From: "Chang S. Bae" <chang.seok.bae@intel.com>
To: pbonzini@redhat.com, seanjc@google.com
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
chao.gao@intel.com, chang.seok.bae@intel.com
Subject: [PATCH v2 13/16] KVM: x86: Guard valid XCR0.APX settings
Date: Mon, 12 Jan 2026 23:54:05 +0000 [thread overview]
Message-ID: <20260112235408.168200-14-chang.seok.bae@intel.com> (raw)
In-Reply-To: <20260112235408.168200-1-chang.seok.bae@intel.com>
Prevent invalid XCR0.APX configurations in two cases: conflict with MPX
and lack of SVM support.
In the non-compacted XSAVE format, APX and MPX conflict on the same
offset. Although MPX is being deprecated in practice, KVM should
explicitly reject such configurations that set both bits.
At this point, only VMX supports EGPRs. SVM will require corresponding
extensions to handle EGPR indices.
The addition to the supported XCR0 mask should accompany guest CPUID
exposure, which will be done separately.
Link: https://lore.kernel.org/ab3f4937-38f5-4354-8850-bf773c159bbe@redhat.com
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Chang S. Bae <chang.seok.bae@intel.com>
---
arch/x86/kvm/svm/svm.c | 7 ++++++-
arch/x86/kvm/x86.c | 4 ++++
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 209faa742e98..a06e5a24b808 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -5301,8 +5301,13 @@ static __init int svm_hardware_setup(void)
}
kvm_enable_efer_bits(EFER_NX);
+ /*
+ * APX introduces EGPRs, which require additional VMCB support.
+ * Disable APX until the necessary extensions are handled.
+ */
kvm_caps.supported_xcr0 &= ~(XFEATURE_MASK_BNDREGS |
- XFEATURE_MASK_BNDCSR);
+ XFEATURE_MASK_BNDCSR |
+ XFEATURE_MASK_APX);
if (boot_cpu_has(X86_FEATURE_FXSR_OPT))
kvm_enable_efer_bits(EFER_FFXSR);
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index e7f858488f2c..189a03483d03 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -1391,6 +1391,10 @@ int __kvm_set_xcr(struct kvm_vcpu *vcpu, u32 index, u64 xcr)
(!(xcr0 & XFEATURE_MASK_BNDCSR)))
return 1;
+ /* MPX and APX conflict in the non-compacted XSAVE format */
+ if (xcr0 & XFEATURE_MASK_BNDREGS && xcr0 & XFEATURE_MASK_APX)
+ return 1;
+
if (xcr0 & XFEATURE_MASK_AVX512) {
if (!(xcr0 & XFEATURE_MASK_YMM))
return 1;
--
2.51.0
next prev parent reply other threads:[~2026-01-13 0:18 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-12 23:53 [PATCH v2 00/16] KVM: x86: Enable APX for guests Chang S. Bae
2026-01-12 23:53 ` [PATCH v2 01/16] KVM: x86: Rename register accessors to be GPR-specific Chang S. Bae
2026-03-05 1:35 ` Sean Christopherson
2026-03-07 1:32 ` Chang S. Bae
2026-03-09 23:28 ` Chang S. Bae
2026-03-10 1:23 ` Sean Christopherson
2026-03-10 22:05 ` Chang S. Bae
2026-03-10 23:12 ` Sean Christopherson
2026-01-12 23:53 ` [PATCH v2 02/16] KVM: x86: Refactor GPR accessors to differentiate register access types Chang S. Bae
2026-03-05 1:49 ` Sean Christopherson
2026-03-07 1:32 ` Chang S. Bae
2026-01-12 23:53 ` [PATCH v2 03/16] KVM: x86: Implement accessors for extended GPRs Chang S. Bae
2026-03-05 1:41 ` Sean Christopherson
2026-03-07 1:32 ` Chang S. Bae
2026-01-12 23:53 ` [PATCH v2 04/16] KVM: VMX: Introduce unified instruction info structure Chang S. Bae
2026-03-05 4:21 ` Sean Christopherson
2026-03-07 1:33 ` Chang S. Bae
2026-03-13 1:05 ` Sean Christopherson
2026-01-12 23:53 ` [PATCH v2 05/16] KVM: VMX: Refactor instruction information retrieval Chang S. Bae
2026-01-12 23:53 ` [PATCH v2 06/16] KVM: VMX: Refactor GPR index retrieval from exit qualification Chang S. Bae
2026-03-05 4:13 ` Sean Christopherson
2026-01-12 23:53 ` [PATCH v2 07/16] KVM: VMX: Support extended register index in exit handling Chang S. Bae
2026-01-12 23:54 ` [PATCH v2 08/16] KVM: nVMX: Propagate the extended instruction info field Chang S. Bae
2026-01-12 23:54 ` [PATCH v2 09/16] KVM: emulate: Support EGPR accessing and tracking Chang S. Bae
2026-03-05 4:22 ` Sean Christopherson
2026-01-12 23:54 ` [PATCH v2 10/16] KVM: emulate: Handle EGPR index and REX2-incompatible opcodes Chang S. Bae
2026-01-12 23:54 ` [PATCH v2 11/16] KVM: emulate: Support REX2-prefixed opcode decode Chang S. Bae
2026-01-12 23:54 ` [PATCH v2 12/16] KVM: emulate: Reject EVEX-prefixed instructions Chang S. Bae
2026-01-12 23:54 ` Chang S. Bae [this message]
2026-01-12 23:54 ` [PATCH v2 14/16] KVM: x86: Expose APX foundational feature bit to guests Chang S. Bae
2026-01-19 5:55 ` Xiaoyao Li
2026-01-20 18:07 ` Edgecombe, Rick P
2026-01-20 20:50 ` Chang S. Bae
2026-01-21 19:59 ` Edgecombe, Rick P
2026-01-12 23:54 ` [PATCH v2 15/16] KVM: x86: Expose APX sub-features " Chang S. Bae
2026-01-12 23:54 ` [PATCH v2 16/16] KVM: x86: selftests: Add APX state handling and XCR0 sanity checks Chang S. Bae
2026-03-05 4:28 ` Sean Christopherson
2026-03-07 1:33 ` Chang S. Bae
2026-03-11 18:42 ` Paolo Bonzini
2026-04-20 21:23 ` [PATCH kvm-unit-tests] x86: xsave: Add test case for emulation of APX instructions Chang S. Bae
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260112235408.168200-14-chang.seok.bae@intel.com \
--to=chang.seok.bae@intel.com \
--cc=chao.gao@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.