[PATCH] x86/entry: Zap the #VC entry user and kernel macros

[PATCH] x86/entry: Zap the #VC entry user and kernel macros

[Borislav Petkov]

From: "Borislav Petkov (AMD)" <bp@alien8.de>

Drop the separate kernel and user macros in favor of calling a single #VC
C handler which multiplexes between the kernel and user #VC entry points
by looking at CS's RPL.

Zap unused DEFINE_IDTENTRY_VC while at it.

There should be no functionality change resulting from this - just code
simplification.

Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
---
 arch/x86/coco/sev/internal.h    |  3 +++
 arch/x86/coco/sev/vc-handle.c   | 12 ++++++++++--
 arch/x86/entry/entry_64.S       |  4 ++--
 arch/x86/entry/entry_fred.c     | 10 ----------
 arch/x86/include/asm/idtentry.h | 29 +++--------------------------
 5 files changed, 18 insertions(+), 40 deletions(-)

diff --git a/arch/x86/coco/sev/internal.h b/arch/x86/coco/sev/internal.h
index b1d0c66a651a..b9632c0fc391 100644
--- a/arch/x86/coco/sev/internal.h
+++ b/arch/x86/coco/sev/internal.h
@@ -70,6 +70,9 @@ void svsm_pval_pages(struct snp_psc_desc *desc);
 int svsm_perform_call_protocol(struct svsm_call *call);
 bool snp_svsm_vtpm_probe(void);
 
+noinstr void kernel_exc_vmm_communication(struct pt_regs *regs, unsigned long error_code);
+noinstr void user_exc_vmm_communication(struct pt_regs *regs, unsigned long error_code);
+
 static inline u64 sev_es_rd_ghcb_msr(void)
 {
 	return native_rdmsrq(MSR_AMD64_SEV_ES_GHCB);
diff --git a/arch/x86/coco/sev/vc-handle.c b/arch/x86/coco/sev/vc-handle.c
index d98b5c08ef00..96b62b49b2b5 100644
--- a/arch/x86/coco/sev/vc-handle.c
+++ b/arch/x86/coco/sev/vc-handle.c
@@ -954,7 +954,7 @@ static __always_inline bool vc_is_db(unsigned long error_code)
  * Runtime #VC exception handler when raised from kernel mode. Runs in NMI mode
  * and will panic when an error happens.
  */
-DEFINE_IDTENTRY_VC_KERNEL(exc_vmm_communication)
+noinstr void kernel_exc_vmm_communication(struct pt_regs *regs, unsigned long error_code)
 {
 	irqentry_state_t irq_state;
 
@@ -1006,7 +1006,7 @@ DEFINE_IDTENTRY_VC_KERNEL(exc_vmm_communication)
  * Runtime #VC exception handler when raised from user mode. Runs in IRQ mode
  * and will kill the current task with SIGBUS when an error happens.
  */
-DEFINE_IDTENTRY_VC_USER(exc_vmm_communication)
+noinstr void user_exc_vmm_communication(struct pt_regs *regs, unsigned long error_code)
 {
 	/*
 	 * Handle #DB before calling into !noinstr code to avoid recursive #DB.
@@ -1032,6 +1032,14 @@ DEFINE_IDTENTRY_VC_USER(exc_vmm_communication)
 	irqentry_exit_to_user_mode(regs);
 }
 
+DEFINE_IDTENTRY_RAW_ERRORCODE(exc_vmm_communication)
+{
+	if (user_mode(regs))
+		return user_exc_vmm_communication(regs, error_code);
+	else
+		return kernel_exc_vmm_communication(regs, error_code);
+}
+
 bool __init handle_vc_boot_ghcb(struct pt_regs *regs)
 {
 	unsigned long exit_code = regs->orig_ax;
diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
index 42447b1e1dff..c6d996593f32 100644
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -492,7 +492,7 @@ SYM_CODE_START(\asmsym)
 
 	movq	%rsp, %rdi		/* pt_regs pointer */
 
-	call	kernel_\cfunc
+	call	\cfunc
 
 	/*
 	 * No need to switch back to the IST stack. The current stack is either
@@ -503,7 +503,7 @@ SYM_CODE_START(\asmsym)
 
 	/* Switch to the regular task stack */
 .Lfrom_usermode_switch_stack_\@:
-	idtentry_body user_\cfunc, has_error_code=1
+	idtentry_body \cfunc, has_error_code=1
 
