From nobody Thu Apr  2 06:33:14 2026
Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.12])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id EB1043EDAC6;
	Thu,  5 Mar 2026 17:44:40 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=192.198.163.12
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1772732682; cv=none;
 b=CLgomu0DA/nzscLvi8YPQloefaJ2E7Kv0r8f86pnkEookVMw6kTGY+Sk3NYnrfwOHZ4WB6o8m8k0L44J6ZJFs+OOoB9clPru3890MZH329gNuufayoKLSMg9DjSFCzdSljicGznaYHtSzKeF16j+t8ILfZkiLf4wgFSoiaXstgE=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1772732682; c=relaxed/simple;
	bh=mS5f5qZhqIx+pvSLY1xFCXbeyKKMW1F2yxVwlPCOzrQ=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=eW/aqzhOeYmKSVTi7EXIRlxTAGIxdhAb2ws6HaNc5BGldS7ienBRWXprf130+nthmWA2+qoz6XFQX1fm5MJetTx5Ty5AddS0hzkzTF5OzPWhQp2C0LMu+2vQLEPDsFCR16Qv/n1p78Fsa2tgmcjlv8BAXB9nucrA+Kc3n9x+MFU=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=intel.com;
 spf=pass smtp.mailfrom=intel.com;
 dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b=aVFf4cyy; arc=none smtp.client-ip=192.198.163.12
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=intel.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=intel.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b="aVFf4cyy"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1772732681; x=1804268681;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=mS5f5qZhqIx+pvSLY1xFCXbeyKKMW1F2yxVwlPCOzrQ=;
  b=aVFf4cyyhJWGJcdLr2S/9FokA1BUjjxq/NTICBvckFZVESL0bnyQOnbR
   9Mv55pJOEVlOqZ0WfJPhutalGrxYz2lIYS/G2GZ+poh1Wt8WHIStEMEFh
   tI7eFWCNcWDGL1yDKQQ3T+ypxcSo1Rmz68QXoMliRHWRTfNqbpgp+xNTE
   2r9MsMhzjOqhfgogzAEZ94CwxXcbYf0XVWoqwGzc52EICS81jjuFEKnZ1
   STqIexBgJxkOfL7PUdPM2yWtJBmcBp+9H+kUVVQuHXFQlS+oBPrSiSkGQ
   CLNNO0AxVX3p4gWHb7/3TlOKMbycrlg9OVWMFh/2Z88PAhc1yi6YSeZvA
   Q==;
X-CSE-ConnectionGUID: fBE/8CkJQv6rl7clSvxcGw==
X-CSE-MsgGUID: rLmm0/DZQ+SiXwlZNr8kZw==
X-IronPort-AV: E=McAfee;i="6800,10657,11720"; a="77701110"
X-IronPort-AV: E=Sophos;i="6.23,103,1770624000";
   d="scan'208";a="77701110"
Received: from orviesa001.jf.intel.com ([10.64.159.141])
  by fmvoesa106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 05 Mar 2026 09:44:40 -0800
X-CSE-ConnectionGUID: pY/28CaAQCWo0vitQB3Pwg==
X-CSE-MsgGUID: yVR/FqEfSYmSsBmg3Z1kRg==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.23,103,1770624000";
   d="scan'208";a="256647594"
Received: from mdroper-mobl2.amr.corp.intel.com (HELO localhost)
 ([10.124.220.244])
  by smtpauth.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 05 Mar 2026 09:44:40 -0800
From: isaku.yamahata@intel.com
To: kvm@vger.kernel.org
Cc: isaku.yamahata@intel.com,
	isaku.yamahata@gmail.com,
	Paolo Bonzini <pbonzini@redhat.com>,
	Sean Christopherson <seanjc@google.com>,
	linux-kernel@vger.kernel.org
Subject: [PATCH v2 18/36] KVM: nVMX: Add check vmread/vmwrite on tertiary
 control
Date: Thu,  5 Mar 2026 09:43:58 -0800
Message-ID: 
 <c60655c588b63f379e76c54d311e5b82b784487a.1772732517.git.isaku.yamahata@intel.com>
X-Mailer: git-send-email 2.45.2
In-Reply-To: <cover.1772732517.git.isaku.yamahata@intel.com>
References: <cover.1772732517.git.isaku.yamahata@intel.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Isaku Yamahata <isaku.yamahata@intel.com>

Make the access to the tertiary processor-based VM control an error if the
guest VMX true processor-based controls don't report it.

