1. Patchew
  2. linux
  3. View series

[PATCH v4 0/5] KVM: x86: Virtualize AMD's "disable CPUID in usermode"

Jim Mattson posted 5 patches 1 week, 4 days ago 
arch/x86/include/asm/kvm_host.h               |  1 -
arch/x86/include/asm/msr-index.h              |  1 +
arch/x86/kvm/cpuid.c                          |  7 ++--
arch/x86/kvm/cpuid.h                          | 14 ++++---
arch/x86/kvm/emulate.c                        |  6 +--
arch/x86/kvm/kvm_emulate.h                    |  1 +
arch/x86/kvm/vmx/nested.c                     |  2 +
arch/x86/kvm/x86.c                            | 39 ++++++++++---------
.../selftests/kvm/include/x86/processor.h     |  1 +
.../testing/selftests/kvm/x86/hwcr_msr_test.c |  9 ++++-
10 files changed, 46 insertions(+), 35 deletions(-)
[PATCH v4 0/5] KVM: x86: Virtualize AMD's "disable CPUID in usermode"
Posted by Jim Mattson 1 week, 4 days ago 
AMD's "disable CPUID in usermode" feature is analogous to Intel's "CPUID
faulting" feature, but it is advertised and activated differently.  The AMD
feature is advertised via CPUID.80000021H:EAX.CpuidUserDis[bit 17] and
activated by setting HWCR.CpuidUserDis[bit 35].

Add virtualization support for the AMD feature.

v3 -> v4:
 * Fix typo in commit message for patch 1 [Binbin]
 * Fix #GP/CPUID VM-exit precedence in nested VMX [Sashiko]
 * Add EXPORT_STATIC_CALL_GPL(kvm_x86_get_cpl)

v1: https://lore.kernel.org/kvm/20260402223108.650572-1-jmattson@google.com/
v2: https://lore.kernel.org/kvm/20260508170714.489136-1-jmattson@google.com/
v3: https://lore.kernel.org/kvm/20260513224608.1859737-1-jmattson@google.com/

Jim Mattson (4):
  KVM: x86: Prioritize CPUID faulting over CPUID VM-exits in nested VMX
  KVM: x86: Remove supports_cpuid_fault() helper
  KVM: x86: Virtualize AMD CPUID faulting
  KVM: selftests: Update hwcr_msr_test for CPUID faulting bit

Sean Christopherson (1):
  KVM: x86: Consolidate CPUID fault handling for emulator and
    interception logic

 arch/x86/include/asm/kvm_host.h               |  1 -
 arch/x86/include/asm/msr-index.h              |  1 +
 arch/x86/kvm/cpuid.c                          |  7 ++--
 arch/x86/kvm/cpuid.h                          | 14 ++++---
 arch/x86/kvm/emulate.c                        |  6 +--
 arch/x86/kvm/kvm_emulate.h                    |  1 +
 arch/x86/kvm/vmx/nested.c                     |  2 +
 arch/x86/kvm/x86.c                            | 39 ++++++++++---------
 .../selftests/kvm/include/x86/processor.h     |  1 +
 .../testing/selftests/kvm/x86/hwcr_msr_test.c |  9 ++++-
 10 files changed, 46 insertions(+), 35 deletions(-)

-- 
2.54.0.794.g4f17f83d09-goog
Re: [PATCH v4 0/5] KVM: x86: Virtualize AMD's "disable CPUID in usermode"
Posted by Sean Christopherson 1 week, 2 days ago 
On Wed, 27 May 2026 10:43:42 -0700, Jim Mattson wrote:
> AMD's "disable CPUID in usermode" feature is analogous to Intel's "CPUID
> faulting" feature, but it is advertised and activated differently.  The AMD
> feature is advertised via CPUID.80000021H:EAX.CpuidUserDis[bit 17] and
> activated by setting HWCR.CpuidUserDis[bit 35].
> 
> Add virtualization support for the AMD feature.
> 
> [...]

Applied to kvm-x86 misc, thanks!

[1/5] KVM: x86: Consolidate CPUID fault handling for emulator and interception logic
      https://github.com/kvm-x86/linux/commit/cf7d65d1d6f5
[2/5] KVM: x86: Prioritize CPUID faulting over CPUID VM-exits in nested VMX
      https://github.com/kvm-x86/linux/commit/be7fd7c3e8bc
[3/5] KVM: x86: Remove supports_cpuid_fault() helper
      https://github.com/kvm-x86/linux/commit/d1bc99885a59
[4/5] KVM: x86: Virtualize AMD CPUID faulting
      https://github.com/kvm-x86/linux/commit/e93a93f11490
[5/5] KVM: selftests: Update hwcr_msr_test for CPUID faulting bit
      https://github.com/kvm-x86/linux/commit/b16c2aca369d

