From nobody Mon Jun  8 09:48:36 2026
Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com
 [209.85.215.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id B94AE391E54
	for <linux-kernel@vger.kernel.org>; Wed,  3 Jun 2026 23:07:21 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.215.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780528043; cv=none;
 b=pX1xda8w6sI6YSvkLcQTqNVMZpmiNsSHiRNNKd9Q5/i7RDpIYiz0tysM8h8WCcytaOJk53z82zcP2mAYJcElTX+tIgiJAd5un5SjccjkgC2vL0fqVkoVYMXvi0xKEXQI6j1PWyWX2bngQXYGmnr2wPSVusjHayYqRQkp/L/dmww=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780528043; c=relaxed/simple;
	bh=pLvvPeDwAgyJdeFGiyMwllcwEqjKmtrj8SdTUoCOFSU=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=tCyyKSEDEcD3fWZytkDgVX72rPSx4CQscRfIJX8SLJniJYSM6AzdI+Z13zU6mwY566XXaVW1JlHPcWREfXwX5XOtUjSUABQyhYPt5b0vTUG8CEXU//nOEauPdAvqr+1Y+P6rHnygi7+H+IszgBiEbn6li7PWcaOtmDOLRRvJFgg=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=bewaiFQ8; arc=none smtp.client-ip=209.85.215.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="bewaiFQ8"
Received: by mail-pg1-f202.google.com with SMTP id
 41be03b00d2f7-c85a366b61fso42269a12.3
        for <linux-kernel@vger.kernel.org>;
 Wed, 03 Jun 2026 16:07:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1780528041; x=1781132841;
 darn=vger.kernel.org;
        h=content-transfer-encoding:cc:to:from:subject:message-id:references
         :mime-version:in-reply-to:date:reply-to:from:to:cc:subject:date
         :message-id:reply-to;
        bh=WMkZhGG+frwnxufTYUp82wrNMIQvEvIuJF33kB+uepc=;
        b=bewaiFQ834jOzuGvuyWtESVY5F1nJlKg6sfOK0Q0ZOIP9M9IcNY0xPqNqurVNRGdug
         MIJLM5nd9bmixBsjQbGsy1UPcsXlFt85UTB8Ql29HvRsdlFdmSeMYw3hrmPhTlY2vdPg
         87qlxbx5kYr+yQVBfI2ZC5DcZIfynaK/yDog9JZsMVPkmaUNxv8agHbjWKhVhPvmR3+L
         VxzwNVxTmubIZfz2qBypxz4uvPTUDqXmrXEnYhT9Tmtsr1xF8VQLwHkBvg0I9mJNxh9i
         sBN4s6KRR3ZpYlYXPUGUT06rSdla2Et8p0Rm3NvW9+/xbfCXRR9aUT4YmGBIcBoxrM9V
         d0lg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1780528041; x=1781132841;
        h=content-transfer-encoding:cc:to:from:subject:message-id:references
         :mime-version:in-reply-to:date:reply-to:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=WMkZhGG+frwnxufTYUp82wrNMIQvEvIuJF33kB+uepc=;
        b=Ty1Tac38okz6Oqb+ejW9bggZeVrkMMcHXQH52PpsdUS+/pk7ndhXOr2eRkNiOxB64d
         j0/9a4Y26/J3oVWXzMmR1v5LYtiVhwowOmvIs2Bw2CBMMUcZsKT963fHrDrIdp26aV8i
         4V68PoMcXOUi6Tz7cX/kGs4Hki5BuxYXajsrmgRCV9BuCh8vmCCTBuPoeLMthXijTD3O
         n2iH+NmQUoaLL68qWxxUCcTfdUTn4nvyHwx5TozMIfy7RiptdhApGvt/mgmU9Mo2lLcp
         yz0GsPpHM50jOr9HJcR9XkF0oJUSyCe8JkzJzgXVj/ookKPbzQXKJMev/VDDEzUh1GuC
         O/9Q==
X-Forwarded-Encrypted: i=1;
 AFNElJ8l5gMrE0Db+RQVepJYVkaPy9pIolvek51w/vN+aT4JZdWEMYcQdXg5tWsa+ULQQJJ8VbdKfbw9pOXvpkA=@vger.kernel.org
X-Gm-Message-State: AOJu0Yzpo4Hf6nJFWyDcuXG+EQ3PbwJhHx3IJfnCJ8jafk0McyiFcc8C
	4xc0vupdsyCQOgod0PnI2KFLM2+96CWeg9Bspw1o/WguUYsvOvkNIuhNhi+ddPRIcuHAJUPPZ+v
	FlaI++w==
X-Received: from pgv31.prod.google.com ([2002:a63:155f:0:b0:c82:72ae:396b])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6a20:c783:b0:3b4:72bc:5b86
 with SMTP id adf61e73a8af0-3b4977e30c7mr5496339637.16.1780528040789; Wed, 03
 Jun 2026 16:07:20 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Wed,  3 Jun 2026 16:07:13 -0700
In-Reply-To: <20260603230718.1733483-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260603230718.1733483-1-seanjc@google.com>
X-Mailer: git-send-email 2.54.0.1032.g2f8565e1d1-goog
Message-ID: <20260603230718.1733483-2-seanjc@google.com>
Subject: [PATCH v2 1/6] KVM: x86: Treat any non-zero return from set_dr() as a
 faulting condition
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	"=?UTF-8?q?Carlos=20L=C3=B3pez?=" <clopez@suse.de>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Carlos L=C3=B3pez <clopez@suse.de>

