ZYrQtq2YuQmonentRrDksRXQnNbSYfawZNbJXohETgKjQ U94vuF4/m1NkWhT1ULsT+F6gxRTHcVpXyd8baH97HYSOMVgLPI0RqpWBqu3Qm02xOWEZHSnnBtE R/T9HHgG0Vem5hWIqSIOXPK5gcY2ETT4MNNhGuRdQgi+ZVhrSHdwbZ4+CFtY1w6qS/b8BExyYzk XoZj95GS9dK+sfdI/9gmlbVaDTMU3zk2KANobFbGY= X-Received: by 2002:a5d:648d:0:b0:43f:e571:184d with SMTP id ffacd0b85a97d-44fdfca6e24mr5879574f8f.28.1778010800181; Tue, 05 May 2026 12:53:20 -0700 (PDT) X-Received: by 2002:a5d:648d:0:b0:43f:e571:184d with SMTP id ffacd0b85a97d-44fdfca6e24mr5879548f8f.28.1778010799712; Tue, 05 May 2026 12:53:19 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-45055960811sm7094001f8f.27.2026.05.05.12.53.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 12:53:18 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: d.riley@proxmox.com, jon@nutanix.com Subject: [PATCH 21/28] KVM: x86/mmu: propagate access mask from root pages down Date: Tue, 5 May 2026 21:52:19 +0200 Message-ID: <20260505195226.563317-22-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260505195226.563317-1-pbonzini@redhat.com> References: <20260505195226.563317-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Until now, all SPTEs have had all kinds of access allowed; however, for GMET to be enabled all the pages have to have ACC_USER_MASK disabled. By marking them as supervisor pages, the processor allows execution from either user or supervisor mode (unlike for normal paging, NPT ignores the U bit for reads and writes). That will mean that the root page's role has ACC_USER_MASK cleared and that has to be propagated down through the kvm_mmu_page tree. Do that, and pass the required access to the kvm_mmu_spte_requested tracepoint since it's not ACC_ALL anymore. Tested-by: David Riley Signed-off-by: Paolo Bonzini Reviewed-by: Maxim Levitsky --- arch/x86/kvm/mmu/mmu.c | 9 +++++---- arch/x86/kvm/mmu/mmutrace.h | 10 ++++++---- arch/x86/kvm/mmu/paging_tmpl.h | 2 +- arch/x86/kvm/mmu/tdp_mmu.c | 6 +++--- 4 files changed, 15 insertions(+), 12 deletions(-) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index ededc26c6675..156bab8afbc6 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -3446,12 +3446,13 @@ static int direct_map(struct kvm_vcpu *vcpu, struct= kvm_page_fault *fault) { struct kvm_shadow_walk_iterator it; struct kvm_mmu_page *sp; - int ret; + int ret, access; gfn_t base_gfn =3D fault->gfn; =20 kvm_mmu_hugepage_adjust(vcpu, fault); =20 - trace_kvm_mmu_spte_requested(fault); + access =3D vcpu->arch.mmu->root_role.access; + trace_kvm_mmu_spte_requested(fault, access); for_each_shadow_entry(vcpu, fault->addr, it) { /* * We cannot overwrite existing page tables with an NX @@ -3464,7 +3465,7 @@ static int direct_map(struct kvm_vcpu *vcpu, struct k= vm_page_fault *fault) if (it.level =3D=3D fault->goal_level) break; =20 - sp =3D kvm_mmu_get_child_sp(vcpu, it.sptep, base_gfn, true, ACC_ALL); + sp =3D kvm_mmu_get_child_sp(vcpu, it.sptep, base_gfn, true, access); if (sp =3D=3D ERR_PTR(-EEXIST)) continue; =20 @@ -3477,7 +3478,7 @@ static int direct_map(struct kvm_vcpu *vcpu, struct k= vm_page_fault *fault) if (WARN_ON_ONCE(it.level !=3D fault->goal_level)) return -EFAULT; =20 - ret =3D mmu_set_spte(vcpu, fault->slot, it.sptep, ACC_ALL, + ret =3D mmu_set_spte(vcpu, fault->slot, it.sptep, access, base_gfn, fault->pfn, fault); if (ret =3D=3D RET_PF_SPURIOUS) return ret; diff --git a/arch/x86/kvm/mmu/mmutrace.h b/arch/x86/kvm/mmu/mmutrace.h index 3429c1413f42..fa01719baf8d 100644 --- a/arch/x86/kvm/mmu/mmutrace.h +++ b/arch/x86/kvm/mmu/mmutrace.h @@ -373,23 +373,25 @@ TRACE_EVENT( =20 TRACE_EVENT( kvm_mmu_spte_requested, - TP_PROTO(struct kvm_page_fault *fault), - TP_ARGS(fault), + TP_PROTO(struct kvm_page_fault *fault, u8 access), + TP_ARGS(fault, access), =20 TP_STRUCT__entry( __field(u64, gfn) __field(u64, pfn) __field(u8, level) + __field(u8, access) ), =20 TP_fast_assign( __entry->gfn =3D fault->gfn; __entry->pfn =3D fault->pfn | (fault->gfn & (KVM_PAGES_PER_HPAGE(fault->= goal_level) - 1)); __entry->level =3D fault->goal_level; + __entry->access =3D access; ), =20 - TP_printk("gfn %llx pfn %llx level %d", - __entry->gfn, __entry->pfn, __entry->level + TP_printk("gfn %llx pfn %llx level %d access %x", + __entry->gfn, __entry->pfn, __entry->level, __entry->access ) ); =20 diff --git a/arch/x86/kvm/mmu/paging_tmpl.h b/arch/x86/kvm/mmu/paging_tmpl.h index f741f7d4cc2d..047400af924d 100644 --- a/arch/x86/kvm/mmu/paging_tmpl.h +++ b/arch/x86/kvm/mmu/paging_tmpl.h @@ -734,7 +734,7 @@ static int FNAME(fetch)(struct kvm_vcpu *vcpu, struct k= vm_page_fault *fault, */ kvm_mmu_hugepage_adjust(vcpu, fault); =20 - trace_kvm_mmu_spte_requested(fault); + trace_kvm_mmu_spte_requested(fault, gw->pte_access); =20 for (; shadow_walk_okay(&it); shadow_walk_next(&it)) { /* diff --git a/arch/x86/kvm/mmu/tdp_mmu.c b/arch/x86/kvm/mmu/tdp_mmu.c index 7b1102d26f9c..5a2f8ce9a32b 100644 --- a/arch/x86/kvm/mmu/tdp_mmu.c +++ b/arch/x86/kvm/mmu/tdp_mmu.c @@ -1185,9 +1185,9 @@ static int tdp_mmu_map_handle_target_level(struct kvm= _vcpu *vcpu, } =20 if (unlikely(!fault->slot)) - new_spte =3D make_mmio_spte(vcpu, iter->gfn, ACC_ALL); + new_spte =3D make_mmio_spte(vcpu, iter->gfn, sp->role.access); else - wrprot =3D make_spte(vcpu, sp, fault->slot, ACC_ALL, iter->gfn, + wrprot =3D make_spte(vcpu, sp, fault->slot, sp->role.access, iter->gfn, fault->pfn, iter->old_spte, fault->prefetch, false, fault->map_writable, &new_spte); =20 @@ -1272,7 +1272,7 @@ int kvm_tdp_mmu_map(struct kvm_vcpu *vcpu, struct kvm= _page_fault *fault) =20 kvm_mmu_hugepage_adjust(vcpu, fault); =20 - trace_kvm_mmu_spte_requested(fault); + trace_kvm_mmu_spte_requested(fault, root->role.access); =20 rcu_read_lock(); =20 --=20 2.54.0 From nobody Fri Jun 12 08:48:46 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 42CBD4C8FFD for ; Tue, 5 May 2026 19:53:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010809; cv=none; b=MQSqstKbVfnjXqmd1kmDM+8yqGlomKz6mtRpoN3u2HPjX2wAbDn9JoXzaxgJlWEugEy8jL8DbLlA0d0ryldRvIZyuXjm0OIfooDvi1xJEMs+PKzXzIErmtEf0Y99VI+Z2igLdq5Fbz6fS5Lt7fSv0fIyaZI423gckWGZv+IP69I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010809; c=relaxed/simple; bh=FT9lcQD+L3zkH5bBSP7K/9dmqFtECa8WPyBrQGjSER4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=urAsj1gx7C/pLSJ9LyD6RfhbaCPpeKFtZfeTJx5xRTHSM+H3nFccqs//meAs3tx49lnE6mGfsnNLRgDkwTBX2BySUtEAHo3PwcZ+FW8Ny3KddfI8qZWZPp4AXE8zBBTwdNDZ7L3j/N3famoFirknntqV4yljmH7rMvZ633RQYos= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=KHLjMazj; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=N5Bu7/+q; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="KHLjMazj"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="N5Bu7/+q" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778010807; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JW2NkdHUybOkD+rkbTyfynYD+3IdiQeIhLtvwGVvxoU=; b=KHLjMazjN7YcCXF6MGdjZ4SSEz3wQoQQplrusEjwS+nS1erdeZWUJLTzK7/8vIOnAINEcI SDjejmDAYOTKxGCyalqGLxl1T3Ew4xUYnt2qdpD5jX9trPcN6ookS62clKB6h4nz6Dhcdo 3Pi66MMJJurbY/LOy+SNYVvqYOy30UM= Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-275-nrY_KLBIO_W9NuPFn_tuZw-1; Tue, 