--
https://github.com/kvm-x86/linux/tree/next
Re: [PATCH v4 0/5] KVM: x86: Virtualize AMD's "disable CPUID in usermode"
Posted by Jim Mattson 2 days, 1 hour ago 
On Fri, May 29, 2026 at 3:47 PM Sean Christopherson <seanjc@google.com> wrote:
>
> On Wed, 27 May 2026 10:43:42 -0700, Jim Mattson wrote:
> > AMD's "disable CPUID in usermode" feature is analogous to Intel's "CPUID
> > faulting" feature, but it is advertised and activated differently.  The AMD
> > feature is advertised via CPUID.80000021H:EAX.CpuidUserDis[bit 17] and
> > activated by setting HWCR.CpuidUserDis[bit 35].
> >
> > Add virtualization support for the AMD feature.
> >
> > [...]
>
> Applied to kvm-x86 misc, thanks!

Oops! You haven't sent a pull request for this series yet, have you?

Our internal Sashiko asks:

> In kvm_set_msr_common(), the MSR_PLATFORM_INFO handler uses cpuid_fault_enabled() to prevent the host from clearing MSR_PLATFORM_INFO_CPUID_FAULT while CPUID faulting is enabled:
>
>    case MSR_PLATFORM_INFO:
>         if (!msr_info->host_initiated ||
>             (!(data & MSR_PLATFORM_INFO_CPUID_FAULT) &&
>              cpuid_fault_enabled(vcpu)))
>             return 1;
>
> If a VMM restores MSR_K7_HWCR before MSR_PLATFORM_INFO during live migration, and the guest had enabled AMD CPUID faulting, won't the write to MSR_PLATFORM_INFO fail if it doesn't have MSR_PLATFORM_INFO_CPUID_FAULT set?

Sadly, I think it's right. Even on AMD systems, MSR_PLATFORM_INFO is
enumerated by KVM_GET_MSR_INDEX_LIST. It does come before MSR_K7_HWCR
in that list, but userspace is free to restore the virtual MSRs in any
order. For any sane AMD-hosted vCPU, MSR_PLATFORM_INFO will be zero.
Re: [PATCH v4 0/5] KVM: x86: Virtualize AMD's "disable CPUID in usermode"
Posted by Jim Mattson 2 days ago 
On Sat, Jun 6, 2026 at 8:12 AM Jim Mattson <jmattson@google.com> wrote:
>
> On Fri, May 29, 2026 at 3:47 PM Sean Christopherson <seanjc@google.com> wrote:
> >
> > On Wed, 27 May 2026 10:43:42 -0700, Jim Mattson wrote:
> > > AMD's "disable CPUID in usermode" feature is analogous to Intel's "CPUID
> > > faulting" feature, but it is advertised and activated differently.  The AMD
> > > feature is advertised via CPUID.80000021H:EAX.CpuidUserDis[bit 17] and
> > > activated by setting HWCR.CpuidUserDis[bit 35].
> > >
> > > Add virtualization support for the AMD feature.
> > >
> > > [...]
> >
> > Applied to kvm-x86 misc, thanks!
>
> Oops! You haven't sent a pull request for this series yet, have you?
>
> Our internal Sashiko asks:
>
> > In kvm_set_msr_common(), the MSR_PLATFORM_INFO handler uses cpuid_fault_enabled() to prevent the host from clearing MSR_PLATFORM_INFO_CPUID_FAULT while CPUID faulting is enabled:
> >
> >    case MSR_PLATFORM_INFO:
> >         if (!msr_info->host_initiated ||
> >             (!(data & MSR_PLATFORM_INFO_CPUID_FAULT) &&
> >              cpuid_fault_enabled(vcpu)))
> >             return 1;
> >
> > If a VMM restores MSR_K7_HWCR before MSR_PLATFORM_INFO during live migration, and the guest had enabled AMD CPUID faulting, won't the write to MSR_PLATFORM_INFO fail if it doesn't have MSR_PLATFORM_INFO_CPUID_FAULT set?
>
> Sadly, I think it's right. Even on AMD systems, MSR_PLATFORM_INFO is
> enumerated by KVM_GET_MSR_INDEX_LIST. It does come before MSR_K7_HWCR
> in that list, but userspace is free to restore the virtual MSRs in any
> order. For any sane AMD-hosted vCPU, MSR_PLATFORM_INFO will be zero.

Never mind. This Sashiko observation was on a backport to a branch
that doesn't have commit 1ded7a57b805 ("KVM: x86: Remove ordering
check b/w MSR_PLATFORM_INFO and MISC_FEATURES_ENABLES"). Everything is
fine at tip.

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.