[PATCH v5 0/2] KVM: nSVM: Fix #UD on VMMCALL issues.

[Sean Christopherson <seanjc@google.com>]

The VMMCALL fixes from Kevin's broader "Align SVM with APM defined behaviors"
series.

v5:
 - Separate the VMMCALL fixes from everything else.
 - Rewrite the changelog to make clear this is fixing only the Hyper-V case.
 - Add a patch to always intercept VMMCALL, because letting it #UD natively
   does more harm than good.

v4:
  - https://lore.kernel.org/all/20260228033328.2285047-1-chengkev@google.com
  - Dropped "KVM: SVM: Inject #UD for STGI if EFER.SVME=0 and SVM Lock
    and DEV are not available" as per Sean
  - Added back STGI and CLGI intercept clearing in init_vmcb to maintain
    previous behavior on intel guests. Previously intel guests always
    had STGI and CLGI intercepts cleared if vgif was enabled. In V3,
    because the clearing of the intercepts was moved from init_vmcb() to
    the !guest_cpuid_is_intel_compatible() case in
    svm_recalc_instruction_intercepts(), the CLGI intercept would be
    indefinitely set on intel guests. I added back the clearing to
    init_vmcb() to retain intel guest behavior before this patch.
  - In "Raise #UD if VMMCALL instruction is not intercepted" patch:
      - Exempt Hyper-V L2 TLB flush hypercalls from the #UD injection,
        as L0 intentionally intercepts these VMMCALLs on behalf of L1
	via the direct hypercall enlightenment.
      - Added nested_svm_is_l2_tlb_flush_hcall() which just returns true
        if the hypercall was a Hyper-V L2 TLB flush hypercall.

v3:
  - https://lore.kernel.org/kvm/20260122045755.205203-1-chengkev@google.com/
  - Elaborated on 'Move STGI and CLGI intercept handling' commit message
    as per Sean
  - Fixed bug due to interaction with svm_enable_nmi_window() and 'Move
    STGI and CLGI intercept handling' as pointed out by Yosry. Code
    changes suggested by Sean/Yosry.
  - Removed open-coded nested_svm_check_permissions() in STGI
    interception function as per Yosry

v2:
  - https://lore.kernel.org/all/20260112174535.3132800-1-chengkev@google.com
  - Split up the series into smaller more logical changes as suggested
    by Sean
  - Added patch for injecting #UD for STGI under APM defined conditions
    as suggested by Sean
  - Combined EFER.SVME=0 conditional with intel CPU logic in
    svm_recalc_instruction_intercepts

Kevin Cheng (1):
  KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1

Sean Christopherson (1):
  KVM: nSVM: Always intercept VMMCALL when L2 is active

 arch/x86/kvm/hyperv.h     |  8 --------
 arch/x86/kvm/svm/hyperv.h |  9 ++++++++-
 arch/x86/kvm/svm/nested.c | 11 +----------
 arch/x86/kvm/svm/svm.c    | 19 ++++++++++++++++++-
 4 files changed, 27 insertions(+), 20 deletions(-)


base-commit: 11439c4635edd669ae435eec308f4ab8a0804808
-- 
2.53.0.473.g4a7958ca14-goog