 _ASM_NOKPROBE(\asmsym)
 SYM_CODE_END(\asmsym)
diff --git a/arch/x86/entry/entry_fred.c b/arch/x86/entry/entry_fred.c
index fbe2d10dd737..fb3594ddf731 100644
--- a/arch/x86/entry/entry_fred.c
+++ b/arch/x86/entry/entry_fred.c
@@ -177,16 +177,6 @@ static noinstr void fred_extint(struct pt_regs *regs)
 	}
 }
 
-#ifdef CONFIG_AMD_MEM_ENCRYPT
-noinstr void exc_vmm_communication(struct pt_regs *regs, unsigned long error_code)
-{
-	if (user_mode(regs))
-		return user_exc_vmm_communication(regs, error_code);
-	else
-		return kernel_exc_vmm_communication(regs, error_code);
-}
-#endif
-
 static noinstr void fred_hwexc(struct pt_regs *regs, unsigned long error_code)
 {
 	/* Optimize for #PF. That's the only exception which matters performance wise */
diff --git a/arch/x86/include/asm/idtentry.h b/arch/x86/include/asm/idtentry.h
index 42bf6a58ec36..20f548702404 100644
--- a/arch/x86/include/asm/idtentry.h
+++ b/arch/x86/include/asm/idtentry.h
@@ -340,17 +340,14 @@ static __always_inline void __##func(struct pt_regs *regs)
 	__visible void noist_##func(struct pt_regs *regs)
 
 /**
- * DECLARE_IDTENTRY_VC - Declare functions for the VC entry point
+ * DECLARE_IDTENTRY_VC - Declare a function for the VC entry point
  * @vector:	Vector number (ignored for C)
  * @func:	Function name of the entry point
  *
- * Maps to DECLARE_IDTENTRY_RAW_ERRORCODE, but declares also the
- * safe_stack C handler.
+ * Maps to DECLARE_IDTENTRY_RAW_ERRORCODE.
  */
 #define DECLARE_IDTENTRY_VC(vector, func)				\
-	DECLARE_IDTENTRY_RAW_ERRORCODE(vector, func);			\
-	__visible noinstr void kernel_##func(struct pt_regs *regs, unsigned long error_code);	\
-	__visible noinstr void   user_##func(struct pt_regs *regs, unsigned long error_code)
+	DECLARE_IDTENTRY_RAW_ERRORCODE(vector, func);
 
 /**
  * DEFINE_IDTENTRY_IST - Emit code for IST entry points
@@ -391,26 +388,6 @@ static __always_inline void __##func(struct pt_regs *regs)
 #define DEFINE_IDTENTRY_DF(func)					\
 	DEFINE_IDTENTRY_RAW_ERRORCODE(func)
 
-/**
- * DEFINE_IDTENTRY_VC_KERNEL - Emit code for VMM communication handler
- *			       when raised from kernel mode
- * @func:	Function name of the entry point
- *
- * Maps to DEFINE_IDTENTRY_RAW_ERRORCODE
- */
-#define DEFINE_IDTENTRY_VC_KERNEL(func)				\
-	DEFINE_IDTENTRY_RAW_ERRORCODE(kernel_##func)
-
-/**
- * DEFINE_IDTENTRY_VC_USER - Emit code for VMM communication handler
- *			     when raised from user mode
- * @func:	Function name of the entry point
- *
- * Maps to DEFINE_IDTENTRY_RAW_ERRORCODE
- */
-#define DEFINE_IDTENTRY_VC_USER(func)				\
-	DEFINE_IDTENTRY_RAW_ERRORCODE(user_##func)
-
 #else	/* CONFIG_X86_64 */
 
 /**
-- 
2.51.0

Re: [PATCH] x86/entry: Zap the #VC entry user and kernel macros

[Nikunj A. Dadhania]

On 4/20/2026 10:13 PM, Borislav Petkov wrote:
> From: "Borislav Petkov (AMD)" <bp@alien8.de>
> 
> Drop the separate kernel and user macros in favor of calling a single #VC
> C handler which multiplexes between the kernel and user #VC entry points
> by looking at CS's RPL.
> 
> Zap unused DEFINE_IDTENTRY_VC while at it.
> 
> There should be no functionality change resulting from this - just code
> simplification.
> 
> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>

Boot tested with and without FRED on various guest combination (SVM, SEV, ES and SNP)

Tested-by: Nikunj A. Dadhania <nikunj@amd.com>
Reviewed-by: Nikunj A. Dadhania <nikunj@amd.com>