05 May 2026 15:53:23 -0400 X-MC-Unique: nrY_KLBIO_W9NuPFn_tuZw-1 X-Mimecast-MFC-AGG-ID: nrY_KLBIO_W9NuPFn_tuZw_1778010803 Received: by mail-wr1-f71.google.com with SMTP id ffacd0b85a97d-4470d6d2a4fso6422072f8f.1 for ; Tue, 05 May 2026 12:53:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1778010802; x=1778615602; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=JW2NkdHUybOkD+rkbTyfynYD+3IdiQeIhLtvwGVvxoU=; b=N5Bu7/+qVHphwdpSrW2bQHGOqT/Ivc0PyraRpK9SJ0aHIF0Ole6/1JRIKQRqXiK6xM AGZZidz2fNvbuzkMZI0Gf2fIN6VBSlmnhVbq2HIQCxA66kAzIn0OehG40k3IFa6lL0hU QpE+q3ROiMSrnQs5C1MfJ/hSuEjor5hk/VYnosMozPmOuICIzybTgO3pilYSyO3OUH6v DB1EVEChr+fYzo1sSLmwFs+kd/ABKC5/xsUI9LHTN37drgpJvniJIMPMT1fhbDA1+rRC MD4BUpjwXJrc/YD4aeN2/roWPanTmDLhhDHzSVs+eWbVxz9dj6LIcXiXp486oCuTSXnA qGRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778010802; x=1778615602; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=JW2NkdHUybOkD+rkbTyfynYD+3IdiQeIhLtvwGVvxoU=; b=sghOrnq5cOlpzgBSQzMxBH0Guob9LQnMnK4rUykJQFG6ya9XscX8vI2wbFEKxg6h43 rdgJ5iXMBTOkx3RngIQeeoFVbGABnc8CwN6oeWQWtWSquwbkg9ryK8hZ7DrY0FXYczGO 6/tJ0zRe2+UPgVaOwISunzFwZ9COEjx1EY9+E3oEJeNRYNjGuwou2gOYveBg8RgrEYaN /uFAJxwmOT7ZCNRa8CPLA+ZG1POgzHdyEg07e1NTa71Q/7vKjYZMenywjPHfbEhjjAnP 421HS1Q3ZHeTr70lYQb3a6sEtF+wYdeZZi5/Vbmfja7V183CKEmQoz/yPDgVAX+0qe7+ Dtaw== X-Gm-Message-State: AOJu0Yzrl1ZQEAss2g5KGWeMJBuPSUau6GrX/Y+EOnDVJbk9rndXENfd 6Yemnon1/BYsJO0LZmUP8oMibvxatxA3cjfl89P2lu1IwCEHQfJxap+3ZdMOpKhN9dj/uKDOVlF pMHcTVJkfXTlI8hXEBSTPgGrt6JU6CMb+aaf3rFejIBRMcpKYPyht7U8+6wViBsXRf83JhkmFqA CLQOFDWZUP4I0o/V6RNN1+6Z4fynPHSoZqtcuXkBFy5s95CRjyFA== X-Gm-Gg: AeBDieuGptOoxv90RzjWh48OtaXGTJkmWmdfFIn5ISzeR6I/qmFvgC+zpM0CLYy+z1A PMs6aYooDjB7Ry6sYSEFnfsm7LgZlzc4PhCsXllGVQsRaKPDoXfqkjyZihR7qVGEcFPWDbY6BQo +KEJgaA8kJPalxh6rslryy4abU1IMYZXIrjHQLx2JYwbDzpZZIwgtRFsEN/yh/5JA+rRfWKxym5 MO2Y41A2TBkS6faDdI55+F0iTIGoHNULgP3Vy4jsZQD65jwg0Zn56DO0RHE7wDcQ0eoliLVuBVK eEixlQYVIJLl9UTZepXV+wD1h3ZCI8FVj5gxpaM5SDG2i+YWFJbZ7ldjEOybMCKy+t4Q8PGGztL 27yPgol4CDAQ0KM8BH2lUfeyV4SX5RPUu2lcP2Taqry5dz5wS5lNN14Cs0Qvar+nLUr0+FDzYDY d4fl/WP/yYPvh6is9V1iBFgS93yokn2UuY/zADWRs= X-Received: by 2002:a05:6000:2910:b0:449:9aee:4575 with SMTP id ffacd0b85a97d-4515d3dc459mr832496f8f.30.1778010802316; Tue, 05 May 2026 12:53:22 -0700 (PDT) X-Received: by 2002:a05:6000:2910:b0:449:9aee:4575 with SMTP id ffacd0b85a97d-4515d3dc459mr832454f8f.30.1778010801819; Tue, 05 May 2026 12:53:21 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4505558e213sm7083417f8f.25.2026.05.05.12.53.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 12:53:20 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: d.riley@proxmox.com, jon@nutanix.com Subject: [PATCH 22/28] KVM: x86/mmu: introduce cpu_role bit for availability of PFEC.I/D Date: Tue, 5 May 2026 21:52:20 +0200 Message-ID: <20260505195226.563317-23-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260505195226.563317-1-pbonzini@redhat.com> References: <20260505195226.563317-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" While GMET looks a lot like SMEP, it has several annoying differences. The main one is that the availability of the I/D bit in the page fault error code still depends on the host CR4.SMEP and EFER.NXE bits. If the base.cr4_smep bit of the cpu_role is (ab)used to enable GMET, there needs to be another place where the host CR4.SMEP is read from; just merge it with EFER.NXE into a new cpu_role bit that tells paging_tmpl.h whether to set the I/D bit at all. Tested-by: David Riley Signed-off-by: Paolo Bonzini --- arch/x86/include/asm/kvm_host.h | 7 +++++++ arch/x86/kvm/mmu/mmu.c | 8 ++++++++ arch/x86/kvm/mmu/paging_tmpl.h | 2 +- 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_hos= t.h index 23a7ac8d7fbe..7dde4ca87752 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -414,6 +414,13 @@ union kvm_mmu_extended_role { unsigned int cr4_smap:1; unsigned int cr4_la57:1; unsigned int efer_lma:1; + + /* + * True if either CR4.SMEP or EFER.NXE are set. For AMD NPT + * this is the "real" host CR4.SMEP whereas cr4_smep is + * actually GMET. + */ + unsigned int has_pferr_fetch:1; }; }; =20 diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 156bab8afbc6..912c8e97ef61 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -234,6 +234,11 @@ BUILD_MMU_ROLE_ACCESSOR(ext, cr4, la57); BUILD_MMU_ROLE_ACCESSOR(base, efer, nx); BUILD_MMU_ROLE_ACCESSOR(ext, efer, lma); =20 +static inline bool has_pferr_fetch(struct kvm_mmu *mmu) +{ + return mmu->cpu_role.ext.has_pferr_fetch; +} + static inline bool is_cr0_pg(struct kvm_mmu *mmu) { return mmu->cpu_role.base.level > 0; @@ -5793,6 +5798,8 @@ static union kvm_cpu_role kvm_calc_cpu_role(struct kv= m_vcpu *vcpu, role.ext.cr4_pke =3D ____is_efer_lma(regs) && ____is_cr4_pke(regs); role.ext.cr4_la57 =3D ____is_efer_lma(regs) && ____is_cr4_la57(regs); role.ext.efer_lma =3D ____is_efer_lma(regs); + + role.ext.has_pferr_fetch =3D role.base.efer_nx | role.base.cr4_smep; return role; } =20 @@ -5946,6 +5953,7 @@ void kvm_init_shadow_npt_mmu(struct kvm_vcpu *vcpu, u= nsigned long cr0, =20 /* NPT requires CR0.PG=3D1. */ WARN_ON_ONCE(cpu_role.base.direct || !cpu_role.base.guest_mode); + cpu_role.base.cr4_smep =3D false; =20 root_role =3D cpu_role.base; root_role.level =3D kvm_mmu_get_tdp_level(vcpu); diff --git a/arch/x86/kvm/mmu/paging_tmpl.h b/arch/x86/kvm/mmu/paging_tmpl.h index 047400af924d..07100bbfc270 100644 --- a/arch/x86/kvm/mmu/paging_tmpl.h +++ b/arch/x86/kvm/mmu/paging_tmpl.h @@ -489,7 +489,7 @@ static int FNAME(walk_addr_generic)(struct guest_walker= *walker, =20 error: errcode |=3D write_fault | user_fault; - if (fetch_fault && (is_efer_nx(mmu) || is_cr4_smep(mmu))) + if (fetch_fault && has_pferr_fetch(mmu)) errcode |=3D PFERR_FETCH_MASK; =20 walker->fault.vector =3D PF_VECTOR; --=20 2.54.0 From nobody Fri Jun 12 08:48:46 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 16C624C8FEF for ; Tue, 5 May 2026 19:53:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010810; cv=none; b=cCBlEs4tfLzRBawJqWkPsv2RiMNoht3f7iSKQnmXv09N2z5sRxNIETQJB5FSodZ7zqTp0RpcO1DQlbC72w/bbgBN8rolo0elH/o5+hbV97Lx5kxlWo6H6P9HJKJL+Ya0quW9EEHegskaohZB9hcFDpfBX2PGdr4OtzK8YdC0B/s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010810; c=relaxed/simple; bh=2pXIK+CdgvXVanR6B3Y07NvJzjvZnQ0FvEOa8rzUPic=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=I0aoIHlG20ON5gYQF+k2VfvZPAt0I26gf8pZ1WGXaTibpFAseHOMvlse5YwHW/MZV7XFha8Hs3b32/CwAtPwc4ZRWGXXc3B9SBqsHUJqaD3jiNMS51QDmAeOnxUhngQF2Ghf+kYsPJKN5iSEhzGNyG/qDCjnulstRWUNiTKvH9s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=aLTet4+C; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=XF7RvkxL; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="aLTet4+C"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="XF7RvkxL" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778010808; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=BCtnCZH8ZoKxZPeVUzWtK/UQekMVfj0snT68dwdPoMQ=; b=aLTet4+C4mwjx1qFlaZ1oKwzBXDUCEkOIE8fXpLXMR5Hy/eOlNJ/HuSMl7rEpL1YG1rLjM PBIAeS+RoWzQ4lMya2wTv5KU+dxma+wS2OdfGlSbECq5Cq+IUzZ1zi4gY9AWPRnuvjTMPA