From: Paolo Bonzini <pbonzini@redhat.com>
To: David Riley <d.riley@proxmox.com>,
linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Cc: jon@nutanix.com
Subject: Re: [PATCH v4 00/28] KVM: combined patchset for MBEC/GMET support
Date: Wed, 29 Apr 2026 15:12:38 +0200 [thread overview]
Message-ID: <56d2343e-cab0-4804-b078-eddeb33b3d02@redhat.com> (raw)
In-Reply-To: <dbc9f517-bd57-4c1c-a638-c33bb83a1171@proxmox.com>
On 4/29/26 15:05, David Riley wrote:
> Windows Guest:
> After the initial installation and verification I enabled
> Virtualization-Based Security (VBS) and Hypervisor-Protected Code
> Integrity (HVCI).
>
> I set the following in the Group Policy Editor (DeviceGuard):
> * Select Platform Security Level: Secure Boot
> * Virtualization Based Protection of Code Integrity: Enabled without
> lock
> * Require UEFI Memory Attributes Table: Checked
>
> I tried to launch the Windows Guest with these QEMU CPU options:
> -cpu 'host,+kvm_pv_eoi,+kvm_pv_unhalt,level=30'
>
> These flags worked with the last patch series (v3) without any issues
> [2][3].
>
> I observed the following:
> The guest now never actually boots into Windows. It gets stuck before
> that and therefore does not even enter Windows Recovery.
Interesting, I'll see if I can reproduce.
> I found the following log in the journal:
> Apr 29 13:44:55 jura2 kernel: kvm_amd: kvm [29717]: vcpu0, guest rIP:
> 0xfffff83560f3b225 Unhandled WRMSR(0xc0010115) = 0x0
>
> the same messages also appeared in dmesg:
> [ 1910.476609] kvm_amd: kvm [8755]: vcpu0, guest rIP:
> 0xfffff851f793b225 Unhandled WRMSR(0xc0010115) = 0x0
This is harmless.
> I also did a trace using `trace-cmd record -e kvm` and observed that
> the cpu seems to be stuck in a infinite loop. Snippet of the output:
>
> CPU 0/KVM-29834 [020] ..... 8801.135700: kvm_page_fault:
> vcpu 0 rip 0xfffff83560f8f6a0 address 0x00000001011e9f80 error_code
> 0x200000007
> CPU 0/KVM-29834 [020] d..1. 8801.135701: kvm_entry: vcpu 0
> rip 0xfffff83560f8f6a0
> CPU 0/KVM-29834 [020] d..1. 8801.135702: kvm_exit: reason
> EXIT_NPF rip 0xfffff83560f8f6a0 info 200000007 1011e9f80
> CPU 0/KVM-29834 [020] ..... 8801.135702: kvm_nested_vmexit:
> <CANT FIND FIELD rip>vcpu 0 reason npf rip 0xfffff83560f8f6a0 info1
> 0x0000000200000007 info2 0x00000001011e9f80 intr_info 0x00000000
> error_code 0x00000000 requests 0x0000000000000000
> CPU 0/KVM-29834 [020] ..... 8801.135703: kvm_page_fault:
> vcpu 0 rip 0xfffff83560f8f6a0 address 0x00000001011e9f80 error_code
> 0x200000007
> CPU 0/KVM-29834 [020] d..1. 8801.135704: kvm_entry: vcpu 0
> rip 0xfffff83560f8f6a0
> CPU 0/KVM-29834 [020] d..1. 8801.135705: kvm_exit: reason
> EXIT_NPF rip 0xfffff83560f8f6a0 info 200000007 1011e9f80
> CPU 0/KVM-29834 [020] ..... 8801.135705: kvm_nested_vmexit:
> <CANT FIND FIELD rip>vcpu 0 reason npf rip 0xfffff83560f8f6a0 info1
> 0x0000000200000007 info2 0x00000001011e9f80 intr_info 0x00000000
> error_code 0x00000000 requests 0x0000000000000000
>
> Could this be related to the new patch 24?
I wouldn't think so, but I might very well be wrong. You could try
reverting it.
Paolo
> Are there certain flags or enhancements I could try?
>
> Please let me know if you need some additional debug output.
>
> Best regards,
> David
>
> [0] https://gitlab.com/qemu-project/qemu/-/
> commit/746a823a17f25393cc8c0cd1257f6dcef757bc09
> [1] https://learn.microsoft.com/en-us/windows/security/hardware-
> security/enable-virtualization-based-protection-of-code-integrity?