> ---
>  arch/x86/coco/sev/internal.h    |  3 +++
>  arch/x86/coco/sev/vc-handle.c   | 12 ++++++++++--
>  arch/x86/entry/entry_64.S       |  4 ++--
>  arch/x86/entry/entry_fred.c     | 10 ----------
>  arch/x86/include/asm/idtentry.h | 29 +++--------------------------
>  5 files changed, 18 insertions(+), 40 deletions(-)
> 
> diff --git a/arch/x86/coco/sev/internal.h b/arch/x86/coco/sev/internal.h
> index b1d0c66a651a..b9632c0fc391 100644
> --- a/arch/x86/coco/sev/internal.h
> +++ b/arch/x86/coco/sev/internal.h
> @@ -70,6 +70,9 @@ void svsm_pval_pages(struct snp_psc_desc *desc);
>  int svsm_perform_call_protocol(struct svsm_call *call);
>  bool snp_svsm_vtpm_probe(void);
>  
> +noinstr void kernel_exc_vmm_communication(struct pt_regs *regs, unsigned long error_code);
> +noinstr void user_exc_vmm_communication(struct pt_regs *regs, unsigned long error_code);
> +
>  static inline u64 sev_es_rd_ghcb_msr(void)
>  {
>  	return native_rdmsrq(MSR_AMD64_SEV_ES_GHCB);
> diff --git a/arch/x86/coco/sev/vc-handle.c b/arch/x86/coco/sev/vc-handle.c
> index d98b5c08ef00..96b62b49b2b5 100644
> --- a/arch/x86/coco/sev/vc-handle.c
> +++ b/arch/x86/coco/sev/vc-handle.c
> @@ -954,7 +954,7 @@ static __always_inline bool vc_is_db(unsigned long error_code)
>   * Runtime #VC exception handler when raised from kernel mode. Runs in NMI mode
>   * and will panic when an error happens.
>   */
> -DEFINE_IDTENTRY_VC_KERNEL(exc_vmm_communication)
> +noinstr void kernel_exc_vmm_communication(struct pt_regs *regs, unsigned long error_code)
>  {
>  	irqentry_state_t irq_state;
>  
> @@ -1006,7 +1006,7 @@ DEFINE_IDTENTRY_VC_KERNEL(exc_vmm_communication)
>   * Runtime #VC exception handler when raised from user mode. Runs in IRQ mode
>   * and will kill the current task with SIGBUS when an error happens.
>   */
> -DEFINE_IDTENTRY_VC_USER(exc_vmm_communication)
> +noinstr void user_exc_vmm_communication(struct pt_regs *regs, unsigned long error_code)
>  {
>  	/*
>  	 * Handle #DB before calling into !noinstr code to avoid recursive #DB.
> @@ -1032,6 +1032,14 @@ DEFINE_IDTENTRY_VC_USER(exc_vmm_communication)
>  	irqentry_exit_to_user_mode(regs);
>  }
>  
> +DEFINE_IDTENTRY_RAW_ERRORCODE(exc_vmm_communication)
> +{
> +	if (user_mode(regs))
> +		return user_exc_vmm_communication(regs, error_code);
> +	else
> +		return kernel_exc_vmm_communication(regs, error_code);
> +}
> +
>  bool __init handle_vc_boot_ghcb(struct pt_regs *regs)
>  {
>  	unsigned long exit_code = regs->orig_ax;
> diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
> index 42447b1e1dff..c6d996593f32 100644
> --- a/arch/x86/entry/entry_64.S
> +++ b/arch/x86/entry/entry_64.S
> @@ -492,7 +492,7 @@ SYM_CODE_START(\asmsym)
>  
>  	movq	%rsp, %rdi		/* pt_regs pointer */
>  
> -	call	kernel_\cfunc
> +	call	\cfunc
>  
>  	/*
>  	 * No need to switch back to the IST stack. The current stack is either
> @@ -503,7 +503,7 @@ SYM_CODE_START(\asmsym)
>  
>  	/* Switch to the regular task stack */