BocGQgXfYX7kRTTeCP0YO3yX9W8XbtE= Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-395-YG4sgCb_OZOPVJc4RFiBYw-1; Tue, 05 May 2026 15:53:27 -0400 X-MC-Unique: YG4sgCb_OZOPVJc4RFiBYw-1 X-Mimecast-MFC-AGG-ID: YG4sgCb_OZOPVJc4RFiBYw_1778010805 Received: by mail-wm1-f70.google.com with SMTP id 5b1f17b1804b1-486fa07f2bbso45226965e9.2 for ; Tue, 05 May 2026 12:53:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1778010804; x=1778615604; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=BCtnCZH8ZoKxZPeVUzWtK/UQekMVfj0snT68dwdPoMQ=; b=XF7RvkxLqpgwpitQW7+I6LC0SZcgdmSlGlwtyv7fsBf76nYHQg2PAQA1Sv8Vm/TbO5 d1TUTMw+p0hMqXl3Krcytr9d051Pq3qKGK7pZVLdhZWqgH/u+db2xh3Ie8NEU0r+Rcce H52e1zehCf3kjKGzsTDina8jEhWZqTD7VbTPN2lU0rkzsRlbklaQkIqtYo0ZQ/vSScn8 9vY0x4R1wte31Ddw4LZWNNV/zIG1eLUfs7BbcpEmhnlX7YHVubCf5PQJDLJiRF9zuobr gn/SOHn3DDgMEpp2OtdWOj2s6u9ELpLOmHMnTph2SXZ2UQXexPi9f2J3xzWbuAAx+Lnl DiAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778010804; x=1778615604; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=BCtnCZH8ZoKxZPeVUzWtK/UQekMVfj0snT68dwdPoMQ=; b=MQaEMp6wFMJfbGPfxsd9AXCk1WpdjVxrJAqRHM7/g4x8hqH7pBtfO4+US3Zcpfus3U p+pEXpjpThU3uBFyNoNsV32IBKRsFe7krFYEm55jFAU8sUY/B6thQhP8keluTwbYOOUD TGfjb2mFYTP8Ax9ie+DfHY9CmLaFpI4YZh13/ffOocCvHCQFq6sPh/ENJp7rvo5R1w/o cHLkio3zgZ6LCxnE9/ipOw6B/UQhSxBg9XFU1NHu6HoQj1X4HT28ID2TnfLS3yeQeD+I N6vde+gEewDjlvhngIEEqO7yqUP73fPljp6/f58m7cIKkhMdixQZk+rObvMmIbZNI9Ny 4QBA== X-Gm-Message-State: AOJu0YywbqPBTYOjtAvgcvUqCDYuBxE3dIgihchNL9hYH0AHP2XNOIa8 bj4Zwf20HE8lrA/kDuuqHFwa7tnNn7cqrIHOSSFN5raPNSUQK49GsWjBbUlgerNVZEpHIGIGfSA VBiwTBdVqt+whCZ9lJBNiAYr3N7pVdcXVDw3S00BdCdJ8MAYew4tHib1icN5T0DDinRtd0oMKWz seqtCR7FlOAUslnY9KEx2qIZxgcywxz7d3tRRSi8PLC4BCcx17sQ== X-Gm-Gg: AeBDievAmyfic6ajkFfKiQCve1twj74mNEmGjn6X0fr1gXAZLkWmkN7REYPmaom20/n V5dwtUBIrxGf17yZKC7FUOQ3c0/3i2CvAs5SCYlo+3dYps+5LuBlsyOnsmEI7K9Xi/91b4APWHH A6f6nc5Oa8KSOBo70kzQrJBm1jUMC3F1odunxGE2vKAEYgxOoM19iUDjQ+/yIfq/EDaUUs8Bx3x sUMRbmkXN3mPNxUmp7cAs+YTdZ+2Xr3Htrvkg7qHS+elQtKn6kE4MlmQq0GQp375zRtfe0907wy ZhwhWmxZOyzoa+R+ijmD6gPIM0QvWhqj4eVgV5NilWrDIdHHLfW5xZZLcEOMGcNU/I5wLFoSc4Q 3mCEterffeDXzFgrTU7onNJNsWeLwa0MBUiWymUWls6Fsgdit/eQ3/vi4VHr8acwiI6TiQFX0/Z H0veJ/yzXggmnKYwKc4Wr0dxd6Kj9adlTr6i5nd8E= X-Received: by 2002:a05:600c:8589:b0:48d:5c1:bc3b with SMTP id 5b1f17b1804b1-48e51f410a4mr8256935e9.24.1778010803995; Tue, 05 May 2026 12:53:23 -0700 (PDT) X-Received: by 2002:a05:600c:8589:b0:48d:5c1:bc3b with SMTP id 5b1f17b1804b1-48e51f410a4mr8256585e9.24.1778010803501; Tue, 05 May 2026 12:53:23 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48a81ed6bafsm760324365e9.2.2026.05.05.12.53.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 12:53:22 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: d.riley@proxmox.com, jon@nutanix.com, "Borislav Petkov (AMD)" Subject: [PATCH 23/28] KVM: SVM: add GMET bit definitions Date: Tue, 5 May 2026 21:52:21 +0200 Message-ID: <20260505195226.563317-24-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260505195226.563317-1-pbonzini@redhat.com> References: <20260505195226.563317-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" GMET (Guest Mode Execute Trap) is an AMD virtualization feature, essentially the nested paging version of SMEP. Hyper-V uses it; add it in preparation for making it available to hypervisors running under KVM. Acked-by: Borislav Petkov (AMD) Tested-by: David Riley Signed-off-by: Paolo Bonzini Reviewed-by: Maxim Levitsky --- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/svm.h | 1 + 2 files changed, 2 insertions(+) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpuf= eatures.h index de7bd88e539d..d58dbce83f45 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -379,6 +379,7 @@ #define X86_FEATURE_AVIC (15*32+13) /* "avic" Virtual Interrupt Controlle= r */ #define X86_FEATURE_V_VMSAVE_VMLOAD (15*32+15) /* "v_vmsave_vmload" Virtua= l VMSAVE VMLOAD */ #define X86_FEATURE_VGIF (15*32+16) /* "vgif" Virtual GIF */ +#define X86_FEATURE_GMET (15*32+17) /* Guest Mode Execution Trap */ #define X86_FEATURE_X2AVIC (15*32+18) /* "x2avic" Virtual x2apic */ #define X86_FEATURE_V_SPEC_CTRL (15*32+20) /* "v_spec_ctrl" Virtual SPEC_= CTRL */ #define X86_FEATURE_VNMI (15*32+25) /* "vnmi" Virtual NMI */ diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index bcfeb5e7c0ed..aa63431ba92c 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -243,6 +243,7 @@ struct __attribute__ ((__packed__)) vmcb_control_area { #define SVM_MISC_ENABLE_NP BIT(0) #define SVM_MISC_ENABLE_SEV BIT(1) #define SVM_MISC_ENABLE_SEV_ES BIT(2) +#define SVM_MISC_ENABLE_GMET BIT(3) =20 #define SVM_MISC2_ENABLE_V_LBR BIT_ULL(0) #define SVM_MISC2_ENABLE_V_VMLOAD_VMSAVE BIT_ULL(1) --=20 2.54.0 From nobody Fri Jun 12 08:48:46 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 41AF14ADDA4 for ; Tue, 5 May 2026 19:53:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010811; cv=none; b=h0DVOazrGRaQNXUg0f6M/EBfeko6nmZqD0SCPMIz7g5iOhaiNngEl+ajGtw2vq1AmMN7OW/8vgrqzDTRtIa26vJnSE2UxIVftDeaYuaBjjpOYDX2lJrmbaVpRi514RzLBwizME9xe2BjoOxkMWYESwZXZi+wEMiBtPEzMb5yCHg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010811; c=relaxed/simple; bh=goXS6LqFT86tybjMW2WTopAsBe3SyCMMxopPmd2bwEQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=jHSZpIS/BKiB5tLhdabcrRTPFGtIcDVINW6XZ6OzXL0tRXjtcNLZvPVFa8AAJ4i+qPj7APkUXri68yxq5mHLet+9zS84//8xJSuBcXqpLr8S0mJ3pG7m0uezXTJHMOeQbAvTOExr+koRbUCQMirZ+PWgvGSEFNmb0BEeRZNBmnk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=dJZ+7duN; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=ablJdjP2; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="dJZ+7duN"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="ablJdjP2" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778010809; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=eDgVuOXO9SAgnm24T7PYI2oi9mr0H/9A0ybYZDCgDms=; b=dJZ+7duNa7RhZzNEj4QbounJaY7xUCBqyRe1spIacF6nufCuBy5/GSMy2WzXi+hQSq8qvf 4wj3dS86PfLt4ze84uZVQDSOn6Ui4BFWZqeS5IS9vmlK3LFyBIkQ3zBg5q3ZP4T31Pz3if zqKG8e0UoqviWDvddHMrn5L4262U16Y= Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-516-A0K8Mx8wMvyeoxS3ZLZNMA-1; Tue, 05 May 2026 15:53:28 -0400 X-MC-Unique: A0K8Mx8wMvyeoxS3ZLZNMA-1 X-Mimecast-MFC-AGG-ID: A0K8Mx8wMvyeoxS3ZLZNMA_1778010807 Received: by mail-wm1-f71.google.com with SMTP id 5b1f17b1804b1-48a55de6fb0so44801225e9.3 for ; Tue, 05 May 2026 12:53:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1778010806; x=1778615606; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=eDgVuOXO9SAgnm24T7PYI2oi9mr0H/9A0ybYZDCgDms=; b=ablJdjP2SpIPb5dQqsjuvvzZalkn/RlJcfrQ7qjedsggi7oHDJYnyDb/UsPMnsSzXq REZ3+pVGWQJLx/Y+i8iJZxhsxbYOLOesrMg6jv5xLUdvwFXtSRsoPScZdBcTuEZqHSwe 0WZZrho9rczxezX2Ks1IfjxQPL7/9E17s/aa2+Ivtqmm6LI6M9iYpWhpvjd/fAvi631X P30zjxXC6b+BNFSx9c8Cnpaaf/tBWHq+9NkCcXtCaQCmO3YXwjJdSwO8pUOkwksE6xea +H615ztU5OYc6IIC1FceZuW7Lg/QzPR/Di2WgYqSQaY0cPeUZkB6LPDtpEajJCdt2xt4 Cd8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778010806; x=1778615606; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=eDgVuOXO9SAgnm24T7PYI2oi9mr0H/9A0ybYZDCgDms=; b=F0cJQeWI0dHx7YucjGWrkK178hJlFbCKeTAYr2C/GT6faDq2MD/+cdzAfsn5PqHgPs