When emulating a MOV to a debug register, em_dr_write() calls
@ctxt->ops->set_dr(), which is forwarded to emulator_set_dr() and
then kvm_set_dr(). The latter checks that the written value is valid,
otherwise returning an error, in which case the emulator is supposed to
inject a #GP fault into the guest.

Commit 996ff5429e98 ("KVM: x86: move kvm_inject_gp up from kvm_set_dr
to callers") changed the contract of kvm_set_dr() (and thus
emulator_set_dr()), returning 1 as an error instead of -1, but the
caller in em_dr_write() was never updated, checking only if the returned
value is negative. The end result is that em_dr_write() does not detect
the error, so an invalid write does not generate a #GP, but at the same
time the register value is not updated.

The practical impact is limited, as check_dr_write() already checks DR6
and DR7 manually. However, it misses DR4/DR5, which alias DR6/DR7 when
CR4.DE=3D0.

Fix the bug by treating any non-zero return from set_dr() as a reason to
inject #GP.

Note, the manual checks on DR6 and DR7 are flawed, as they incorrectly
prioritize the #GP over a DR7.GD=3D1 #DB (the General Detect #DB has
priority on both Intel and AMD).

Note #2, relying on ->set_dr() to detect #GP is also flawed as all
exceptions have higher priority than the instruction intercept on SVM,
i.e. the manual checks need to be extended to DR4 and DR5 (after the
priority bug is fixed).