>  .Lfrom_usermode_switch_stack_\@:
> -	idtentry_body user_\cfunc, has_error_code=1
> +	idtentry_body \cfunc, has_error_code=1
>  
>  _ASM_NOKPROBE(\asmsym)
>  SYM_CODE_END(\asmsym)
> diff --git a/arch/x86/entry/entry_fred.c b/arch/x86/entry/entry_fred.c
> index fbe2d10dd737..fb3594ddf731 100644
> --- a/arch/x86/entry/entry_fred.c
> +++ b/arch/x86/entry/entry_fred.c
> @@ -177,16 +177,6 @@ static noinstr void fred_extint(struct pt_regs *regs)
>  	}
>  }
>  
> -#ifdef CONFIG_AMD_MEM_ENCRYPT
> -noinstr void exc_vmm_communication(struct pt_regs *regs, unsigned long error_code)
> -{
> -	if (user_mode(regs))
> -		return user_exc_vmm_communication(regs, error_code);
> -	else
> -		return kernel_exc_vmm_communication(regs, error_code);
> -}
> -#endif
> -
>  static noinstr void fred_hwexc(struct pt_regs *regs, unsigned long error_code)
>  {
>  	/* Optimize for #PF. That's the only exception which matters performance wise */
> diff --git a/arch/x86/include/asm/idtentry.h b/arch/x86/include/asm/idtentry.h
> index 42bf6a58ec36..20f548702404 100644
> --- a/arch/x86/include/asm/idtentry.h
> +++ b/arch/x86/include/asm/idtentry.h
> @@ -340,17 +340,14 @@ static __always_inline void __##func(struct pt_regs *regs)
>  	__visible void noist_##func(struct pt_regs *regs)
>  
>  /**
> - * DECLARE_IDTENTRY_VC - Declare functions for the VC entry point
> + * DECLARE_IDTENTRY_VC - Declare a function for the VC entry point
>   * @vector:	Vector number (ignored for C)
>   * @func:	Function name of the entry point
>   *
> - * Maps to DECLARE_IDTENTRY_RAW_ERRORCODE, but declares also the
> - * safe_stack C handler.
> + * Maps to DECLARE_IDTENTRY_RAW_ERRORCODE.
>   */
>  #define DECLARE_IDTENTRY_VC(vector, func)				\
> -	DECLARE_IDTENTRY_RAW_ERRORCODE(vector, func);			\
> -	__visible noinstr void kernel_##func(struct pt_regs *regs, unsigned long error_code);	\
> -	__visible noinstr void   user_##func(struct pt_regs *regs, unsigned long error_code)
> +	DECLARE_IDTENTRY_RAW_ERRORCODE(vector, func);
>  
>  /**
>   * DEFINE_IDTENTRY_IST - Emit code for IST entry points
> @@ -391,26 +388,6 @@ static __always_inline void __##func(struct pt_regs *regs)
>  #define DEFINE_IDTENTRY_DF(func)					\
>  	DEFINE_IDTENTRY_RAW_ERRORCODE(func)
>  
> -/**
> - * DEFINE_IDTENTRY_VC_KERNEL - Emit code for VMM communication handler
> - *			       when raised from kernel mode
> - * @func:	Function name of the entry point
> - *
> - * Maps to DEFINE_IDTENTRY_RAW_ERRORCODE
> - */
> -#define DEFINE_IDTENTRY_VC_KERNEL(func)				\
> -	DEFINE_IDTENTRY_RAW_ERRORCODE(kernel_##func)
> -
> -/**
> - * DEFINE_IDTENTRY_VC_USER - Emit code for VMM communication handler
> - *			     when raised from user mode
> - * @func:	Function name of the entry point
> - *
> - * Maps to DEFINE_IDTENTRY_RAW_ERRORCODE
> - */
> -#define DEFINE_IDTENTRY_VC_USER(func)				\
> -	DEFINE_IDTENTRY_RAW_ERRORCODE(user_##func)
> -
>  #else	/* CONFIG_X86_64 */
>  
>  /**