Without this patch, the KVM unit test_vmread_vmwrite() fails because
vmread()/vmwrite() can succeeds with the index beyond
MSR_IA32_VMX_VMCS_ENUM when the tertiary processor-based VM-executing
controls aren't advertised to the guest.

Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
---
 arch/x86/kvm/vmx/nested.c | 20 ++++++++++++++++++++
 arch/x86/kvm/vmx/nested.h |  5 +++++
 2 files changed, 25 insertions(+)

diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index 65f7260d02df..562b5ffc6433 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -5768,6 +5768,16 @@ static int handle_vmresume(struct kvm_vcpu *vcpu)
 	return nested_vmx_run(vcpu, false);
 }
=20
+static bool is_vmcs_field_valid(struct kvm_vcpu *vcpu, unsigned long field)
+{
+	if (!nested_cpu_supports_tertiary_ctls(vcpu) &&
+	    (field =3D=3D TERTIARY_VM_EXEC_CONTROL ||
+	     field =3D=3D TERTIARY_VM_EXEC_CONTROL_HIGH))
+		return false;
+
+	return true;
+}
+
 static int handle_vmread(struct kvm_vcpu *vcpu)
 {
 	struct vmcs12 *vmcs12 =3D is_guest_mode(vcpu) ? get_shadow_vmcs12(vcpu)
@@ -5798,6 +5808,9 @@ static int handle_vmread(struct kvm_vcpu *vcpu)
 		     get_vmcs12(vcpu)->vmcs_link_pointer =3D=3D INVALID_GPA))
 			return nested_vmx_failInvalid(vcpu);
=20
+		if (!is_vmcs_field_valid(vcpu, field))
+			return nested_vmx_fail(vcpu, VMXERR_UNSUPPORTED_VMCS_COMPONENT);
+
 		offset =3D get_vmcs12_field_offset(field);
 		if (offset < 0)
 			return nested_vmx_fail(vcpu, VMXERR_UNSUPPORTED_VMCS_COMPONENT);
@@ -5922,6 +5935,9 @@ static int handle_vmwrite(struct kvm_vcpu *vcpu)
=20
 	field =3D kvm_register_read(vcpu, (((instr_info) >> 28) & 0xf));
=20
+	if (!is_vmcs_field_valid(vcpu, field))
+		return nested_vmx_fail(vcpu, VMXERR_UNSUPPORTED_VMCS_COMPONENT);
+
 	offset =3D get_vmcs12_field_offset(field);
 	if (offset < 0)
 		return nested_vmx_fail(vcpu, VMXERR_UNSUPPORTED_VMCS_COMPONENT);
@@ -7170,6 +7186,10 @@ static int vmx_set_nested_state(struct kvm_vcpu *vcp=
u,
 			kvm_state->hdr.vmx.preemption_timer_deadline;
 	}
=20
+	if (!nested_cpu_supports_tertiary_ctls(vcpu) &&
+	    vmcs12->tertiary_vm_exec_control)
+		goto error_guest_mode;
+
 	if (nested_vmx_check_controls(vcpu, vmcs12) ||
 	    nested_vmx_check_host_state(vcpu, vmcs12) ||
 	    nested_vmx_check_guest_state(vcpu, vmcs12, &ignored))
diff --git a/arch/x86/kvm/vmx/nested.h b/arch/x86/kvm/vmx/nested.h
index 6df2cfb20d87..1100a8114dd9 100644
--- a/arch/x86/kvm/vmx/nested.h
+++ b/arch/x86/kvm/vmx/nested.h
@@ -157,6 +157,11 @@ static inline bool __nested_cpu_supports_tertiary_ctls=
(struct nested_vmx_msrs *m
 	return msrs->procbased_ctls_high & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS;
 }
=20
+static inline bool nested_cpu_supports_tertiary_ctls(struct kvm_vcpu *vcpu)
+{
+	return __nested_cpu_supports_tertiary_ctls(&to_vmx(vcpu)->nested.msrs);
+}
+
 /* APIC TIMER VIRTUALIZATION requires in-kernel lapic. */
 static inline bool nested_cpu_can_support_apic_virt_timer(struct kvm_vcpu =
*vcpu)
 {
--=20
2.45.2