> tabs=security
> [2] https://lore.kernel.org/kvm/20260408154217.458420-1-
> pbonzini@redhat.com/
> [3] https://lore.kernel.org/kvm/c91391f4-57b8-4bad-
> aba8-2c47c285ab27@proxmox.com/
>
> On 4/28/26 1:33 PM, Paolo Bonzini wrote:
>> I will send you to v3 (https://lore.kernel.org/
>> kvm/20260408154217.458420-1-pbonzini@redhat.com/)
>> for the description of the series, and leave a short list of changes:
>>
>> - patch 15: clear enable_mbec = 0 if enable_ept == 0
>> - patches 23-27: adjust for rename of nested_ctl to misc_ctl
>> - patch 24: new
>> - patch 27: disable svm_get_cpl for SEV-ES/SEV-SNP
>> - patch 28: fix commit message reference to __nested_svm_check_controls
>>
>> (patch 24 is the only major bugfix).
>>
>> Thanks,
>>
>> Paolo
>>
>> Jon Kohler (5):
>> KVM: TDX/VMX: rework EPT_VIOLATION_EXEC_FOR_RING3_LIN into PROT_MASK
>> KVM: x86/mmu: remove SPTE_PERM_MASK
>> KVM: x86/mmu: free up bit 10 of PTEs in preparation for MBEC
>> KVM: nVMX: advertise MBEC to nested guests
>> KVM: nVMX: allow MBEC with EVMCS
>>
>> Paolo Bonzini (23):
>> KVM: x86/mmu: shuffle high bits of SPTEs in preparation for MBEC
>> KVM: x86/mmu: remove SPTE_EPT_*
>> KVM: x86/mmu: merge make_spte_{non,}executable
>> KVM: x86/mmu: rename and clarify BYTE_MASK
>> KVM: x86/mmu: introduce ACC_READ_MASK
>> KVM: x86/mmu: separate more EPT/non-EPT permission_fault()
>> KVM: x86/mmu: pass PFERR_GUEST_PAGE/FINAL_MASK to kvm_translate_gpa
>> KVM: x86/mmu: pass pte_access for final nGPA->GPA walk
>> KVM: x86: make translate_nested_gpa vendor-specific
>> KVM: x86/mmu: split XS/XU bits for EPT
>> KVM: x86/mmu: move cr4_smep to base role
>> KVM: VMX: enable use of MBEC
>> KVM: nVMX: pass advanced EPT violation vmexit info to guest
>> KVM: nVMX: pass PFERR_USER_MASK to MMU on EPT violations
>> KVM: x86/mmu: add support for MBEC to EPT page table walks
>> KVM: x86/mmu: propagate access mask from root pages down
>> KVM: x86/mmu: introduce cpu_role bit for availability of PFEC.I/D
>> KVM: SVM: add GMET bit definitions
>> KVM: x86/mmu: set CR0.WP=1 for shadow NPT MMU
>> KVM: x86/mmu: add support for GMET to NPT page table walks
>> KVM: SVM: enable GMET and set it in MMU role
>> KVM: SVM: work around errata 1218
>> KVM: nSVM: enable GMET for guests
>>
>> Documentation/virt/kvm/x86/mmu.rst | 10 +-
>> arch/x86/include/asm/cpufeatures.h | 1 +
>> arch/x86/include/asm/kvm-x86-ops.h | 1 +
>> arch/x86/include/asm/kvm_host.h | 48 ++++++---
>> arch/x86/include/asm/svm.h | 1 +
>> arch/x86/include/asm/vmx.h | 14 ++-
>> arch/x86/kvm/hyperv.c | 4 +-
>> arch/x86/kvm/mmu.h | 30 ++++--
>> arch/x86/kvm/mmu/mmu.c | 168 ++++++++++++++++++++---------
>> arch/x86/kvm/mmu/mmutrace.h | 19 ++--
>> arch/x86/kvm/mmu/paging_tmpl.h | 73 ++++++++-----
>> arch/x86/kvm/mmu/spte.c | 74 +++++++------
>> arch/x86/kvm/mmu/spte.h | 70 ++++++------
>> arch/x86/kvm/mmu/tdp_mmu.c | 6 +-
>> arch/x86/kvm/svm/nested.c | 37 ++++++-
>> arch/x86/kvm/svm/svm.c | 31 ++++++
>> arch/x86/kvm/svm/svm.h | 1 +
>> arch/x86/kvm/vmx/capabilities.h | 12 ++-
>> arch/x86/kvm/vmx/common.h | 20 ++--
>> arch/x86/kvm/vmx/hyperv_evmcs.h | 1 +
>> arch/x86/kvm/vmx/main.c | 9 ++
>> arch/x86/kvm/vmx/nested.c | 46 +++++++-
>> arch/x86/kvm/vmx/tdx.c | 2 +-
>> arch/x86/kvm/vmx/vmx.c | 27 ++++-
>> arch/x86/kvm/vmx/vmx.h | 1 +
>> arch/x86/kvm/vmx/x86_ops.h | 1 +
>> arch/x86/kvm/x86.c | 18 +---
>> 27 files changed, 505 insertions(+), 220 deletions(-)