Re: [PATCH] x86/entry: Zap the #VC entry user and kernel macros

[Borislav Petkov]

On Thu, Apr 23, 2026 at 02:50:34PM +0530, Nikunj A. Dadhania wrote:
> Boot tested with and without FRED on various guest combination (SVM, SEV, ES and SNP)
> 
> Tested-by: Nikunj A. Dadhania <nikunj@amd.com>
> Reviewed-by: Nikunj A. Dadhania <nikunj@amd.com>

Thanks, much appreciated!

:-)

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Re: [PATCH] x86/entry: Zap the #VC entry user and kernel macros

[Tom Lendacky]

On 4/20/26 11:43, Borislav Petkov wrote:
> From: "Borislav Petkov (AMD)" <bp@alien8.de>
> 
> Drop the separate kernel and user macros in favor of calling a single #VC
> C handler which multiplexes between the kernel and user #VC entry points
> by looking at CS's RPL.
> 
> Zap unused DEFINE_IDTENTRY_VC while at it.
> 
> There should be no functionality change resulting from this - just code
> simplification.
> 
> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>

Looks reasonable to me.

Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>

> ---
>  arch/x86/coco/sev/internal.h    |  3 +++
>  arch/x86/coco/sev/vc-handle.c   | 12 ++++++++++--
>  arch/x86/entry/entry_64.S       |  4 ++--
>  arch/x86/entry/entry_fred.c     | 10 ----------
>  arch/x86/include/asm/idtentry.h | 29 +++--------------------------
>  5 files changed, 18 insertions(+), 40 deletions(-)
> 
> diff --git a/arch/x86/coco/sev/internal.h b/arch/x86/coco/sev/internal.h
> index b1d0c66a651a..b9632c0fc391 100644
> --- a/arch/x86/coco/sev/internal.h
> +++ b/arch/x86/coco/sev/internal.h
> @@ -70,6 +70,9 @@ void svsm_pval_pages(struct snp_psc_desc *desc);
>  int svsm_perform_call_protocol(struct svsm_call *call);
>  bool snp_svsm_vtpm_probe(void);
>  
> +noinstr void kernel_exc_vmm_communication(struct pt_regs *regs, unsigned long error_code);
> +noinstr void user_exc_vmm_communication(struct pt_regs *regs, unsigned long error_code);
> +
>  static inline u64 sev_es_rd_ghcb_msr(void)
>  {
>  	return native_rdmsrq(MSR_AMD64_SEV_ES_GHCB);
> diff --git a/arch/x86/coco/sev/vc-handle.c b/arch/x86/coco/sev/vc-handle.c
> index d98b5c08ef00..96b62b49b2b5 100644
> --- a/arch/x86/coco/sev/vc-handle.c
> +++ b/arch/x86/coco/sev/vc-handle.c
> @@ -954,7 +954,7 @@ static __always_inline bool vc_is_db(unsigned long error_code)
>   * Runtime #VC exception handler when raised from kernel mode. Runs in NMI mode
>   * and will panic when an error happens.
>   */
> -DEFINE_IDTENTRY_VC_KERNEL(exc_vmm_communication)
> +noinstr void kernel_exc_vmm_communication(struct pt_regs *regs, unsigned long error_code)
>  {
>  	irqentry_state_t irq_state;
>  
> @@ -1006,7 +1006,7 @@ DEFINE_IDTENTRY_VC_KERNEL(exc_vmm_communication)
>   * Runtime #VC exception handler when raised from user mode. Runs in IRQ mode
>   * and will kill the current task with SIGBUS when an error happens.
>   */
> -DEFINE_IDTENTRY_VC_USER(exc_vmm_communication)
> +noinstr void user_exc_vmm_communication(struct pt_regs *regs, unsigned long error_code)
>  {
>  	/*
>  	 * Handle #DB before calling into !noinstr code to avoid recursive #DB.
> @@ -1032,6 +1032,14 @@ DEFINE_IDTENTRY_VC_USER(exc_vmm_communication)
>  	irqentry_exit_to_user_mode(regs);
>  }
>  
> +DEFINE_IDTENTRY_RAW_ERRORCODE(exc_vmm_communication)
> +{
> +	if (user_mode(regs))
> +		return user_exc_vmm_communication(regs, error_code);
> +	else
> +		return kernel_exc_vmm_communication(regs, error_code);
> +}
> +
>  bool __init handle_vc_boot_ghcb(struct pt_regs *regs)
