Re: [PATCH 2/2] KVM: SVM: Raise #UD if VMMCALL instruction is not intercepted

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sean Christopherson <seanjc@google.com>
To: Kevin Cheng <chengkev@google.com>
Cc: pbonzini@redhat.com, kvm@vger.kernel.org,
	linux-kernel@vger.kernel.org,  yosry.ahmed@linux.dev
Subject: Re: [PATCH 2/2] KVM: SVM: Raise #UD if VMMCALL instruction is not intercepted
Date: Tue, 6 Jan 2026 10:29:59 -0800	[thread overview]
Message-ID: <aV1UpwppcDbOim_K@google.com> (raw)
In-Reply-To: <20260106041250.2125920-3-chengkev@google.com>

On Tue, Jan 06, 2026, Kevin Cheng wrote:
> The AMD APM states that if VMMCALL instruction is not intercepted, the
> instruction raises a #UD exception.
> 
> Create a vmmcall exit handler that generates a #UD if a VMMCALL exit
> from L2 is being handled by L0, which means that L1 did not intercept
> the VMMCALL instruction.
> 
> Co-developed-by: Sean Christopherson <seanjc@google.com>
> Co-developed-by: Yosry Ahmed <yosry.ahmed@linux.dev>

Co-developed-by requires a SoB.  As Yosry noted off-list, he only provided the
comment, and I have feedback on that :-)  Unless Yosry objects, just drop his.
Co-developed-by.

Ditt for me, just give me

  Suggested-by: Sean Christopherson <seanjc@google.com>

I don't need a Co-developed-by for a tossing a code snippet your way. though I
appreciate the offer. :-)

> Signed-off-by: Kevin Cheng <chengkev@google.com>
> ---
>  arch/x86/kvm/svm/svm.c | 16 +++++++++++++++-
>  1 file changed, 15 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
> index fc1b8707bb00c..482495ad72d22 100644
> --- a/arch/x86/kvm/svm/svm.c
> +++ b/arch/x86/kvm/svm/svm.c
> @@ -3179,6 +3179,20 @@ static int bus_lock_exit(struct kvm_vcpu *vcpu)
>  	return 0;
>  }
>  
> +static int vmmcall_interception(struct kvm_vcpu *vcpu)
> +{
> +	/*
> +	 * If VMMCALL from L2 is not intercepted by L1, the instruction raises a
> +	 * #UD exception
> +	 */

Mentioning L2 and L1 is confusing.  It reads like arbitrary KVM behavior.  And
IMO the most notable thing is what's missing: an intercept check.  _That_ is
worth commenting, e.g.

	/*
	 * VMMCALL #UDs if it's not intercepted, and KVM reaches this point if
	 * and only if the VMCALL intercept is not set in vmcb12.
	 */

> +	if (is_guest_mode(vcpu)) {
> +		kvm_queue_exception(vcpu, UD_VECTOR);
> +		return 1;
> +	}
> +
> +	return kvm_emulate_hypercall(vcpu);
> +}
> +
>  static int (*const svm_exit_handlers[])(struct kvm_vcpu *vcpu) = {
>  	[SVM_EXIT_READ_CR0]			= cr_interception,
>  	[SVM_EXIT_READ_CR3]			= cr_interception,
> @@ -3229,7 +3243,7 @@ static int (*const svm_exit_handlers[])(struct kvm_vcpu *vcpu) = {
>  	[SVM_EXIT_TASK_SWITCH]			= task_switch_interception,
>  	[SVM_EXIT_SHUTDOWN]			= shutdown_interception,
>  	[SVM_EXIT_VMRUN]			= vmrun_interception,
> -	[SVM_EXIT_VMMCALL]			= kvm_emulate_hypercall,
> +	[SVM_EXIT_VMMCALL]			= vmmcall_interception,
>  	[SVM_EXIT_VMLOAD]			= vmload_interception,
>  	[SVM_EXIT_VMSAVE]			= vmsave_interception,
>  	[SVM_EXIT_STGI]				= stgi_interception,
> -- 
> 2.52.0.351.gbe84eed79e-goog
>

next prev parent reply	other threads:[~2026-01-06 18:30 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-01-06  4:12 [PATCH 0/2] KVM: SVM: Align SVM with APM defined behaviors Kevin Cheng
2026-01-06  4:12 ` [PATCH 1/2] KVM: SVM: Generate #UD for certain instructions when SVME.EFER is disabled Kevin Cheng
2026-01-06 18:21   ` Sean Christopherson
2026-01-06 20:38     ` Andrew Cooper
2026-01-06 23:42     ` Yosry Ahmed
2026-01-06 23:48       ` Sean Christopherson
2026-01-07  0:04         ` Yosry Ahmed
2026-01-06  4:12 ` [PATCH 2/2] KVM: SVM: Raise #UD if VMMCALL instruction is not intercepted Kevin Cheng
2026-01-06 18:29   ` Sean Christopherson [this message]
2026-01-06 18:52     ` Andrew Cooper
2026-01-06 18:57       ` Sean Christopherson
2026-01-06 20:40         ` Andrew Cooper
2026-01-06 23:31     ` Yosry Ahmed
2026-01-06 23:38       ` Sean Christopherson
2026-01-07  0:02         ` Yosry Ahmed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aV1UpwppcDbOim_K@google.com \
    --to=seanjc@google.com \
    --cc=chengkev@google.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pbonzini@redhat.com \
    --cc=yosry.ahmed@linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.