>>
>
next prev parent reply other threads:[~2026-04-29 13:12 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-28 11:09 [PATCH v4 00/28] KVM: combined patchset for MBEC/GMET support Paolo Bonzini
2026-04-28 11:09 ` [PATCH 01/28] KVM: TDX/VMX: rework EPT_VIOLATION_EXEC_FOR_RING3_LIN into PROT_MASK Paolo Bonzini
2026-04-28 11:09 ` [PATCH 02/28] KVM: x86/mmu: remove SPTE_PERM_MASK Paolo Bonzini
2026-04-28 11:09 ` [PATCH 03/28] KVM: x86/mmu: free up bit 10 of PTEs in preparation for MBEC Paolo Bonzini
2026-04-28 11:09 ` [PATCH 04/28] KVM: x86/mmu: shuffle high bits of SPTEs " Paolo Bonzini
2026-04-28 11:09 ` [PATCH 05/28] KVM: x86/mmu: remove SPTE_EPT_* Paolo Bonzini
2026-04-28 11:09 ` [PATCH 06/28] KVM: x86/mmu: merge make_spte_{non,}executable Paolo Bonzini
2026-04-28 11:09 ` [PATCH 07/28] KVM: x86/mmu: rename and clarify BYTE_MASK Paolo Bonzini
2026-04-28 11:09 ` [PATCH 08/28] KVM: x86/mmu: introduce ACC_READ_MASK Paolo Bonzini
2026-04-28 11:09 ` [PATCH 09/28] KVM: x86/mmu: separate more EPT/non-EPT permission_fault() Paolo Bonzini
2026-04-28 11:09 ` [PATCH 10/28] KVM: x86/mmu: pass PFERR_GUEST_PAGE/FINAL_MASK to kvm_translate_gpa Paolo Bonzini
2026-04-28 11:09 ` [PATCH 11/28] KVM: x86/mmu: pass pte_access for final nGPA->GPA walk Paolo Bonzini
2026-04-29 7:58 ` Paolo Bonzini
2026-04-28 11:09 ` [PATCH 12/28] KVM: x86: make translate_nested_gpa vendor-specific Paolo Bonzini
2026-04-28 11:09 ` [PATCH 13/28] KVM: x86/mmu: split XS/XU bits for EPT Paolo Bonzini
2026-04-28 11:09 ` [PATCH 14/28] KVM: x86/mmu: move cr4_smep to base role Paolo Bonzini
2026-04-28 11:09 ` [PATCH 15/28] KVM: VMX: enable use of MBEC Paolo Bonzini
2026-04-28 11:09 ` [PATCH 16/28] KVM: nVMX: pass advanced EPT violation vmexit info to guest Paolo Bonzini
2026-04-28 11:09 ` [PATCH 17/28] KVM: nVMX: pass PFERR_USER_MASK to MMU on EPT violations Paolo Bonzini
2026-04-28 11:09 ` [PATCH 18/28] KVM: x86/mmu: add support for MBEC to EPT page table walks Paolo Bonzini
2026-04-28 11:09 ` [PATCH 19/28] KVM: nVMX: advertise MBEC to nested guests Paolo Bonzini
2026-04-28 11:09 ` [PATCH 20/28] KVM: nVMX: allow MBEC with EVMCS Paolo Bonzini
2026-04-28 11:09 ` [PATCH 21/28] KVM: x86/mmu: propagate access mask from root pages down Paolo Bonzini
2026-04-28 11:09 ` [PATCH 22/28] KVM: x86/mmu: introduce cpu_role bit for availability of PFEC.I/D Paolo Bonzini
2026-04-28 11:09 ` [PATCH 23/28] KVM: SVM: add GMET bit definitions Paolo Bonzini
2026-04-28 11:09 ` [PATCH 24/28] KVM: x86/mmu: set CR0.WP=1 for shadow NPT MMU Paolo Bonzini
2026-04-28 11:09 ` [PATCH 25/28] KVM: x86/mmu: add support for GMET to NPT page table walks Paolo Bonzini
2026-04-28 11:09 ` [PATCH 26/28] KVM: SVM: enable GMET and set it in MMU role Paolo Bonzini
2026-04-28 11:09 ` [PATCH 27/28] KVM: SVM: work around errata 1218 Paolo Bonzini
2026-04-28 11:09 ` [PATCH 28/28] KVM: nSVM: enable GMET for guests Paolo Bonzini
2026-04-29 13:05 ` [PATCH v4 00/28] KVM: combined patchset for MBEC/GMET support David Riley
2026-04-29 13:12 ` Paolo Bonzini [this message]
2026-04-30 10:28 ` Paolo Bonzini
2026-04-30 12:08 ` David Riley
2026-05-05 1:14 ` Jon Kohler
2026-05-05 5:31 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56d2343e-cab0-4804-b078-eddeb33b3d02@redhat.com \
--to=pbonzini@redhat.com \
--cc=d.riley@proxmox.com \
--cc=jon@nutanix.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.