>  {
>  	unsigned long exit_code = regs->orig_ax;
> diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
> index 42447b1e1dff..c6d996593f32 100644
> --- a/arch/x86/entry/entry_64.S
> +++ b/arch/x86/entry/entry_64.S
> @@ -492,7 +492,7 @@ SYM_CODE_START(\asmsym)
>  
>  	movq	%rsp, %rdi		/* pt_regs pointer */
>  
> -	call	kernel_\cfunc
> +	call	\cfunc
>  
>  	/*
>  	 * No need to switch back to the IST stack. The current stack is either
> @@ -503,7 +503,7 @@ SYM_CODE_START(\asmsym)
>  
>  	/* Switch to the regular task stack */
>  .Lfrom_usermode_switch_stack_\@:
> -	idtentry_body user_\cfunc, has_error_code=1
> +	idtentry_body \cfunc, has_error_code=1
>  
>  _ASM_NOKPROBE(\asmsym)
>  SYM_CODE_END(\asmsym)
> diff --git a/arch/x86/entry/entry_fred.c b/arch/x86/entry/entry_fred.c
> index fbe2d10dd737..fb3594ddf731 100644
> --- a/arch/x86/entry/entry_fred.c
> +++ b/arch/x86/entry/entry_fred.c
> @@ -177,16 +177,6 @@ static noinstr void fred_extint(struct pt_regs *regs)
>  	}
>  }
>  
> -#ifdef CONFIG_AMD_MEM_ENCRYPT
> -noinstr void exc_vmm_communication(struct pt_regs *regs, unsigned long error_code)
> -{
> -	if (user_mode(regs))
> -		return user_exc_vmm_communication(regs, error_code);
> -	else
> -		return kernel_exc_vmm_communication(regs, error_code);
> -}
> -#endif
> -
>  static noinstr void fred_hwexc(struct pt_regs *regs, unsigned long error_code)
>  {
>  	/* Optimize for #PF. That's the only exception which matters performance wise */
> diff --git a/arch/x86/include/asm/idtentry.h b/arch/x86/include/asm/idtentry.h
> index 42bf6a58ec36..20f548702404 100644
> --- a/arch/x86/include/asm/idtentry.h
> +++ b/arch/x86/include/asm/idtentry.h
> @@ -340,17 +340,14 @@ static __always_inline void __##func(struct pt_regs *regs)
>  	__visible void noist_##func(struct pt_regs *regs)
>  
>  /**
> - * DECLARE_IDTENTRY_VC - Declare functions for the VC entry point
> + * DECLARE_IDTENTRY_VC - Declare a function for the VC entry point
>   * @vector:	Vector number (ignored for C)
>   * @func:	Function name of the entry point
>   *
> - * Maps to DECLARE_IDTENTRY_RAW_ERRORCODE, but declares also the
> - * safe_stack C handler.
> + * Maps to DECLARE_IDTENTRY_RAW_ERRORCODE.
>   */
>  #define DECLARE_IDTENTRY_VC(vector, func)				\
> -	DECLARE_IDTENTRY_RAW_ERRORCODE(vector, func);			\
> -	__visible noinstr void kernel_##func(struct pt_regs *regs, unsigned long error_code);	\
> -	__visible noinstr void   user_##func(struct pt_regs *regs, unsigned long error_code)
> +	DECLARE_IDTENTRY_RAW_ERRORCODE(vector, func);
>  
>  /**
>   * DEFINE_IDTENTRY_IST - Emit code for IST entry points
> @@ -391,26 +388,6 @@ static __always_inline void __##func(struct pt_regs *regs)
>  #define DEFINE_IDTENTRY_DF(func)					\
>  	DEFINE_IDTENTRY_RAW_ERRORCODE(func)
>  
> -/**
> - * DEFINE_IDTENTRY_VC_KERNEL - Emit code for VMM communication handler
> - *			       when raised from kernel mode
> - * @func:	Function name of the entry point
> - *
> - * Maps to DEFINE_IDTENTRY_RAW_ERRORCODE
> - */
> -#define DEFINE_IDTENTRY_VC_KERNEL(func)				\
> -	DEFINE_IDTENTRY_RAW_ERRORCODE(kernel_##func)
> -
> -/**
> - * DEFINE_IDTENTRY_VC_USER - Emit code for VMM communication handler
> - *			     when raised from user mode
> - * @func:	Function name of the entry point
> - *
> - * Maps to DEFINE_IDTENTRY_RAW_ERRORCODE
> - */
> -#define DEFINE_IDTENTRY_VC_USER(func)				\
> -	DEFINE_IDTENTRY_RAW_ERRORCODE(user_##func)
> -
>  #else	/* CONFIG_X86_64 */
>  
>  /**

