[PATCH v7 14/26] KVM: nSVM: Drop the non-architectural consistency check for NP

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH v7 14/26] KVM: nSVM: Drop the non-architectural consistency check for NP_ENABLE
  2026-03-03  0:33 [PATCH v7 00/26] Nested SVM fixes, cleanups, and hardening Yosry Ahmed
@ 2026-03-03  0:34 ` Yosry Ahmed
  0 siblings, 0 replies; 2+ messages in thread
From: Yosry Ahmed @ 2026-03-03  0:34 UTC (permalink / raw)
  To: Sean Christopherson; +Cc: Paolo Bonzini, kvm, linux-kernel, Yosry Ahmed, stable

KVM currenty fails a nested VMRUN and injects VMEXIT_INVALID (aka
SVM_EXIT_ERR) if L1 sets NP_ENABLE and the host does not support NPTs.
On first glance, it seems like the check should actually be for
guest_cpu_cap_has(X86_FEATURE_NPT) instead, as it is possible for the
host to support NPTs but the guest CPUID to not advertise it.

However, the consistency check is not architectural to begin with. The
APM does not mention VMEXIT_INVALID if NP_ENABLE is set on a processor
that does not have X86_FEATURE_NPT. Hence, NP_ENABLE should be ignored
if X86_FEATURE_NPT is not available for L1, so sanitize it when copying
from the VMCB12 to KVM's cache.

Apart from the consistency check, NP_ENABLE in VMCB12 is currently
ignored because the bit is actually copied from VMCB01 to VMCB02, not
from VMCB12.

Fixes: 4b16184c1cca ("KVM: SVM: Initialize Nested Nested MMU context on VMRUN")
Cc: stable@vger.kernel.org
Signed-off-by: Yosry Ahmed <yosry@kernel.org>
---
 arch/x86/kvm/svm/nested.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index 21e1a43c91879..613d5e2e7c3d1 100644
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -348,9 +348,6 @@ static bool nested_vmcb_check_controls(struct kvm_vcpu *vcpu,
 	if (CC(control->asid == 0))
 		return false;
 
-	if (CC((control->nested_ctl & SVM_NESTED_CTL_NP_ENABLE) && !npt_enabled))
-		return false;
-
 	if (CC(!nested_svm_check_bitmap_pa(vcpu, control->msrpm_base_pa,
 					   MSRPM_SIZE)))
 		return false;
@@ -431,6 +428,11 @@ void __nested_copy_vmcb_control_to_cache(struct kvm_vcpu *vcpu,
 	nested_svm_sanitize_intercept(vcpu, to, SKINIT);
 	nested_svm_sanitize_intercept(vcpu, to, RDPRU);
 
+	/* Always clear SVM_NESTED_CTL_NP_ENABLE if the guest cannot use NPTs */
+	to->nested_ctl          = from->nested_ctl;
+	if (!guest_cpu_cap_has(vcpu, X86_FEATURE_NPT))
+		to->nested_ctl &= ~SVM_NESTED_CTL_NP_ENABLE;
+
 	to->iopm_base_pa        = from->iopm_base_pa;
 	to->msrpm_base_pa       = from->msrpm_base_pa;
 	to->tsc_offset          = from->tsc_offset;
@@ -444,7 +446,6 @@ void __nested_copy_vmcb_control_to_cache(struct kvm_vcpu *vcpu,
 	to->exit_info_2         = from->exit_info_2;
 	to->exit_int_info       = from->exit_int_info;
 	to->exit_int_info_err   = from->exit_int_info_err;
-	to->nested_ctl          = from->nested_ctl;
 	to->event_inj           = from->event_inj;
 	to->event_inj_err       = from->event_inj_err;
 	to->next_rip            = from->next_rip;
-- 
2.53.0.473.g4a7958ca14-goog


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH v7 14/26] KVM: nSVM: Drop the non-architectural consistency check for NP_ENABLE
@ 2026-03-03  1:31 kernel test robot
  0 siblings, 0 replies; 2+ messages in thread
From: kernel test robot @ 2026-03-03  1:31 UTC (permalink / raw)
  To: oe-kbuild

:::::: 
:::::: Manual check reason: "high confidence checkpatch report"
:::::: 

BCC: lkp@intel.com
CC: oe-kbuild-all@lists.linux.dev
In-Reply-To: <20260303003421.2185681-15-yosry@kernel.org>
References: <20260303003421.2185681-15-yosry@kernel.org>
TO: Yosry Ahmed <yosry@kernel.org>
TO: Sean Christopherson <seanjc@google.com>

Hi Yosry,

kernel test robot noticed the following build warnings:

[auto build test WARNING on 183bb0ce8c77b0fd1fb25874112bc8751a461e49]

url:    https://github.com/intel-lab-lkp/linux/commits/Yosry-Ahmed/KVM-nSVM-Avoid-clearing-VMCB_LBR-in-vmcb12/20260303-084832
base:   183bb0ce8c77b0fd1fb25874112bc8751a461e49
patch link:    https://lore.kernel.org/r/20260303003421.2185681-15-yosry%40kernel.org
patch subject: [PATCH v7 14/26] KVM: nSVM: Drop the non-architectural consistency check for NP_ENABLE
:::::: branch date: 36 minutes ago
:::::: commit date: 37 minutes ago
reproduce: (https://download.01.org/0day-ci/archive/20260303/202603030209.SBjun6NN-lkp@intel.com/reproduce)

# many are suggestions rather than must-fix

WARNING:REPEATED_WORD: Possible repeated word: 'Nested'
#23: 
Fixes: 4b16184c1cca ("KVM: SVM: Initialize Nested Nested MMU context on VMRUN")

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-03-03  1:32 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-03  1:31 [PATCH v7 14/26] KVM: nSVM: Drop the non-architectural consistency check for NP_ENABLE kernel test robot
  -- strict thread matches above, loose matches on Subject: below --
2026-03-03  0:33 [PATCH v7 00/26] Nested SVM fixes, cleanups, and hardening Yosry Ahmed
2026-03-03  0:34 ` [PATCH v7 14/26] KVM: nSVM: Drop the non-architectural consistency check for NP_ENABLE Yosry Ahmed

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.