gz2gw9lPN154//17OhQyYsCU+cFwdP8ZC8XHfOKpOMymnp0bGOoWh792Bn+P/q+7kZL3 NsbBlRg7QeXxrGt6ZgMxtmz6dayeFzUr3YZrPvUdy4U2BZJzi+x1eAH7wmQo2K84E3xn HzbU/cjgCMyOm7h6b74kiF9QjFfNazFRDj4dxGDudwsL55by7Oy7fVzMgY/+XN+A8K8Q 6H+pK4PFUZK6fzrq7kwFLzS58VXhjZ9oHgjH8RVvaMoVr3zoIFWWA7QZjtY72F/da3Aq tzjA== X-Gm-Message-State: AOJu0Yy0CWrCHEqQxRazzubgnVsSBdUSCR62Lu9T6+NF8nSzPlwT3I7Z MLDHb65xVUsBBNNDo3mEsRrjBGVMvOXFDOV17pLlyHnmU7tYgRkoucEx9p3NkJXkz+X7Tu+2vKL mSGRKf2J0V6tuLBW7yIE3lnMekoIL+sLflDr2QFQLkJ3afDx8BOnPikj6zPExSbgmoNrsxEgymH aYIUNnHXL/lCPvsfsL7TVlG7j32qTiY4MpOVBTosHnN8X8qrA1ag== X-Gm-Gg: AeBDietY0yUKlt68SoVHLgKkcoTT1XsP/fXiz0wR1LrkoxMI8Og1tldbapyDuZ9r91M ptFrxeJEtiDah8dvYBm8I1SFGIkXNq6O3v1M9hCHF3YG56tzxI4L4q63xyJi4tQTs7rdybKB5s7 Rl3zPkwWxnMMQjtauZussnaMkSF6CyBxHhOaNPsq/JVYwZcarse+IpU3zYLZuGnS2Qec9m+P3Qa iXSiQfbSCUq+sZ4HOR2Wm8lXTPFMjAR32QRAqBARuWxCLbASJw5jECNCkgff2bXFoE23K+YvNO4 UFtC/qRRhuvkMvYH206MkFqpdwb70cXA9pcpfcWurAFB8YHJH1R0jUtpvO6rQDV5Sx5qdMiRwMp ZWLncngnJalVJ2C8QNzyXcuH5iNi6CFJr2pzNlxZZjvq9NUHDcZ8/1Lw4bT0ZTokRKIXskgJecY I6efSccAIrBhPlsBhbZDext3u6miTH+hXrNai9ww8= X-Received: by 2002:a05:600c:8b06:b0:485:4388:3492 with SMTP id 5b1f17b1804b1-48e51e223ccmr10973305e9.11.1778010806071; Tue, 05 May 2026 12:53:26 -0700 (PDT) X-Received: by 2002:a05:600c:8b06:b0:485:4388:3492 with SMTP id 5b1f17b1804b1-48e51e223ccmr10973045e9.11.1778010805621; Tue, 05 May 2026 12:53:25 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48e5288fa13sm586955e9.14.2026.05.05.12.53.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 12:53:24 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: d.riley@proxmox.com, jon@nutanix.com Subject: [PATCH 24/28] KVM: x86/mmu: hard code more bits in kvm_init_shadow_npt_mmu Date: Tue, 5 May 2026 21:52:22 +0200 Message-ID: <20260505195226.563317-25-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260505195226.563317-1-pbonzini@redhat.com> References: <20260505195226.563317-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The host CR0 does not really reflect onto the NPT format because hCR0.PG=3D1 must be set and hCR0.WP is ignored. Carve that in stone by removing the cr0 argument from kvm_init_shadow_npt_mmu. Pass in WP=3D1 as well; it does not matter for GMET disabled because PFERR_USER_MASK is always set, but a cleared W bit in the nested page tables cannot be overridden in supervisor mode when GMET is enabled, either. In fact, since CR0.WP=3D0 is the weird "extra accesses allowed" mode, it is acutally easier think about it being always set. Likewise, clear X86_CR4_SMAP to avoid that KVM erroneously faults on supervisor accesses to an U=3D1 page. Signed-off-by: Paolo Bonzini --- arch/x86/kvm/mmu.h | 4 ++-- arch/x86/kvm/mmu/mmu.c | 8 ++++---- arch/x86/kvm/svm/nested.c | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h index e1e3869f568b..1b354e1f2d81 100644 --- a/arch/x86/kvm/mmu.h +++ b/arch/x86/kvm/mmu.h @@ -96,8 +96,8 @@ void kvm_mmu_set_me_spte_mask(u64 me_value, u64 me_mask); void kvm_mmu_set_ept_masks(bool has_ad_bits); =20 void kvm_init_mmu(struct kvm_vcpu *vcpu); -void kvm_init_shadow_npt_mmu(struct kvm_vcpu *vcpu, unsigned long cr0, - unsigned long cr4, u64 efer, gpa_t nested_cr3); +void kvm_init_shadow_npt_mmu(struct kvm_vcpu *vcpu, unsigned long cr4, + u64 efer, gpa_t nested_cr3); void kvm_init_shadow_ept_mmu(struct kvm_vcpu *vcpu, bool execonly, int huge_page_level, bool accessed_dirty, bool mbec, gpa_t new_eptp); diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 912c8e97ef61..5a796ae8c396 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -5939,13 +5939,13 @@ static void kvm_init_shadow_mmu(struct kvm_vcpu *vc= pu, shadow_mmu_init_context(vcpu, context, cpu_role, root_role); } =20 -void kvm_init_shadow_npt_mmu(struct kvm_vcpu *vcpu, unsigned long cr0, - unsigned long cr4, u64 efer, gpa_t nested_cr3) +void kvm_init_shadow_npt_mmu(struct kvm_vcpu *vcpu, unsigned long cr4, + u64 efer, gpa_t nested_cr3) { struct kvm_mmu *context =3D &vcpu->arch.guest_mmu; struct kvm_mmu_role_regs regs =3D { - .cr0 =3D cr0, - .cr4 =3D cr4 & ~X86_CR4_PKE, + .cr0 =3D X86_CR0_PG | X86_CR0_WP, + .cr4 =3D cr4 & ~(X86_CR4_PKE | X86_CR4_SMAP), .efer =3D efer, }; union kvm_cpu_role cpu_role =3D kvm_calc_cpu_role(vcpu, ®s); diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index df232153eb24..a1cffd274000 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -93,7 +93,7 @@ static void nested_svm_init_mmu_context(struct kvm_vcpu *= vcpu) * when called via KVM_SET_NESTED_STATE, that state may _not_ match curre= nt * vCPU state. CR0.WP is explicitly ignored, while CR0.PG is required. */ - kvm_init_shadow_npt_mmu(vcpu, X86_CR0_PG, svm->vmcb01.ptr->save.cr4, + kvm_init_shadow_npt_mmu(vcpu, svm->vmcb01.ptr->save.cr4, svm->vmcb01.ptr->save.efer, svm->nested.ctl.nested_cr3); vcpu->arch.mmu->get_guest_pgd =3D nested_svm_get_tdp_cr3; --=20 2.54.0 From nobody Fri Jun 12 08:48:46 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1EA844BCAD9 for ; Tue, 5 May 2026 19:53:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010814; cv=none; b=rQz7wBk0kxgbKC9ADB7l2gDhj1IsC4xmGBD9Aptl9p5vvE0+EfkkVqEF0yKPYVYYdkEdngwFaqMcq+nka5lzY8jXx4VtziStlwEdPYYUZyw6kqiu5JsHQrWSMzcgUO7J+HmHBwiMxtmuW7ZHN7yjg9CZI3Eg+6h1hFLcNej6DdI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010814; c=relaxed/simple; bh=687k/EDplpKqFKa/kv5Vp5Y4JVat2Nx14m/BSP+93uo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=EgLxIGXajeisdCY5WD4Cu2TeKXt2xj6DiUntxA0vdwpwKTo2W67vmdxDFpc+5qPH5o3HSu5QXWn8xsqYi9DOA3jjr5fdzz889m90udVmV9cxGJkMCf5S0a2TpMpHK/jFHD0XhlIbHMiebCfkRlnwHuZdf3r9oyjjNDiS5TOJBr0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=KImiFxBv; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=gxtyzOC1; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="KImiFxBv"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="gxtyzOC1" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778010811; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Ho2jr9zKlR+QkoP4McsUsUCSq4YWgUGFwkRFtm4gWTk=; b=KImiFxBvshWb1bQYrJWyZgXQRy8Bs5O/ohR0EBQVXziEtSvghQxDQ4yVuv5UYpslMu9nMY L/Y1+hdzpzmrTaJ+8liBMFNPAoG0pyzqHUqg63IfLf7nDneZdaNkkisNPUyYNiBedf10gn 7xFYKvz7j7ujsl6awJw9H07dmjYKEFY= Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-25-eEPnsSvhNmy4M10q0942pQ-1; Tue, 05 May 2026 15:53:30 -0400 X-MC-Unique: eEPnsSvhNmy4M10q0942pQ-1 X-Mimecast-MFC-AGG-ID: eEPnsSvhNmy4M10q0942pQ_1778010809 Received: by mail-wm1-f70.google.com with SMTP id 5b1f17b1804b1-48d035e8593so17346955e9.0 for ; Tue, 05 May 2026 12:53:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1778010808; x=1778615608; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Ho2jr9zKlR+QkoP4McsUsUCSq4YWgUGFwkRFtm4gWTk=; b=gxtyzOC1S4r23LAqFsNScDAJBw2Wn+CWScSxLdULnNZZi7RIB5igGHjxfZUsIJnEMd /e3pbU11vqFMXyVmtbjxbDcuP3sBjpTVylVwnslYhFTqe03XwObXxwWC32rdFt92JEln yzfuz/g0fmD3P39k7PvCQwep1HAdQlgmg45gPEIc6TMq40s05ZEAmRrEeSTjC9okAmWK mifsNGaVHuHn29z0Tvw3vkkVvvkYJedEWdZakMYM4cjaEmxfIkHSvom9KcZVRyK1IFMy fsdbGZEt3g8ISp9liijcOGJUy3vIepGAeU2oqGYxsjCHL20aE9C9NEIgq1QyASVhUMxl