Re: [PATCH] x86/entry: Zap the #VC entry user and kernel macros

[Joerg Roedel]

On Mon, Apr 20, 2026 at 06:43:52PM +0200, Borislav Petkov wrote:
> From: "Borislav Petkov (AMD)" <bp@alien8.de>
> 
> Drop the separate kernel and user macros in favor of calling a single #VC
> C handler which multiplexes between the kernel and user #VC entry points
> by looking at CS's RPL.
> 
> Zap unused DEFINE_IDTENTRY_VC while at it.
> 
> There should be no functionality change resulting from this - just code
> simplification.
> 
> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>

Fine with me, though IIRC the current implementation was based on a review
comment on the original patch-set.

Acked-by: Joerg Roedel <joerg.roedel@amd.com>

[tip: x86/sev] x86/entry: Zap the #VC entry user and kernel macros

[tip-bot2 for Borislav Petkov (AMD)]

The following commit has been merged into the x86/sev branch of tip:

Commit-ID:     52705e72e265406255f83dbd0c725fddc5bd2c83
Gitweb:        https://git.kernel.org/tip/52705e72e265406255f83dbd0c725fddc5bd2c83
Author:        Borislav Petkov (AMD) <bp@alien8.de>
AuthorDate:    Mon, 20 Apr 2026 18:43:52 +02:00
Committer:     Borislav Petkov (AMD) <bp@alien8.de>
CommitterDate: Mon, 04 May 2026 11:18:41 +02:00

x86/entry: Zap the #VC entry user and kernel macros

Drop the separate kernel and user macros in favor of calling a single #VC
C handler which multiplexes between the kernel and user #VC entry points
by looking at CS's RPL.

Zap unused DEFINE_IDTENTRY_VC while at it.

There should be no functionality change resulting from this - just code
simplification.

Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Nikunj A. Dadhania <nikunj@amd.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Acked-by: Joerg Roedel <joerg.roedel@amd.com>
Tested-by: Nikunj A. Dadhania <nikunj@amd.com>
Link: https://patch.msgid.link/20260420164352.32129-1-bp@kernel.org
---
 arch/x86/coco/sev/internal.h    |  3 +++
 arch/x86/coco/sev/vc-handle.c   | 12 ++++++++++--
 arch/x86/entry/entry_64.S       |  4 ++--
 arch/x86/entry/entry_fred.c     | 10 ----------
 arch/x86/include/asm/idtentry.h | 29 +++--------------------------
 5 files changed, 18 insertions(+), 40 deletions(-)

diff --git a/arch/x86/coco/sev/internal.h b/arch/x86/coco/sev/internal.h
index b1d0c66..b9632c0 100644
--- a/arch/x86/coco/sev/internal.h
+++ b/arch/x86/coco/sev/internal.h
@@ -70,6 +70,9 @@ void svsm_pval_pages(struct snp_psc_desc *desc);
 int svsm_perform_call_protocol(struct svsm_call *call);
 bool snp_svsm_vtpm_probe(void);
 
+noinstr void kernel_exc_vmm_communication(struct pt_regs *regs, unsigned long error_code);
+noinstr void user_exc_vmm_communication(struct pt_regs *regs, unsigned long error_code);
+
 static inline u64 sev_es_rd_ghcb_msr(void)
 {
 	return native_rdmsrq(MSR_AMD64_SEV_ES_GHCB);
diff --git a/arch/x86/coco/sev/vc-handle.c b/arch/x86/coco/sev/vc-handle.c
index d98b5c0..96b62b4 100644
--- a/arch/x86/coco/sev/vc-handle.c
+++ b/arch/x86/coco/sev/vc-handle.c
@@ -954,7 +954,7 @@ static __always_inline bool vc_is_db(unsigned long error_code)
  * Runtime #VC exception handler when raised from kernel mode. Runs in NMI mode
  * and will panic when an error happens.
  */
-DEFINE_IDTENTRY_VC_KERNEL(exc_vmm_communication)
+noinstr void kernel_exc_vmm_communication(struct pt_regs *regs, unsigned long error_code)
 {
 	irqentry_state_t irq_state;
 
@@ -1006,7 +1006,7 @@ DEFINE_IDTENTRY_VC_KERNEL(exc_vmm_communication)
  * Runtime #VC exception handler when raised from user mode. Runs in IRQ mode
  * and will kill the current task with SIGBUS when an error happens.
  */
-DEFINE_IDTENTRY_VC_USER(exc_vmm_communication)
+noinstr void user_exc_vmm_communication(struct pt_regs *regs, unsigned long error_code)
 {
 	/*
 	 * Handle #DB before calling into !noinstr code to avoid recursive #DB.
@@ -1032,6 +1032,14 @@ DEFINE_IDTENTRY_VC_USER(exc_vmm_communication)
 	irqentry_exit_to_user_mode(regs);
 }
 