Fixes: 996ff5429e98 ("KVM: x86: move kvm_inject_gp up from kvm_set_dr to ca=
llers")
Signed-off-by: Carlos L=C3=B3pez <clopez@suse.de>
Link: https://patch.msgid.link/20260601133320.91479-2-clopez@suse.de
[sean: drop explicit "!=3D 0", massage changelog]
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/emulate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index b566ab5c7515..75cd8b6136aa 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -3299,7 +3299,7 @@ static int em_dr_write(struct x86_emulate_ctxt *ctxt)
 		val =3D ctxt->src.val & ~0U;
=20
 	/* #UD condition is already handled. */
-	if (ctxt->ops->set_dr(ctxt, ctxt->modrm_reg, val) < 0)
+	if (ctxt->ops->set_dr(ctxt, ctxt->modrm_reg, val))
 		return emulate_gp(ctxt, 0);
=20
 	/* Disable writeback. */
--=20
2.54.0.1032.g2f8565e1d1-goog
From nobody Mon Jun  8 09:48:36 2026
Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com
 [209.85.210.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id DD6274DC53F
	for <linux-kernel@vger.kernel.org>; Wed,  3 Jun 2026 23:07:22 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.210.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780528044; cv=none;
 b=Ji4JELnbr8Rn0YB6bZWYlj3mxHDA/VTaF1GcdW3q1HmYs7fe8Gku17i3FWBf7BD9JlQmSEtfjznUqgfUcKQsnZPtqFUFYs0xqbON+b2/9n8jyT5b85xNllJoDGFngMCYIYYCq13IMeRRpZLdyMNbJYrG5ix2BwaLeQxXHy0TyrY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780528044; c=relaxed/simple;
	bh=PZ7XjrbH9m8+YOmUKJ0OBFcX3Uz+SJLiZmTymmSfvX4=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=uq+DKWvI0MzWOU/yGgQhmOAR2nFz5I28KBp2+zkNILUDA8k8xd8bps/80pDSC+DZWslWGQWeG9k9BqJjDOO9FdoSeBHYhc3Anp3XVC20omt6MafEkIQ59zBVDEit8pVA/Kwldk7rrLvypsjEnQQBvZTjHnRRswy9AKwEhiK4AMA=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=tIp4wPRk; arc=none smtp.client-ip=209.85.210.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="tIp4wPRk"
Received: by mail-pf1-f202.google.com with SMTP id
 d2e1a72fcca58-8421ffff8a3so91023b3a.2
        for <linux-kernel@vger.kernel.org>;
 Wed, 03 Jun 2026 16:07:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1780528042; x=1781132842;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=WIw0X6vfjDVj5H1oM8jPHBHflGwYlG/paQQ4qHvt6so=;
        b=tIp4wPRkn+nh62PbRLjkM+leBwv2cardu1mLN3BRwbEb3IZcYhm6D0LU2nRUY71FKW
         CpGjti6cilt1naj3s4BKFSIyyFvZ5notyqkZDOXdm4mcxe+ehPWYV7UwT4YUfC0J7SQt
         JmNzZKi1MLeNY2zAHx0fIdF2XWWGMk22q2vHWmM4pCGLc2t1+RdLLBfBnks41U5E6Xg/
         VqQDAp/emGiSjpmGlSQe2vB4Ldlcx+xlt3u1XBncaHJHA23Em+NKCmfmTJGF/IH1XGg/
         4FKt/RLgVTSTCg3uoGSn667wB/xrs7wCApR2H8Zh1scCj1xsnGVUXLV/drvzWGHVSiMR
         sJtA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1780528042; x=1781132842;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=WIw0X6vfjDVj5H1oM8jPHBHflGwYlG/paQQ4qHvt6so=;
        b=oIzfAzuOJpgdG2OF51d2u4SQJqg0PaLtaXHaLoZqcB7WFBe0cFlhdmgg0WkkrPtaos
         EMBU/zDmwyWOD+Ni+++1hdrCDBNEu0OtgrGBUhyR53mVzKyuezC6U4AviNj8zZNS+WVp
         nss6v2GTU/KGyjYc8br/7gPTOaaegD1rwkUqdYx52EbpMQXlL8t4Kxbu34APB7nCOktz
         Uh5PBqXSP3cV6cNZn3MqfqIKQTnsAQ+63a03ol+DI7DmJ4w9fv1H89Gq1h2z0NdIwQtm
         KAZ9Wn5MqUAfaaOAJ9pSXIhvM25llwW9e+HI3fEij14GViFnHnxsdqY0qG1wBuftCcsY
         JmWg==
X-Forwarded-Encrypted: i=1;
 AFNElJ/sbNrHufI6br4fMUgYhdRw/3VRFBlR9ZEwXesD0Ips9x9orNP2I74iqXiZLGV7FiXrRwRDyq2vUCzA0Sc=@vger.kernel.org
X-Gm-Message-State: AOJu0YwsgOofpZBxHVd/AN7Ov6P4BrjteyI6Tk9F3uyVHkBTIxoOPk3h
	eoidPRfGER54r3ER+KdMWxAIAz6XSS1XwPodCQB68LkTdwk/Ox2GaojReHvYKcKr9k7aMD3ZrgE
	KGyshWQ==
X-Received: from pfbic3.prod.google.com
 ([2002:a05:6a00:8a03:b0:842:55c7:d8dc])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6a00:a257:b0:842:4fdd:502e
 with SMTP id d2e1a72fcca58-84284f2ab82mr5207659b3a.48.1780528041992; Wed, 03
 Jun 2026 16:07:21 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Wed,  3 Jun 2026 16:07:14 -0700
In-Reply-To: <20260603230718.1733483-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260603230718.1733483-1-seanjc@google.com>
X-Mailer: git-send-email 2.54.0.1032.g2f8565e1d1-goog
Message-ID: <20260603230718.1733483-3-seanjc@google.com>
Subject: [PATCH v2 2/6] KVM: x86: Prioritize DR7.GD #DB over #GP due to
 illegal DR6/7 value
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	"=?UTF-8?q?Carlos=20L=C3=B3pez?=" <clopez@suse.de>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

When emulating a MOV DR, specifically a write to DR6 or DR7, treat a #DB
due to DR7.GD (General Detect) as higher priority than a #GP due to an
illegal value.  While neither Intel's SDM nor AMD's APM says anything
about the relative priority, empirical testing on Intel and AMD shows that
the #DB has higher priority.  And for VMX, where the instruction intercept
has priority over *all* exceptions, KVM already treats the #DB as having
higher priority.