kHvw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778010808; x=1778615608; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=Ho2jr9zKlR+QkoP4McsUsUCSq4YWgUGFwkRFtm4gWTk=; b=IvxFc3F7Ujkbt8BYnHaxTTNebG1NLyyGSoKkuAWkifjBcHBk7vmg8h6JczAlDCFavp bWQmjFHMyopGhJk/CpJNlIls+t/qDFgCey7aqam8sD6D0RruzFBPtJOX5ksAnu+5trNv 15WDXn5ZyWLM/D8/GIo9QmU+qT+7WIolXJvZrZHnfROoh9R5/qYwIEGWOREQ3aRDeFhu 0fb3JjYamvst5BFlCO5gIMdNG7ag/96IjRGIFy3+vIm/6XJN3W1YQ2xIDDAIyw5S7wVj cXKcjcq4iBRzuf0mbQLSaOoT12ODaAMg1SIhYFebY80ja+KiiGlU3sTAWZFfxv0kHVHw jwUA== X-Gm-Message-State: AOJu0YxfjhH2Rk7dTJIoQet8Anm3OzrkRxkyutvwbs2ah7UcpEO0Xfnf d6u2o1QX7ejnD7pDm7JKVOlgAU0b2yXKoDquKexlqEM3W5Pch3K6TkIGXpRzM0GlL9T7ndY7voY /JE8WBxdRNYBQstrQW3avnljMQWiF2ZPTNTUj6z03RaRlsTdNNh87Xkvk02ivizknMefuws1FB/ 6v0XKNLh6gVJMV8Pup7HBRAvEZw5nEaq42vBir5kdwsimMtAFyjA== X-Gm-Gg: AeBDiev90F6QyQUDkozdYlJK/h+YGE39z5wiTJPTcdqU9THnNVY1pKwj7McAfiqa7Ex 7UI/dzSPYBWQiwfZtxFOmf0zqW9c14HfsumtgQ/UNOV3WcZ4VbvMq2vJcgKphdnmyv5LSxOb4Yw iLetNe8rbhNvdMa/zBxFHIwSV9x7xNlmZQGhVxi5f4Tk9lRWGDTwErN7IUOMGMor76LJV/T18zL 70rfByGIYWBnLmKwDlKkaDpaVwGt+twufruZpBK5voccEd6dOybD+Om0382f69AeTcE6bPX/y1y BBUy0qN3FqgKnFJAoJhzznXqkm4AiU1lHNvgeMF6IDrvo7ux1DMx3df620O/3EI/UDgD5v6Ok4t ZdsIlyKTBYRByrCzy/bM+tj2Zq5ODLFopORs0VbwZ5PbnoMwgf8wunrU4wpzKpTk6FZUZDLXD1C 5eGS2lrye8iJeGIRqN1pmZ1DaMW3haqh3vIVT86Sc= X-Received: by 2002:a05:600c:4f53:b0:486:fb0b:ad79 with SMTP id 5b1f17b1804b1-48e51f4456cmr9974285e9.20.1778010808365; Tue, 05 May 2026 12:53:28 -0700 (PDT) X-Received: by 2002:a05:600c:4f53:b0:486:fb0b:ad79 with SMTP id 5b1f17b1804b1-48e51f4456cmr9973765e9.20.1778010807901; Tue, 05 May 2026 12:53:27 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48e5288f929sm594605e9.18.2026.05.05.12.53.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 12:53:26 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: d.riley@proxmox.com, jon@nutanix.com Subject: [PATCH 25/28] KVM: x86/mmu: add support for GMET to NPT page table walks Date: Tue, 5 May 2026 21:52:23 +0200 Message-ID: <20260505195226.563317-26-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260505195226.563317-1-pbonzini@redhat.com> References: <20260505195226.563317-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" GMET allows page table entries to be created with U=3D0 in NPT. However, when GMET=3D1 U=3D0 only affects execution, not reads or writes. Ignore user faults on non-fetch accesses for NPT GMET. Tested-by: David Riley Signed-off-by: Paolo Bonzini Reviewed-by: Maxim Levitsky --- arch/x86/include/asm/kvm_host.h | 2 ++ arch/x86/kvm/mmu.h | 2 +- arch/x86/kvm/mmu/mmu.c | 18 ++++++++++++------ arch/x86/kvm/svm/nested.c | 10 +++++++--- 4 files changed, 22 insertions(+), 10 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_hos= t.h index 7dde4ca87752..1da3d5c59e15 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -370,6 +370,8 @@ union kvm_mmu_page_role { * cr4_smep is also set for EPT MBEC. Because it affects * which pages are considered non-present (bit 10 additionally * must be zero if MBEC is on) it has to be in the base role. + * It also has to be in the base role for AMD GMET because + * kernel-executable pages need to have U=3D0 with GMET enabled. */ unsigned cr4_smep:1; =20 diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h index 1b354e1f2d81..ddf4e467c071 100644 --- a/arch/x86/kvm/mmu.h +++ b/arch/x86/kvm/mmu.h @@ -97,7 +97,7 @@ void kvm_mmu_set_ept_masks(bool has_ad_bits); =20 void kvm_init_mmu(struct kvm_vcpu *vcpu); void kvm_init_shadow_npt_mmu(struct kvm_vcpu *vcpu, unsigned long cr4, - u64 efer, gpa_t nested_cr3); + u64 efer, gpa_t nested_cr3, u64 misc_ctl); void kvm_init_shadow_ept_mmu(struct kvm_vcpu *vcpu, bool execonly, int huge_page_level, bool accessed_dirty, bool mbec, gpa_t new_eptp); diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 5a796ae8c396..a283b5078c61 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -55,6 +55,7 @@ #include #include #include +#include #include =20 #include "trace.h" @@ -5572,7 +5573,7 @@ reset_ept_shadow_zero_bits_mask(struct kvm_mmu *conte= xt, bool execonly) (14 & (access) ? 1 << 14 : 0) | \ (15 & (access) ? 1 << 15 : 0)) =20 -static void update_permission_bitmask(struct kvm_mmu *mmu, bool ept) +static void update_permission_bitmask(struct kvm_mmu *mmu, bool tdp, bool = ept) { unsigned index; =20 @@ -5633,7 +5634,12 @@ static void update_permission_bitmask(struct kvm_mmu= *mmu, bool ept) /* Faults from kernel mode accesses to user pages */ u16 kf =3D (pfec & PFERR_USER_MASK) ? 0 : u; =20 - uf =3D (pfec & PFERR_USER_MASK) ? (u16)~u : 0; + /* + * For NPT GMET, U=3D0 does not affect reads and writes. Fetches + * are handled below via cr4_smep. + */ + if (!(tdp && cr4_smep)) + uf =3D (pfec & PFERR_USER_MASK) ? (u16)~u : 0; =20 if (efer_nx) ff =3D (pfec & PFERR_FETCH_MASK) ? (u16)~x : 0; @@ -5744,7 +5750,7 @@ static void reset_guest_paging_metadata(struct kvm_vc= pu *vcpu, return; =20 reset_guest_rsvds_bits_mask(vcpu, mmu); - update_permission_bitmask(mmu, false); + update_permission_bitmask(mmu, mmu =3D=3D &vcpu->arch.guest_mmu, false); update_pkru_bitmask(mmu); } =20 @@ -5940,7 +5946,7 @@ static void kvm_init_shadow_mmu(struct kvm_vcpu *vcpu, } =20 void kvm_init_shadow_npt_mmu(struct kvm_vcpu *vcpu, unsigned long cr4, - u64 efer, gpa_t nested_cr3) + u64 efer, gpa_t nested_cr3, u64 misc_ctl) { struct kvm_mmu *context =3D &vcpu->arch.guest_mmu; struct kvm_mmu_role_regs regs =3D { @@ -5953,7 +5959,7 @@ void kvm_init_shadow_npt_mmu(struct kvm_vcpu *vcpu, u= nsigned long cr4, =20 /* NPT requires CR0.PG=3D1. */ WARN_ON_ONCE(cpu_role.base.direct || !cpu_role.base.guest_mode); - cpu_role.base.cr4_smep =3D false; + cpu_role.base.cr4_smep =3D (misc_ctl & SVM_MISC_ENABLE_GMET) !=3D 0; =20 root_role =3D cpu_role.base; root_role.level =3D kvm_mmu_get_tdp_level(vcpu); @@ -6011,7 +6017,7 @@ void kvm_init_shadow_ept_mmu(struct kvm_vcpu *vcpu, b= ool execonly, context->gva_to_gpa =3D ept_gva_to_gpa; context->sync_spte =3D ept_sync_spte; =20 - update_permission_bitmask(context, true); + update_permission_bitmask(context, true, true); context->pkru_mask =3D 0; reset_rsvds_bits_mask_ept(vcpu, context, execonly, huge_page_level); reset_ept_shadow_zero_bits_mask(context, execonly); diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index a1cffd274000..7adfa7da210d 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -95,7 +95,8 @@ static void nested_svm_init_mmu_context(struct kvm_vcpu *= vcpu) */ kvm_init_shadow_npt_mmu(vcpu, svm->vmcb01.ptr->save.cr4, svm->vmcb01.ptr->save.efer, - svm->nested.ctl.nested_cr3); + svm->nested.ctl.nested_cr3, + svm->nested.ctl.misc_ctl); vcpu->arch.mmu->get_guest_pgd =3D nested_svm_get_tdp_cr3; vcpu->arch.mmu->get_pdptr =3D nested_svm_get_tdp_pdptr; vcpu->arch.mmu->inject_page_fault =3D nested_svm_inject_npf_exit; @@ -2076,12 +2077,15 @@ static gpa_t svm_translate_nested_gpa(struct kvm_vc= pu *vcpu, gpa_t gpa, struct x86_exception *exception, u64 pte_access) { + struct vcpu_svm *svm =3D to_svm(vcpu); struct kvm_mmu *mmu =3D vcpu->arch.mmu; =20 BUG_ON(!mmu_is_nested(vcpu)); =20 - /* NPT walks are always user-walks */ - access |=3D PFERR_USER_MASK; + /* Non-GMET walks are always user-walks */ + if (!