+DEFINE_IDTENTRY_RAW_ERRORCODE(exc_vmm_communication)
+{
+	if (user_mode(regs))
+		return user_exc_vmm_communication(regs, error_code);
+	else
+		return kernel_exc_vmm_communication(regs, error_code);
+}
+
 bool __init handle_vc_boot_ghcb(struct pt_regs *regs)
 {
 	unsigned long exit_code = regs->orig_ax;
diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
index 42447b1..c6d9965 100644
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -492,7 +492,7 @@ SYM_CODE_START(\asmsym)
 
 	movq	%rsp, %rdi		/* pt_regs pointer */
 
-	call	kernel_\cfunc
+	call	\cfunc
 
 	/*
 	 * No need to switch back to the IST stack. The current stack is either
@@ -503,7 +503,7 @@ SYM_CODE_START(\asmsym)
 
 	/* Switch to the regular task stack */
 .Lfrom_usermode_switch_stack_\@:
-	idtentry_body user_\cfunc, has_error_code=1
+	idtentry_body \cfunc, has_error_code=1
 
 _ASM_NOKPROBE(\asmsym)
 SYM_CODE_END(\asmsym)
diff --git a/arch/x86/entry/entry_fred.c b/arch/x86/entry/entry_fred.c
index fbe2d10..fb3594d 100644
--- a/arch/x86/entry/entry_fred.c
+++ b/arch/x86/entry/entry_fred.c
@@ -177,16 +177,6 @@ static noinstr void fred_extint(struct pt_regs *regs)
 	}
 }
 
-#ifdef CONFIG_AMD_MEM_ENCRYPT
-noinstr void exc_vmm_communication(struct pt_regs *regs, unsigned long error_code)
-{
-	if (user_mode(regs))
-		return user_exc_vmm_communication(regs, error_code);
-	else
-		return kernel_exc_vmm_communication(regs, error_code);
-}
-#endif
-
 static noinstr void fred_hwexc(struct pt_regs *regs, unsigned long error_code)
 {
 	/* Optimize for #PF. That's the only exception which matters performance wise */
diff --git a/arch/x86/include/asm/idtentry.h b/arch/x86/include/asm/idtentry.h
index 42bf6a5..20f5487 100644
--- a/arch/x86/include/asm/idtentry.h
+++ b/arch/x86/include/asm/idtentry.h
@@ -340,17 +340,14 @@ static __always_inline void __##func(struct pt_regs *regs)
 	__visible void noist_##func(struct pt_regs *regs)
 
 /**
- * DECLARE_IDTENTRY_VC - Declare functions for the VC entry point
+ * DECLARE_IDTENTRY_VC - Declare a function for the VC entry point
  * @vector:	Vector number (ignored for C)
  * @func:	Function name of the entry point
  *
- * Maps to DECLARE_IDTENTRY_RAW_ERRORCODE, but declares also the
- * safe_stack C handler.
+ * Maps to DECLARE_IDTENTRY_RAW_ERRORCODE.
  */
 #define DECLARE_IDTENTRY_VC(vector, func)				\
-	DECLARE_IDTENTRY_RAW_ERRORCODE(vector, func);			\
-	__visible noinstr void kernel_##func(struct pt_regs *regs, unsigned long error_code);	\
-	__visible noinstr void   user_##func(struct pt_regs *regs, unsigned long error_code)
+	DECLARE_IDTENTRY_RAW_ERRORCODE(vector, func);
 
 /**
  * DEFINE_IDTENTRY_IST - Emit code for IST entry points
@@ -391,26 +388,6 @@ static __always_inline void __##func(struct pt_regs *regs)
 #define DEFINE_IDTENTRY_DF(func)					\
 	DEFINE_IDTENTRY_RAW_ERRORCODE(func)
 
-/**
- * DEFINE_IDTENTRY_VC_KERNEL - Emit code for VMM communication handler
- *			       when raised from kernel mode
- * @func:	Function name of the entry point
- *
- * Maps to DEFINE_IDTENTRY_RAW_ERRORCODE
- */
-#define DEFINE_IDTENTRY_VC_KERNEL(func)				\
-	DEFINE_IDTENTRY_RAW_ERRORCODE(kernel_##func)
-
-/**
- * DEFINE_IDTENTRY_VC_USER - Emit code for VMM communication handler
- *			     when raised from user mode
- * @func:	Function name of the entry point
- *
- * Maps to DEFINE_IDTENTRY_RAW_ERRORCODE
- */
-#define DEFINE_IDTENTRY_VC_USER(func)				\
-	DEFINE_IDTENTRY_RAW_ERRORCODE(user_##func)
-
 #else	/* CONFIG_X86_64 */
 
 /**