Fixes: 3b88e41a4134 ("KVM: SVM: Add intercept check for accessing dr regist=
ers")
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/emulate.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index 75cd8b6136aa..4484c5fa19e3 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -3854,11 +3854,16 @@ static int check_dr_write(struct x86_emulate_ctxt *=
ctxt)
 {
 	u64 new_val =3D ctxt->src.val64;
 	int dr =3D ctxt->modrm_reg;
+	int rc;
+
+	rc =3D check_dr_read(ctxt);
+	if (rc !=3D X86EMUL_CONTINUE)
+		return rc;
=20
 	if ((dr =3D=3D 6 || dr =3D=3D 7) && (new_val & 0xffffffff00000000ULL))
 		return emulate_gp(ctxt, 0);
=20
-	return check_dr_read(ctxt);
+	return X86EMUL_CONTINUE;
 }
=20
 static int check_svme(struct x86_emulate_ctxt *ctxt)
--=20
2.54.0.1032.g2f8565e1d1-goog
From nobody Mon Jun  8 09:48:36 2026
Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com
 [209.85.214.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6781D4DC527
	for <linux-kernel@vger.kernel.org>; Wed,  3 Jun 2026 23:07:23 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.214.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780528045; cv=none;
 b=i9Pibl0bH28fopLsQF9aVYXd262N/RvIiUbz9SY8oFi6bkmn6ZLUXOJiIyMFnWcw/J4snJX200brMql2rOGOhUVg+ZA7Ev74DyGz8whTIQcqw7e4G1Na/kcuP3C8toCDdG1dqGflHnIPs8HJcODyx2AYhFvsVEOCchWbzLHTMw4=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780528045; c=relaxed/simple;
	bh=zvLZFUC8kt5SYBz7pPfHBF6oXjTl1YD9FgGc8bCW94g=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=Jvdl4mIrxalRZntW5EsH99cb30WH6gSlp7EXqP0j/vfpbz/oyW/+Tr9iYd2tlwevMQZjigDbDSFD8Pal/p93vy/89BvXCIO+O7j3iDjkXEkhKEMb2/TlCFiijM/UtanVC8LP+SFUQyvMZgcYloPgKoGrPTa6ozayTqZ4EvsG4cQ=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=TuksNok4; arc=none smtp.client-ip=209.85.214.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="TuksNok4"
Received: by mail-pl1-f201.google.com with SMTP id
 d9443c01a7336-2bf1845bddfso978625ad.1
        for <linux-kernel@vger.kernel.org>;
 Wed, 03 Jun 2026 16:07:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1780528043; x=1781132843;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=J9jXkbLbsiQYLu/uZAeAeFQEm+TiK4gDJq2dRu+/ibQ=;
        b=TuksNok4JVdeY3MpGUb4579U+Brv5hK/Ue0M+wQBQefDQJSGxV4k4ztYSxru2Qf0Qd
         fN7tbdRd3YpTTCtUzllkLt2qDO7dQ/9AMfknAdAdyAdBhw1pmKwQA5XXBWRFgivkUo9y
         uWx6EzBvsF8fZ6QWlpvYfn+OFJ/uMmxuWfquitKaKm0OisaAMYeYTeY8fLPcyW7td6+f
         QSBMKwEl/G5a2qGske4xBaWDcS1lWk/9e3n+INv8/tmtqaB6N3uy0H1eOkzg0pPG09ZP
         J/W2hsr2x9MrgewRbBhdImD52USdE0lJXwMZuYIhyG1zwGSGCNFb2CYP6CztdY//6nn3
         Iciw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1780528043; x=1781132843;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=J9jXkbLbsiQYLu/uZAeAeFQEm+TiK4gDJq2dRu+/ibQ=;
        b=cOSzkFyHp1ppB/iJ5nqqWEE+1u6S86qRqqrDMKsvcnE6/U0JWpqgPXv6k8Ilru31BB
         EUebvQMA2DW21idYvCJXjDfsd4Ego9X2k8/qnh4cU2YdMsUF7VxslSpsnXo+wgzmI3zD
         H2kjWof9xivCGLhrW/ERzVtDroXzwk5lTutOqqgoVUaD34o08+IMFxAhR+b74axbWxRz
         wPQMxiwX8eTq8L1SSDBNWi5vbHz2gGVZjCzbXbEYO2Udou079iXXqZywj0kWyPd1b4cg
         ey3CRXrspMYX47jk/5eJLL2LraaBCovI6VG4BoqTFnK7QmCDRNBTa3u1cmU4LPrP+ndG
         znGw==
X-Forwarded-Encrypted: i=1;
 AFNElJ8OvFooe2VAz6tbElaJj3SNcVgNo/jUBRtqapFMh/0CY9Ix9IWR308FSEuSdUhEcbzZ0etzwg0Pji6EQHA=@vger.kernel.org
X-Gm-Message-State: AOJu0YyvD0y3/WOBMP7LcnzyIRL9KfrFq55bAJjx8NDDGd5PybWQlMWt
	qOmm37bPOpSQu9a6GVIkPOukEUhMBG04UQ8TudebG3FG6rm2jP3ADW1k3NGoan9YkHIgVmaER2H
	tNs6/ZQ==
X-Received: from plble15.prod.google.com
 ([2002:a17:902:fb0f:b0:2ba:39b8:446f])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:903:234c:b0:2bc:eea4:83c3
 with SMTP id d9443c01a7336-2c163fa4889mr55162265ad.25.1780528043207; Wed, 03
 Jun 2026 16:07:23 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Wed,  3 Jun 2026 16:07:15 -0700
In-Reply-To: <20260603230718.1733483-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260603230718.1733483-1-seanjc@google.com>
X-Mailer: git-send-email 2.54.0.1032.g2f8565e1d1-goog
Message-ID: <20260603230718.1733483-4-seanjc@google.com>
Subject: [PATCH v2 3/6] KVM: x86: Manually check DR4/5 write values to fix SVM
 intercept priority
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	"=?UTF-8?q?Carlos=20L=C3=B3pez?=" <clopez@suse.de>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Manually (pre)check the values being written to DR4/5, i.e. the DR6/DR7
aliases, instead of relying on ->set_dr() =3D> kvm_set_dr() to signal a #GP.
SVM unfortunately prioritizes all exceptions over an instruction intercept,
i.e. nSVM is relying on the emulator to perform *all* exception checks
prior to attempting to execute the instruction.