(svm->nested.ctl.misc_ctl & SVM_MISC_ENABLE_GMET)) + access |=3D PFERR_USER_MASK; + return mmu->gva_to_gpa(vcpu, mmu, gpa, access, exception); } =20 --=20 2.54.0 From nobody Fri Jun 12 08:48:46 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6EF944C040E for ; Tue, 5 May 2026 19:53:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010816; cv=none; b=uy9bAL/RTda6i0FLyXxom9XuQ/6K1qcqzwW2ozbSshJUegn/spJYuYyXzQLjmsW4iNLXb4kzOyPF8qH/KlI/CsAYnH7EjgwHi2hDrRNi3E2slcRnJ7h5CsbDaXGWcXDvrAKq/zx4A/1opFVIRAUI+pQCxBeV02VFahCHzHncfhk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010816; c=relaxed/simple; bh=LFkeX9qsGdttSQXmLMcCpdPJR2OgzjTQkeYJe9lIpmk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=l0jjlW0/eaCpwmCpD1ahQ5DvygPR5uudbBdCG5FwGpIc/FK0alUTVV+DuUbOSPXMGa8Pf6NrCHSFvTcKwjV54JRQSCrHcF3A8EbbaOTCM/B8NIZSzz9KCgTxZYWfib5D92Wg+0rIVuv1Z8bSSFw4Tg7iZ/DeiGw64gAfRwsbXvo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=fSJsjlGt; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=pkjK0lHu; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="fSJsjlGt"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="pkjK0lHu" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778010814; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=GuYYO7ikI5CeDPzBpsYpeVKkw0Ln2WHMEnJ0q9e0zU0=; b=fSJsjlGtR+9xv+oXQoFlWqasa40XDMyxis3rg+iiu6ggiejNiqJ7pnTerIMH4q6nvEhsPJ CDvmbeD49agWliAcvTlQwFeXFMZYab1GbBb/avKdLKITwchp4hUHw9DOA55sidIpzNJbt3 g4KUq/VctRMQTEz0GRTPtuEx2BRkfkg= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-634-Bppyt1sqPZ2tZhiawbdOXw-1; Tue, 05 May 2026 15:53:33 -0400 X-MC-Unique: Bppyt1sqPZ2tZhiawbdOXw-1 X-Mimecast-MFC-AGG-ID: Bppyt1sqPZ2tZhiawbdOXw_1778010812 Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-488bd1ee9e7so57267315e9.1 for ; Tue, 05 May 2026 12:53:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1778010811; x=1778615611; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=GuYYO7ikI5CeDPzBpsYpeVKkw0Ln2WHMEnJ0q9e0zU0=; b=pkjK0lHuFfDDLvRPvRA9Rbs1qH/L+S2H8laoj26W1/FA8Xi33d0ItqouMdSqIV0Z4u YKExaepbs0xmsCnfHWEdB56L+oDqtrs4XvyPB+Fg4cftfu7hczcTeHzu9rRmlwoq0nxP XFRmo1JP2M2ser9dgF1vcjoZt85Evaaq1+fch1uiJpj+Wd/XtFbimUhf5KNmiPYPoQYb 64Y4L63valxNJ5lwq/KaDwre6GCLBcMBBIYHEAAmVYRDipo8V3hs4ruAuLNwoU7qsK/3 C7YxMXEPPzbl/so9jqzI0v7cOQdDfIoNmMjAJR5aNTgY9n0fC2AMzNc4u/Smas1fSciI e+ag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778010811; x=1778615611; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=GuYYO7ikI5CeDPzBpsYpeVKkw0Ln2WHMEnJ0q9e0zU0=; b=feGOO+ZKS8G/aCo7IvGEKCX32UOkQZzo0ilIgNYg5ZyzJpOj2rDkifwsjBwKjrQtaI /2zamy+Lai3eXVOFkFVOrEooi7klw9eFHalxOSEIwS2nUCGA/xKqYk2m+2FfUKuknS2q 8kpknZc1RhOewMwoXuy4ySALk5qxnS1mPiTCaLKRiRy/Kw/3B9y1ULjgwP47dEA8/jGq 00+sbELDYxjbhH7rNar2KGzQcm9COuuFZAwZ+3HcgFhjh2OM0bQv/CPJE4z7tW2pkgG6 ziiTFSkPfdTfKhF7UUQGfGQXEPsQP9+e9Iys0bw23qBL1tL1ElVdaySHm79LJRdKLqh3 kMGQ== X-Gm-Message-State: AOJu0YxiZwoOQpYend8GKS+j+mYv5qL0Vzh6OJEZOQWerfZ0RldXTX+0 6qt5aKvCrtM41y3vwI/iFWSMWJSQbfAbCMIUuLcZUipenIlHJ4df3FwNEUuqKKZXqB+S0S5MIXZ RUxTejrpBSxjoSOolxY9apig3Cy2UKYhxD4ca49rDUIEYWMjEFQSOXaWV/0bmtjVO7EfLiUZMJa 3oXrTuzJL0c+NQhJn4JAR1VL8ZbucM4PUrxv1Gn8vgjYg6ZWX1aw== X-Gm-Gg: AeBDievJbvWMI3VPTFfOueJsmE08qFlKQvvEfNpiXDvuqNNtIkTRRri5rc78j4r7xQq XRc13DitySGY4Ku4pfTEe1bzqT/nABWZ2AHIopMABE2kw0HY0HtTk1E9jeMiUCB858dPQtLZ49Z PFkXpWGpRKi62lX1U7Q+CRnsuDXyxGucUK1ABwMdkmMXgWHPY0bnqnFR6Pl8n2fYGSC7456rYtS dVBg/32PEfyYG1s9/jwnm46t+WWc3NqP/Jrw+1YBybp4Ai3itE+FhzNHuNGmU5AUR6MgV1xT3ok NjnVESuvYe4IwbS+nzZ2Yn+sfaJXm5+qFlnbb5sp/cCXLhxicYW1lRFusPLvEqO2ckDJ7Rf/n0K pCotLU97T1VVJDeDPwTgv6wERhgbYrpHzQTNaClIG5+x9iRTK/MvZWjdSClgDBvzW3jiqT1wwKh PzQDGXDKbtPUoAxxOLNegqJLbkJqLYjVlvLGseMeA= X-Received: by 2002:a05:600c:3548:b0:489:1b0c:8b43 with SMTP id 5b1f17b1804b1-48e51e0969fmr11029275e9.1.1778010811471; Tue, 05 May 2026 12:53:31 -0700 (PDT) X-Received: by 2002:a05:600c:3548:b0:489:1b0c:8b43 with SMTP id 5b1f17b1804b1-48e51e0969fmr11028905e9.1.1778010810966; Tue, 05 May 2026 12:53:30 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48a8eb75fc1sm382391065e9.7.2026.05.05.12.53.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 12:53:28 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: d.riley@proxmox.com, jon@nutanix.com Subject: [PATCH 26/28] KVM: SVM: enable GMET and set it in MMU role Date: Tue, 5 May 2026 21:52:24 +0200 Message-ID: <20260505195226.563317-27-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260505195226.563317-1-pbonzini@redhat.com> References: <20260505195226.563317-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Set the GMET bit in the nested control field. This has effectively no impact as long as NPT page tables are changed to have U=3D0. Tested-by: David Riley Signed-off-by: Paolo Bonzini Reviewed-by: Maxim Levitsky --- arch/x86/kvm/mmu/mmu.c | 6 +++++- arch/x86/kvm/svm/nested.c | 9 ++++++--- arch/x86/kvm/svm/svm.c | 16 ++++++++++++++++ arch/x86/kvm/svm/svm.h | 1 + 4 files changed, 28 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index a283b5078c61..8b6122b66f06 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -5855,7 +5855,6 @@ kvm_calc_tdp_mmu_root_page_role(struct kvm_vcpu *vcpu, { union kvm_mmu_page_role role =3D {0}; =20 - role.access =3D ACC_ALL; role.cr0_wp =3D true; role.cr4_smep =3D kvm_x86_call(tdp_has_smep)(vcpu->kvm); role.efer_nx =3D true; @@ -5866,6 +5865,11 @@ kvm_calc_tdp_mmu_root_page_role(struct kvm_vcpu *vcp= u, role.direct =3D true; role.has_4_byte_gpte =3D false; =20 + /* All TDP pages are supervisor-executable */ + role.access =3D ACC_ALL; + if (role.cr4_smep && shadow_user_mask) + role.access &=3D ~ACC_USER_MASK; + return role; } =20 diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 7adfa7da210d..74a1df1cb84f 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -858,7 +858,7 @@ static void nested_vmcb02_prepare_control(struct vcpu_s= vm *svm) * the latter, L1 runs L2 with shadow page tables that translate L2 GVAs * to L1 GPAs, so the same NPTs can be used for L1 and L2. */ - vmcb02->control.misc_ctl =3D vmcb01->control.misc_ctl & SVM_MISC_ENABLE_N= P; + vmcb02->control.misc_ctl =3D vmcb01->control.misc_ctl & (SVM_MISC_ENABLE_= NP | SVM_MISC_ENABLE_GMET); vmcb02->control.iopm_base_pa =3D vmcb01->control.iopm_base_pa; vmcb02->control.msrpm_base_pa =3D vmcb01->control.msrpm_base_pa; vmcb_mark_dirty(vmcb02, VMCB_PERM_MAP); @@ -895,9 +895,12 @@ static void nested_vmcb02_prepare_control(struct vcpu_= svm *svm) /* Also overwritten later if necessary. */ vmcb02->control.tlb_ctl =3D TLB_CONTROL_DO_NOTHING; =20 - /* nested_cr3. */ - if (nested_npt_enabled(svm)) + /* Use vmcb01 MMU and format if guest does not use nNPT */ + if (nested_npt_enabled(svm)) { + vmcb02->control.misc_ctl &=3D ~SVM_MISC_ENABLE_GMET; + nested_svm_init_mmu_context(vcpu); + } =20 vcpu->arch.tsc_offset =3D kvm_calc_nested_tsc_offset(vcpu->arch.l1_tsc_of= fset, vmcb12_ctrl->tsc_offset, diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index e7fdd7a9c280..3895d8794366 