Fixes: 3b88e41a4134 ("KVM: SVM: Add intercept check for accessing dr regist=
ers")
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/emulate.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index 4484c5fa19e3..a1bccab0eefe 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -3853,15 +3853,23 @@ static int check_dr_read(struct x86_emulate_ctxt *c=
txt)
 static int check_dr_write(struct x86_emulate_ctxt *ctxt)
 {
 	u64 new_val =3D ctxt->src.val64;
-	int dr =3D ctxt->modrm_reg;
 	int rc;
=20
 	rc =3D check_dr_read(ctxt);
 	if (rc !=3D X86EMUL_CONTINUE)
 		return rc;
=20
-	if ((dr =3D=3D 6 || dr =3D=3D 7) && (new_val & 0xffffffff00000000ULL))
-		return emulate_gp(ctxt, 0);
+	switch (ctxt->modrm_reg) {
+	case 4:
+	case 5:
+	case 6:
+	case 7:
+		if (new_val & 0xffffffff00000000ULL)
+			return emulate_gp(ctxt, 0);
+		break;
+	default:
+		break;
+	}
=20
 	return X86EMUL_CONTINUE;
 }
--=20
2.54.0.1032.g2f8565e1d1-goog
From nobody Mon Jun  8 09:48:36 2026
Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com
 [209.85.210.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 28D154DD6C8
	for <linux-kernel@vger.kernel.org>; Wed,  3 Jun 2026 23:07:25 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.210.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780528049; cv=none;
 b=vBJrC00cG84dI1RHBqD14nCNOfiur4Fwa9CC56SzfRz43w7bVrYa+y0igsfxc8wB+YqEmblBEOnBeAf2mYUUX1FEcjqJ4hwY8vSqRaWVPfSTCUGISMe9XzHRRrj+oYfCr3XphC+Dgkbms75fgUCzqEgvxAGphEqefKr+je3NBaA=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780528049; c=relaxed/simple;
	bh=bHzLLdTCb+VxVJ3+VJQO4wCCyjKFKuVLfk1jhmZ+WeY=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=FBhR7EzjmI5B2fjVVgET4JmnJ1cHkJh4rLH6CMxe/oo0BxP7LI01s0OWxQz8kPMj+oVk880FIeCH74sGTfmvmmtFyUWwdjeoSFLehFyXGia7NbCU1fR/oXARVwVzOxAwkdP/iglaXPGMRuHOhDO7iH9hkTEfrXdSC3qlc0TBV94=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=F1fkQDwv; arc=none smtp.client-ip=209.85.210.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="F1fkQDwv"
Received: by mail-pf1-f202.google.com with SMTP id
 d2e1a72fcca58-84233efcaadso51531b3a.1
        for <linux-kernel@vger.kernel.org>;
 Wed, 03 Jun 2026 16:07:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1780528044; x=1781132844;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=ezUSvHHU0F8Pd5Mai5Tb6QADKDnvgIyBgfFvIrwmlEA=;
        b=F1fkQDwvgni1nRcXY01pgS5FW2pKlXNgkoqvsBQXGjYeWSXNp9eiMYK6XBErzuCdFg
         9ROcn7+SYnRln01LMMaIHWLyuYjPUc0IbnlZkH5Ar8vl2ojhb7gnkiP9HMJdgT53R7IH
         NeZYf99w5IdYPENReokxvI6f/LuxD6DDlMz2KN0ZtzdRKICPzONBNyhxGCiKTGmEqjoo
         qGLeKlCL/YdwZo93gp1sDs4pYeNZl1spBhEulI+vL0WqwXePuMlQB8zsP7JyXkg1XuLT
         GiN+DRMWkgwUHM+ofILkm0ZLLVjv/4xfQzyejBTY2q/LMvSrZgtlkpj6Km0UiLHSS2UP
         nIUA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1780528044; x=1781132844;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=ezUSvHHU0F8Pd5Mai5Tb6QADKDnvgIyBgfFvIrwmlEA=;
        b=V/Jrul1QD6xZ+hXoupVKi0aMeIhKhT+ZIQgtbv/qgOWZa43OhAtcpBvmnDZbVmr2/v
         SuiCpCu4mhFQSjImekUkzIIyaubZd7PM2xDoZ9ohB7ABh2P3f+ZhBrRJ7OTwNkp/Y2Lv
         2Hi4qwDcbXvviL9u7QVRg6h2fcHBwuu8KNuVHeAamSpXAqKM20mO2Frb18WmJXCu8JSs
         NA5ef2fdu08DM+P8CHaJGjCLYqC94quimZon/B+LPvYnJxnLczNzo+aKEDZItYT4w+nm
         oMlfOzS5GGkAOUPDS/d799v1FdytaHPR5UjyjiSznHDbeO9aq4svo50o/yc3PUZsZ8Nb
         /l1A==
X-Forwarded-Encrypted: i=1;
 AFNElJ+cxwrAR5ufD0uid82jSTaE9jmwm2+0LI4MUDxFrmWukHA6zbp4yiRHzFHwRoKNw92SUfQpWJ4Tt5ltURc=@vger.kernel.org
X-Gm-Message-State: AOJu0Yz3NZ44LZ9Ms+HNL4kuMLoOR8kCjjcEfq9buysHL3USvlRHdxt+
	nRz90Iw1JwaZOb7YA4bYnbbd7Y4T+2MrFoeU3ly0XJ7cgmwR/llU2bxvtwNM7UirA3ODwZ20IBP
	Pufs1NA==
X-Received: from pfble1.prod.google.com
 ([2002:a05:6a00:4fc1:b0:842:3fef:b24d])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6a00:338e:b0:842:6c02:2fa1
 with SMTP id d2e1a72fcca58-84284f34cc8mr5211256b3a.39.1780528044287; Wed, 03
 Jun 2026 16:07:24 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Wed,  3 Jun 2026 16:07:16 -0700
In-Reply-To: <20260603230718.1733483-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260603230718.1733483-1-seanjc@google.com>
X-Mailer: git-send-email 2.54.0.1032.g2f8565e1d1-goog
Message-ID: <20260603230718.1733483-5-seanjc@google.com>
Subject: [PATCH v2 4/6] KVM: x86: Use kvm_dr{6,7}_valid() to check DR{4,5,6,7}
 write values in emulator
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	"=?UTF-8?q?Carlos=20L=C3=B3pez?=" <clopez@suse.de>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Use kvm_dr{6,7}_valid() to validate the incoming DR{4,5,6,7} value in the
emulator instead of open coding an equivalent check.  In the unlikely event
that the behavior of DR6/7 (and their aliases) changes in the future, using
common helpers will hopefully make it less likely the emulator logic will
be overlooked.

No functional change intended.

Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/emulate.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index a1bccab0eefe..1df2dcfd8bef 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -3861,10 +3861,13 @@ static int check_dr_write(struct x86_emulate_ctxt *=
ctxt)
=20
 	switch (ctxt->modrm_reg) {
 	case 4:
-	case 5:
 	case 6:
+		if (!kvm_dr6_valid(new_val))
+			return emulate_gp(ctxt, 0);
+		break;
+	case 5:
 	case 7:
-		if (new_val & 0xffffffff00000000ULL)
+		if (!kvm_dr7_valid(new_val))
 			return emulate_gp(ctxt, 0);
 		break;
 	default:
--=20
2.54.0.1032.g2f8565e1d1-goog
From nobody Mon Jun  8 09:48:36 2026
Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com
 [209.85.210.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 77E4E37AA9A
	for <linux-kernel@vger.kernel.org>; Wed,  3 Jun 2026 23:07:26 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.210.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780528051; cv=none;
 b=T3ZKWq9EDqdp2wrZrmhGH4HL4R2Y7KeQmZBlLRFg04QyofargVVJn6cjwHFIUyUCMeWqrHlhpTaBHai+LxbUhR1nyhscfScDyCGeXBrIgLHFg6INAc7Vl8njdHH9mkefUsMQBMQ5hc3ICEDASSj1yeqHgSP5VsrzJSslXLGKIu4=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780528051; c=relaxed/simple;
	bh=vW6gSYA+oMIUIQfwRW1Y1GrCC7Xco5j6nUS8uh9xrCk=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=HsLS7sfTNVE/dSbX915ycTpiSTjYMkPasQmWdily8BMe5iEBmgfACVcyn4tt+uCswbZwuu/duQSaTPzTZok7e0ZfnUVmycYX14dh/v5cBluyRzKWUZ1fZ6zZGsW6GN+Ojs1ASHY1tJ+zizSmJ0BRAcGy5SaRksZWsBJQwCHSJRw=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=LPmh9cv8; arc=none smtp.client-ip=209.85.210.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="LPmh9cv8"
Received: by mail-pf1-f201.google.com with SMTP id
 d2e1a72fcca58-8422f987f2eso94052b3a.3
        for <linux-kernel@vger.kernel.org>;
 Wed, 03 Jun 2026 16:07:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1780528046; x=1781132846;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=HOX7z9JeCTK9tuG7QRy/Qa4sL7QBPJNUR6KV6hg+L9Q=;
        b=LPmh9cv8px6mo2aZ6mJ25rVaeJoYoTpWak+VVRaUXJlA8hVwPqZNhwlPvahkGmCXw9
         b96sDuTx5Bk12EYkoQDGyokDcWRg8W5WrkRtU92lp0S5CiJVuR15czoOEQtA1Lflwpbm
         cGE8/27yKJtZIrYlXHKJOk1MdDjBOq9ZyUUTRWuI5WLcmtpdwXF6KbJbtAFFOLUXpa28
         2iUaDiK2JhFhBVQBOHNCvJzv+RhUdM6+pQPmuu0TRrmV+KGLKXy00emw0sZpuHxXMIV2
         iMkpLej+TylEVzfw4crUJdjjE0co95DYUt43Wrs8CV7ilsFpP1uJo7MLZ4PRAcUkYbFY
         QeWw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1780528046; x=1781132846;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=HOX7z9JeCTK9tuG7QRy/Qa4sL7QBPJNUR6KV6hg+L9Q=;
        b=sqcxmiwFwmasHaOsJgWp+rYW2vhW7VOyi1z4K5Yu0JR7nnswDx/DrN/4hwY5pBBMdY
         VcJ0aQ58TNBhGJn7qxeWclxdtfkHIjcOVFhyi7Y0S2w8qXcLJSH7j38v7QTSvehZNOeV
         cwbpKcgRZto/MczE78cvzzbKA0seHx2U92gB4/0lTYhvz02Q4QiurHs9bhBMsi+x+vXO
         EHUvuOOjqNX2Dczlau6A4bGUGUIOcdSO7XEmCSgDwHLlAlmmmyRbnvUR6WR2ZzbXELdG
         Ec6S54rpEZnK17yQ8Kz6uloGUIwichOx4oC/N18xKujSi/P3RdwYM8x71IAIN+7R7zFo
         6Q9A==
X-Forwarded-Encrypted: i=1;
 AFNElJ+i8B2i9MfTfEtRuSjyhtbUnll5huYObmZkl9asndYql8OYH22UuT3ZuWTO5oWdO0x75LiZdhGVEry+B3c=@vger.kernel.org
X-Gm-Message-State: AOJu0YzI4UI+/C1xr1+uGFPZB3LHbL088s1RRhwdyylBVKClYmKwHtI2
	glDBNoBapcvb2CEqp+AmAwjOcT7+MNirklvo/667kXvm81aldowQxrIahGmunHVDmnBCEDX0WbL
	gBTZu7Q==
X-Received: from pfbky41.prod.google.com
 ([2002:a05:6a00:6f69:b0:842:2fb8:da49])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6a00:1151:b0:842:4982:81c
 with SMTP id d2e1a72fcca58-84284dc5d61mr5453584b3a.20.1780528045396; Wed, 03
 Jun 2026 16:07:25 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Wed,  3 Jun 2026 16:07:17 -0700
In-Reply-To: <20260603230718.1733483-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260603230718.1733483-1-seanjc@google.com>
X-Mailer: git-send-email 2.54.0.1032.g2f8565e1d1-goog
Message-ID: <20260603230718.1733483-6-seanjc@google.com>
Subject: [PATCH v2 5/6] KVM: x86: WARN if MOV DR emulation hits a "too late"
 #GP
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	"=?UTF-8?q?Carlos=20L=C3=B3pez?=" <clopez@suse.de>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