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -138,6 +138,9 @@ module_param(pause_filter_count_max, ushort, 0444); bool __ro_after_init npt_enabled =3D true; module_param_named(npt, npt_enabled, bool, 0444); =20 +bool gmet_enabled =3D true; +module_param_named(gmet, gmet_enabled, bool, 0444); + /* allow nested virtualization in KVM/SVM */ static int __ro_after_init nested =3D true; module_param(nested, int, 0444); @@ -1209,6 +1212,10 @@ static void init_vmcb(struct kvm_vcpu *vcpu, bool in= it_event) save->g_pat =3D vcpu->arch.pat; save->cr3 =3D 0; } + + if (gmet_enabled) + control->misc_ctl |=3D SVM_MISC_ENABLE_GMET; + svm->current_vmcb->asid_generation =3D 0; svm->asid =3D 0; =20 @@ -4612,6 +4619,11 @@ svm_patch_hypercall(struct kvm_vcpu *vcpu, unsigned = char *hypercall) hypercall[2] =3D 0xd9; } =20 +static bool svm_tdp_has_smep(struct kvm *kvm) +{ + return gmet_enabled; +} + /* * The kvm parameter can be NULL (module initialization, or invocation bef= ore * VM creation). Be sure to check the kvm parameter before using it. @@ -5355,6 +5367,7 @@ struct kvm_x86_ops svm_x86_ops __initdata =3D { .write_tsc_multiplier =3D svm_write_tsc_multiplier, =20 .load_mmu_pgd =3D svm_load_mmu_pgd, + .tdp_has_smep =3D svm_tdp_has_smep, =20 .check_intercept =3D svm_check_intercept, .handle_exit_irqoff =3D svm_handle_exit_irqoff, @@ -5588,6 +5601,9 @@ static __init int svm_hardware_setup(void) if (!boot_cpu_has(X86_FEATURE_NPT)) npt_enabled =3D false; =20 + if (!npt_enabled || !boot_cpu_has(X86_FEATURE_GMET)) + gmet_enabled =3D false; + /* Force VM NPT level equal to the host's paging level */ kvm_configure_mmu(npt_enabled, get_npt_level(), get_npt_level(), PG_LEVEL_1G); diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index a10668d17a16..dd93b3daefa9 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -44,6 +44,7 @@ static inline struct page *__sme_pa_to_page(unsigned long= pa) #define IOPM_SIZE PAGE_SIZE * 3 #define MSRPM_SIZE PAGE_SIZE * 2 =20 +extern bool gmet_enabled; extern bool npt_enabled; extern int nrips; extern int vgif; --=20 2.54.0 From nobody Fri Jun 12 08:48:46 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 669E54CA278 for ; Tue, 5 May 2026 19:53:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010818; cv=none; b=E1FZ1Vd0c+h4Wk5jcc4hNZqw1LmMOTS/qXSVD7wgkPw8wkv3Hc0pXUWydsUVOx9EGakUH3tD9b7KRfMOY8uj9hBy9OgvIO7jpM0cio2yEDVAy1X1278g1KqqrzxkrGgMVSF+9uc6MASD9iWuZaO0+mvY1ykdXrHcdvYKwgQryHw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010818; c=relaxed/simple; bh=Q+YPNG/7sdpVJDJgCVNqBe0D6tPJ4BMvbXkiotrkCcg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=tcChYL20R0DMC6L+qdZnIj+9kMlpSZL20jIQ0SaGgA353wVgffRVJIvmB6+JqcOakmE12+15w8RCSLd0xUkRlVAwZ3d5fY2fOn6dUFnYRXBBfq19PK0Dnrt7E3DRlK4HAx4V+m7gY7z+XcgfigF6Gvg4XzO+4YyrSUqooCA9M6I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=D+jvv5LN; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=qR2YuLIi; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="D+jvv5LN"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="qR2YuLIi" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778010816; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Q5tZwhDdjNOAy0xQTnJEw6cdiPs4hsYkEWF7NFBse4o=; b=D+jvv5LNIViv1kKAMY0AWe1s8VdnXYWAOCMfZtjhqo684aq57FYIcjaXCz3D6K1iqEhyge nogk/sJTtNwCAY5f9gh0s5x5Zt4617Sf9AxkRzK/Y4lRAhJPXG66/TsxkFDt7rZnhy2UNE JmCBN/3+3RoIZcp9JB1Mjz9+o9VGluA= Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-475-f6rclfOTOXeVIcpRH6ifVQ-1; Tue, 05 May 2026 15:53:35 -0400 X-MC-Unique: f6rclfOTOXeVIcpRH6ifVQ-1 X-Mimecast-MFC-AGG-ID: f6rclfOTOXeVIcpRH6ifVQ_1778010814 Received: by mail-wm1-f70.google.com with SMTP id 5b1f17b1804b1-488d3eec9bcso34079045e9.3 for ; Tue, 05 May 2026 12:53:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1778010813; x=1778615613; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Q5tZwhDdjNOAy0xQTnJEw6cdiPs4hsYkEWF7NFBse4o=; b=qR2YuLIiNplbuM5+UOmfSnV6/rj22p1Yi60H5hXPEXuFwybQWGLtHlslnqrnrwC8VY Zh75SNEw7lzjwctogT0jCJ9gIbvaKXri6caWQqPYrkfrqZAJuX7xXrjszLVtokqgUDKG LCEvOQpkZsiXvt3e+OtMuCTbMlDOPeDcPSUE5fBH6/oQRvCj6OEk8eQluf7llQbh2qYj 22j+PK5N5N93FiQtrSIw1dSwa0k57nj9zCkiuMhTafkLnTvHmliRCWd9MB4ZSMzT/lOu GvW9YnOaq6jxYIc6wIVDEPxzQTMdRMRHSim1nKTA7zhtbS3HeXWdtMPFJzguY01u5EYV dIGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778010813; x=1778615613; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=Q5tZwhDdjNOAy0xQTnJEw6cdiPs4hsYkEWF7NFBse4o=; b=dhH5LciEf2BEAy3pUkfuO6lJ7tT6q2DJq6Hcpte5QK7sL+EJHqOIFTa5Og1aUXYkDz JDoTXp8GTJz6fwQhl3C8kxaSOtiXEsbAhvuKAQHGaeizdGKrE5tRCJ+O9VenF8gvrp8C 4vtY/++/dVNH/DA50yquJN0DFJMF6Ho8JOM738m5Q+Q43CDDDM9je681DcOV+dq6fPCh fsBisH3KRKNSEvjmTEGPv0TqEqQxDdjZjOS9PXy5hiBovl99w3ytTr666ex6+EnweY7t 0SGH2b5iwaZurgTuz32YFMWHi2Sh6NjCetEvDOPaSKTfKfMxgDdJLSvw2yT7Kdyb1j7w H3jg== X-Gm-Message-State: AOJu0Yz7pweIslSZJiNyFZ0ZkeGkLJ4e2osQpAfuKaheykTiHt3zbviO uvJuivTekoNK0P9F1you47GITkv5ub8TG3MU4KzCDy76UMMl8RGxD7mfqRs1g2rb3yzG4ySyyNr ABdBQNa+vQOv//Drh6PxQ1877YiO5pHLQRIDC8uIZ9w3LR2jGZgPE1Zs8vT6QkPb6HKxciTGgAg hce8PntZ5Ip0IvIowqvA7seyPY5ZcARU+tTh8Eiub4JTQMsSWshg== X-Gm-Gg: AeBDiescU9zJWjc8OpPypL17D+wplr8u3Fl2aYjNJatTBk/e+wG7QtCQOC5C6FduKeN /kiX3UcQ1H3vcn+t+UKNp5XRZeTOmUlb6TKnHkFGDlRqiE3yDIH+QPmklwEMrCOyisZxzTiXqHx eMfUYe+9DC8M+NVMHqUF0NYqlwgn2V/PsfsEfLoZOhW/SEwe8tJFfQotXqg+L4MP1JZ1OieLm2U Lq/k6Ypv2IKKzJmD5Equ0FJ+Ar6N6JT+csJ+ob38+2/yXPOQsa91eLq/TarOQ1olpKa3fr5wLeT /wM+V5fkUhfXLXkX6EcJJAMHZVWsE6a9DkaKajOYRcnG3KHW880Ezyh45oQBIjMTxqVFouMETZq Hlzs0xR4cl+G8JlPoDEIlndety3eJYgxJ2OPt8rONeq91S0niCZMsbl6/gOZYHkMHxbWrdGReWi ImS7wMB88bTBNPt8uPSf02RCAKz8102LMgg/+s6w8= X-Received: by 2002:a05:600c:1d18:b0:48a:5574:3a5b with SMTP id 5b1f17b1804b1-48e51f45c84mr10682015e9.27.1778010813532; Tue, 05 May 2026 12:53:33 -0700 (PDT) X-Received: by 2002:a05:600c:1d18:b0:48a:5574:3a5b with SMTP id 5b1f17b1804b1-48e51f45c84mr10681745e9.27.1778010813186; Tue, 05 May 2026 12:53:33 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48a822bf3ffsm457713335e9.7.2026.05.05.12.53.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 12:53:32 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: d.riley@proxmox.com, jon@nutanix.com Subject: [PATCH 27/28] KVM: SVM: work around errata 1218 Date: Tue, 5 May 2026 21:52:25 +0200 Message-ID: <20260505195226.563317-28-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260505195226.563317-1-pbonzini@redhat.com> References: <20260505195226.563317-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" According to AMD, the hypervisor may not be able to determine whether a fault was a GMET fault or an NX fault based on EXITINFO1, and software "must read the relevant VMCB to determine whether a fault was a GMET fault or an NX fault". The APM further details that they meant the CPL field. KVM uses the page fault error code to distinguish the causes of a nested page fault, so recalculate the PFERR_USER_MASK bit of the vmexit information. Only do it for fetches and only if GMET is in use, because KVM does not differentiate based on PFERR_USER_MASK for other nested NPT page faults. Tested-by: David Riley Signed-off-by: Paolo Bonzini Reviewed-by: Maxim Levitsky --- arch/x86/kvm/svm/svm.