WARN if ->set_dr() =3D> kvm_set_dr() fails when emulating a MOV DR write,
as the emulator _must_ pre-check for #GPs in order to get the event
priority right when emulating MOV DR for L2 on SVM (all exceptions have
higher priority than the instruction intercept).

Opportunistically update the comment as the blurb about "#UD" being
checked is incomplete and misleading.

Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/emulate.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index 1df2dcfd8bef..9d345ad25ac0 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -3298,8 +3298,12 @@ static int em_dr_write(struct x86_emulate_ctxt *ctxt)
 	else
 		val =3D ctxt->src.val & ~0U;
=20
-	/* #UD condition is already handled. */
-	if (ctxt->ops->set_dr(ctxt, ctxt->modrm_reg, val))
+	/*
+	 * A #GP due to an illegal value should be impossible at this point, as
+	 * such #GPs have priority over MOV DR intercepts on SVM, i.e. KVM must
+	 * manually check the value *before* emulating the write.
+	 */
+	if (WARN_ON_ONCE(ctxt->ops->set_dr(ctxt, ctxt->modrm_reg, val)))
 		return emulate_gp(ctxt, 0);
=20
 	/* Disable writeback. */
--=20
2.54.0.1032.g2f8565e1d1-goog
From nobody Mon Jun  8 09:48:36 2026
Received: from mail-pg1-f201.google.com (mail-pg1-f201.google.com
 [209.85.215.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6DD974DC55B
	for <linux-kernel@vger.kernel.org>; Wed,  3 Jun 2026 23:07:27 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.215.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780528050; cv=none;
 b=fw5PwS/KNoNZENQ+djFmV+PiWsVfMEa1077iJV82VVkprP19zBq94I0icbbmEV2orIC113TcXFA7bauPJeKKIigaynqrfKnpyupKB24IY61h2OOi8mz/byPLNd1nvuYcQwsglzufcND05F2yQ4TrX7P7TY2vE1MVArU3T0mljGk=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780528050; c=relaxed/simple;
	bh=ijOJa1YRccXO777/NADb2uI8tRHYflIo1wWvnI4VMLY=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=nuDPy9pztwb/UpBNFIe0hhgIZNM/qmQ849talWoNp978mahWI/9hMEHT1Zo91umpHwIdk3LaK7udQdXKzUK/npHwIybJX0IlPABwWUqy6tZV7X3ovRKaadgjkWf+9r7TWXV4OG4BbVKNzIFkj4NDHj6M8SfNc6GLlHd2c/sL+Rs=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=QJXh2lJz; arc=none smtp.client-ip=209.85.215.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="QJXh2lJz"
Received: by mail-pg1-f201.google.com with SMTP id
 41be03b00d2f7-c85807671b1so48758a12.2
        for <linux-kernel@vger.kernel.org>;
 Wed, 03 Jun 2026 16:07:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1780528047; x=1781132847;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=Sg1wkBN1TKAiYwuao6GiE5gx1mbV1smbgcHOfPXa7ng=;
        b=QJXh2lJzhM6w2z9RyymAhZujjgq8+55Qwd2fCYMdlJjuGrjDXFEQ7InUKbqQOya3kH
         OlwCWHKEJgy1CNZEpqRO8UCMCLuLzyuf4sloohZ8fWOFxZocXQkoaS5MgGXzPZixt4M0
         C8Dd4bm9mru71IvM3LXpnwZoa6beXwqZFSDrvZSopws8f2yDnbmorI1bFGV5b1OUhyVm