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 3895d8794366..fd79874c5f4b 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1993,6 +1993,18 @@ static int npf_interception(struct kvm_vcpu *vcpu) } } =20 + if (!is_sev_es_guest(vcpu) && + (svm->vmcb->control.misc_ctl & SVM_MISC_ENABLE_GMET) && + (error_code & PFERR_FETCH_MASK)) { + /* + * Work around errata 1218: EXITINFO1[2] May Be Incorrectly Set + * When GMET (Guest Mode Execute Trap extension) is Enabled + */ + error_code |=3D PFERR_USER_MASK; + if (svm_get_cpl(vcpu) !=3D 3) + error_code &=3D ~PFERR_USER_MASK; + } + if (is_sev_snp_guest(vcpu) && (error_code & PFERR_GUEST_ENC_MASK)) error_code |=3D PFERR_PRIVATE_ACCESS; =20 --=20 2.54.0 From nobody Fri Jun 12 08:48:46 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2EB884CA29B for ; Tue, 5 May 2026 19:53:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010821; cv=none; b=Sze1EMDnkJhkJahcSwDidrExMH0hH647vksdlhm/H32CL2s6UvGCfWeayn2iLmOd04Gf2zeC6wLP5bTQOWWrQwlkdRbOH+oqtOvaQkAfOkSgcsbnP7wyba9TzHtrtJuzG6O05pLP46H8RIpaoGxGlF+VEdhqcYKg12y3DIQ5pYY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778010821; c=relaxed/simple; bh=3AddREP+PjzVhR5hdP8L2HZju6wfpL/hFsaIQBUjFRk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=E56BE3jaFhR0zR26X1lx+QAYy3MtmGSgh5AOLPo2GlX63v9IwWLf77QPY2kL/KMMSAgt2mRPKfiWeUY9XcjuqajE7sTBaaGzMPnXxcbPYCRn6VoaCG/Bc5G/w/7T8Q/LumDv3YQKIFXlTMAAkmxORDlTyK7NjRZj0YeRLaF2vYU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=GWslmkO7; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=mVaGyAIW; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="GWslmkO7"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="mVaGyAIW" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778010819; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/LwnkmTecZdqjTIP8zSR3v8jKVuAlnagwhGxO6m9tBA=; b=GWslmkO7c7GsUwC0TVcOXYhp5pvjJjNzfU1tq2h7p0tdEln8b0bCL3ecXstwm6gHFn5UxO CB2O/+C/JIdFydCvjW9vJDTz6T0vqB2ujytdICEYtD3KMnv5EKmr5Ca2RrkmZbWQaw/XHR VV58UBeToABsrfSvNdLTcuxP3jvWu/8= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-250-25ilt0eFPQivjzRAqkobEg-1; Tue, 05 May 2026 15:53:37 -0400 X-MC-Unique: 25ilt0eFPQivjzRAqkobEg-1 X-Mimecast-MFC-AGG-ID: 25ilt0eFPQivjzRAqkobEg_1778010816 Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-48a7994e8ddso54372405e9.0 for ; Tue, 05 May 2026 12:53:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1778010815; x=1778615615; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=/LwnkmTecZdqjTIP8zSR3v8jKVuAlnagwhGxO6m9tBA=; b=mVaGyAIWDnxD+zfOeLEoGzxek3V3G4F//4rSD0zkL/ulSU+o39mlwKHzzataIBR69g 4zR3s/ve+croNcAoIc7ZQSh6uCSwMNKzAQoCMjrSWcaIIAHfrtb0cv2f7EIYX98mHEnc FNzkbhMNsmGxr3behoS9jOWGWZ7+E+0XecYjToqzqQPuL9kRPq9t+ATwyFlxTuEcIUr0 GVHzDmcdK24OsWv4YgFy+cO2U+m4D9BLa3kzLzWbOHvO1JcfwHF3d0yURvJV1ujZzQpZ Wu8fTSzLGkXDg4W2gOTZbj+pbIhJICMPd5rbPcOL3bdQyN1irDIzuYp1o4BwfhI8awaJ HXQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778010815; x=1778615615; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=/LwnkmTecZdqjTIP8zSR3v8jKVuAlnagwhGxO6m9tBA=; b=YjI7eKvbqBg7oO0zUWMa5eSw7l7EWXQyOTnBJ5VcTm7PJDcl+1hOXvfiYanWteFI7P Xeu7cnoRhQPO55e0/1EFcbN99XsbRxpIQO3ETlaxW2/IOt72K5QiNzFZCzQI+M358B1K dEbHOcbZywGha7kdiXk4xhA+T7evRUP0vTLAATpk55dcgIS4bbigFyRbvjZgJPoZ1kOv dxq5XU2N9patUzSFUKLPsYR28vfT+a/GHEK4FiDZnmthdFFHANxLiYK9PQULBir+jAM0 SeLWDRErWGjNE/yaa9XJegBgL1LBIRg4SsPSsVvrzVPLSGpK2QrboTyvdZFtz9ZB++uq vwOQ== X-Gm-Message-State: AOJu0YzHmZ+XWay3cq87brrih8f/TMt4mLQhZVHYY+bBvLSEfZS0G5tk wL6d9K+t7mTU3reksLiBMViMp2GwJ19R2BH6NVn7/3eVmTmHRQi+fmjHTv4Hrj4WeC3REpEZHoD gFqYRAfwES7ooSrRIwFl6VxVkq+EUsroAVJ/GNieYL7B4pegwLDnX0Vecsw0FWbKAAO9C/vnc3d 59iVgdb+JyrSxhkAaTcYk80Zc2Nxjm2G36lIOJQEeV25MDzQtYCw== X-Gm-Gg: AeBDieva4KQBcTFEUKnMBSXz/zf8buZqM7kN/J1xoW4vuUVLUCOkosSVj6nWayyplD9 Ju8dkyf494x0AwNfPbWD+GMPgSsmBPYSdyj07zcKSD/osN4+WsjKpp57ozr8rSFNynmAlpdLMnx h123ILB2DR9CAR/S2hBgKYqN/oKgYhxJ4PQQKbyFxuI5JZAtx2xaQV1IEPHtLq4WIKiLLcxFHCc NCz5/IGWHODigUQtShc/kxCi0HnxbZTiQ8tJVIB6N0R6OKJ1ulMQeDY+ybPEWl/LGK4rtXHs0ig jIRUeCCO6eKfECCvDhmjjR7HmLliBziZs/ijSTJumshVDxU6FLoRTc2i4lXSCa0yTNZP2aLKg79 YaKMb9j6Dna2vNZfwTvRf4+SgGueosQb13OPAh0toki+OclAv3+jm/POcfnwQMFPJHZvU1tJ/6V 467NqxjM5EltMHJWB0X1CgJmDHAyndrIhO1UVbdPo= X-Received: by 2002:a05:600c:8485:b0:48a:76a3:2b9b with SMTP id 5b1f17b1804b1-48e51f32811mr10466995e9.17.1778010815665; Tue, 05 May 2026 12:53:35 -0700 (PDT) X-Received: by 2002:a05:600c:8485:b0:48a:76a3:2b9b with SMTP id 5b1f17b1804b1-48e51f32811mr10466565e9.17.1778010815242; Tue, 05 May 2026 12:53:35 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48a8eb75fc1sm382396205e9.7.2026.05.05.12.53.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 12:53:34 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: d.riley@proxmox.com, jon@nutanix.com Subject: [PATCH 28/28] KVM: nSVM: enable GMET for guests Date: Tue, 5 May 2026 21:52:26 +0200 Message-ID: <20260505195226.563317-29-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260505195226.563317-1-pbonzini@redhat.com> References: <20260505195226.563317-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" All that needs to be done is moving the GMET bit from vmcb12 to vmcb02. The only new thing is that __nested_copy_vmcb_control_to_cache now ensures that ignored-if-unavailable bits are zero in svm->nested.ctl. Tested-by: David Riley Signed-off-by: Paolo Bonzini Reviewed-by: Maxim Levitsky --- arch/x86/kvm/svm/nested.c | 6 +++++- arch/x86/kvm/svm/svm.c | 3 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 74a1df1cb84f..3d1fd1776e19 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -489,11 +489,14 @@ void __nested_copy_vmcb_control_to_cache(struct kvm_v= cpu *vcpu, nested_svm_sanitize_intercept(vcpu, to, SKINIT); nested_svm_sanitize_intercept(vcpu, to, RDPRU); =20 - /* Always clear SVM_MISC_ENABLE_NP if the guest cannot use NPTs */ + /* Always clear misc_ctl bits that the guest cannot use */ to->misc_ctl =3D from->misc_ctl; if (!guest_cpu_cap_has(vcpu, X86_FEATURE_NPT)) to->misc_ctl &=3D ~SVM_MISC_ENABLE_NP; =20 + if (!gmet_enabled || !guest_cpu_cap_has(vcpu, X86_FEATURE_GMET)) + to->misc_ctl &=3D ~SVM_MISC_ENABLE_GMET; + to->iopm_base_pa =3D from->iopm_base_pa & PAGE_MASK; to->msrpm_base_pa =3D from->msrpm_base_pa & PAGE_MASK; to->tsc_offset =3D from->tsc_offset; @@ -898,6 +901,7 @@ static void nested_vmcb02_prepare_control(struct vcpu_s= vm *svm) /* Use vmcb01 MMU and format if guest does not use nNPT */ if (nested_npt_enabled(svm)) { vmcb02->control.misc_ctl &=3D ~SVM_MISC_ENABLE_GMET; + vmcb02->control.misc_ctl |=3D (svm->nested.ctl.misc_ctl & SVM_MISC_ENABL= E_GMET); =20 nested_svm_init_mmu_context(vcpu); } diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index fd79874c5f4b..a82471a6d3ea 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -5504,6 +5504,9 @@ static __init void svm_set_cpu_caps(void) if (boot_cpu_has(X86_FEATURE_PFTHRESHOLD)) kvm_cpu_cap_set(X86_FEATURE_PFTHRESHOLD); =20 + if (gmet_enabled) + kvm_cpu_cap_set(X86_FEATURE_GMET); + if (vgif) kvm_cpu_cap_set(X86_FEATURE_VGIF); =20 --=20 2.54.0