         YdGKUoN1jbdzd78hr5XwQCl0LFyC98STjh1OA+Gdo044t0hNQXpvfqqQtbn0misjv5Nf
         PvvT47jLqGkhCbqdU3sACM70RCbo7V4TwH0/cORoASE7A73vsnImbIO2axruoTJD4kU7
         jxrQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1780528047; x=1781132847;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Sg1wkBN1TKAiYwuao6GiE5gx1mbV1smbgcHOfPXa7ng=;
        b=C7oxW4g07cQKpBfqGez85FxAus+AAgQNNyH7xgbHCOUB1hxIH7rkMQDHUmtmTfEJQ/
         ilG5i+5uut2xxTNfoFhI0AvwNwrndLJ8ebmugqAbynLh9Y/p3OsU4uIbyIjk9ftZeG/S
         YhknrOOougsF6NhDlTO6/6Rh8SMTWpGubnFEFOloCOqfCONQWc+evqZcfxPeKDt2Numy
         wN0MMn8DMiUloWHwblgABLUJUJEzxjysyLcaa6GKi45KzTM5KA/mrKIvVbBJ7drulVJ5
         6PI6PJqQxm8szliMVziHP8ZynfGraNJlFPX9LCC0u04f7K+KgsmjcQpGlJmjOcL/mmxb
         avSw==
X-Forwarded-Encrypted: i=1;
 AFNElJ9SdeGhIcde1VBH2RZOtZx505eyEKQAw9GFfEmdNfHgaQCU0/W2hIYrAWwDQ3tknjj5akt8yqO3oZmOWDA=@vger.kernel.org
X-Gm-Message-State: AOJu0Yx4fvw4FR1aNikbK3AMaWk0ECjM2kDsjI2/CCMtqgOvwY5oUV85
	n5ewRJ1jGTFRTP9KZLx3/YbpMX4xGLPvnJAnV8EY2iLmFQFke0+Mk9mkGPjkNljYMSr9WRKJVGB
	8yRzngQ==
X-Received: from pggh22.prod.google.com ([2002:a63:c016:0:b0:c80:26d4:20ea])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6a21:a95:b0:3b4:904f:c9cd
 with SMTP id adf61e73a8af0-3b4976a6b12mr5867976637.6.1780528046564; Wed, 03
 Jun 2026 16:07:26 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Wed,  3 Jun 2026 16:07:18 -0700
In-Reply-To: <20260603230718.1733483-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260603230718.1733483-1-seanjc@google.com>
X-Mailer: git-send-email 2.54.0.1032.g2f8565e1d1-goog
Message-ID: <20260603230718.1733483-7-seanjc@google.com>
Subject: [PATCH v2 6/6] KVM: x86: Read CR4.DE in emulator if and only if
 accessing DR4 or DR5
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	"=?UTF-8?q?Carlos=20L=C3=B3pez?=" <clopez@suse.de>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Micro-optimize emulation of MOV DR instructions by checking CR4.DE if and
only if DR4 or DR5 is being accessed.

No functional change intended.

Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/emulate.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index 9d345ad25ac0..37f3cee4358b 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -3839,13 +3839,11 @@ static int check_cr_access(struct x86_emulate_ctxt =
*ctxt)
 static int check_dr_read(struct x86_emulate_ctxt *ctxt)
 {
 	int dr =3D ctxt->modrm_reg;
-	u64 cr4;
=20
 	if (dr > 7)
 		return emulate_ud(ctxt);
=20
-	cr4 =3D ctxt->ops->get_cr(ctxt, 4);
-	if ((cr4 & X86_CR4_DE) && (dr =3D=3D 4 || dr =3D=3D 5))
+	if ((dr =3D=3D 4 || dr =3D=3D 5) && (ctxt->ops->get_cr(ctxt, 4) & X86_CR4=
_DE))
 		return emulate_ud(ctxt);
=20
 	if (ctxt->ops->get_effective_dr7(ctxt) & DR7_GD)
--=20
2.54.0.1032.g2f8565e1d1-goog