From: Sean Christopherson <seanjc@google.com>
To: Jim Mattson <jmattson@google.com>
Cc: Yosry Ahmed <yosry.ahmed@linux.dev>,
Paolo Bonzini <pbonzini@redhat.com>,
Thomas Gleixner <tglx@kernel.org>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Shuah Khan <shuah@kernel.org>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-kselftest@vger.kernel.org
Subject: Re: [PATCH v3 2/8] KVM: x86: nSVM: Cache and validate vmcb12 g_pat
Date: Fri, 6 Feb 2026 15:07:00 -0800 [thread overview]
Message-ID: <aYZ0FMl6E6P1MRf0@google.com> (raw)
In-Reply-To: <CALMp9eSRj=aykY7FbnPm1OgSwFSkJ=uVVmwsnGjV-A_-AQjxMQ@mail.gmail.com>
On Fri, Feb 06, 2026, Jim Mattson wrote:
> On Fri, Feb 6, 2026 at 11:12 AM Sean Christopherson <seanjc@google.com> wrote:
> >
> > On Fri, Feb 06, 2026, Jim Mattson wrote:
> > > On Fri, Feb 6, 2026 at 10:23 AM Yosry Ahmed <yosry.ahmed@linux.dev> wrote:
> > > >
> > > > February 6, 2026 at 10:19 AM, "Sean Christopherson" <seanjc@google.com> wrote:
> > AFAICT, the only "problem" is that g_pat in the serialization payload will be
> > garbage when restoring state from an older KVM. But that's totally fine, precisely
> > because L1's PAT isn't restored from vmcb01 on nested #VMEXIT, it's always resident
> > in vcpu->arch.pat. So can't we just do this to avoid a spurious -EINVAL?
> >
> > /*
> > * Validate host state saved from before VMRUN (see
> > * nested_svm_check_permissions).
> > */
> > __nested_copy_vmcb_save_to_cache(&save_cached, save);
> >
> > /*
> > * Stuff gPAT in L1's save state, as older KVM may not have saved L1's
> > * gPAT. L1's PAT, i.e. hPAT for the vCPU, is *always* tracked in
> > * vcpu->arch.pat, i.e. gPAT is a reflection of vcpu->arch.pat, not the
> > * other way around.
> > */
> > save_cached.g_pat = vcpu->arch.pat;
>
> Your comment is a bit optimistic. Qemu, for instance, hasn't restored
> MSRs yet, so vcpu->arch.pat will actually be the current vCPU's PAT
> (in the case of snapshot restore, some future PAT).
Yeah, FWIW, I was _trying_ account for that by not explicitly saying that arch.pat
is the "new" L1 state, but it's difficult to dance around :-/
> But, in any case, it should be a valid PAT.
>
> > if (!(save->cr0 & X86_CR0_PG) ||
> > !(save->cr0 & X86_CR0_PE) ||
> > (save->rflags & X86_EFLAGS_VM) ||
> > !nested_vmcb_check_save(vcpu, &ctl_cached, &save_cached))
>
> Wrong ctl_cached. Those are the vmcb02 controls, but we are checking
> the vmcb01 save state.
*sigh*
> I think it would be better to add a boolean argument, "check_gpat,"
> which will be false at this call site and nested_npt_enabled(vcpu) at
> the other call site.
Yeah, agreed. Because even though arch.pat should be valid, IIUC there isn't a
consistent check on hPAT because it's never reloaded.
next prev parent reply other threads:[~2026-02-06 23:07 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-05 21:43 [PATCH v3 0/8] KVM: x86: nSVM: Improve PAT virtualization Jim Mattson
2026-02-05 21:43 ` [PATCH v3 1/8] KVM: x86: nSVM: Clear VMCB_NPT clean bit when updating g_pat in L2 Jim Mattson
2026-02-09 16:05 ` Yosry Ahmed
2026-02-05 21:43 ` [PATCH v3 2/8] KVM: x86: nSVM: Cache and validate vmcb12 g_pat Jim Mattson
2026-02-06 18:19 ` Sean Christopherson
2026-02-06 18:23 ` Yosry Ahmed
2026-02-06 18:32 ` Jim Mattson
2026-02-06 19:12 ` Sean Christopherson
2026-02-06 19:15 ` Yosry Ahmed
2026-02-06 19:50 ` Sean Christopherson
2026-02-06 20:56 ` Jim Mattson
2026-02-06 23:07 ` Sean Christopherson [this message]
2026-02-05 21:43 ` [PATCH v3 3/8] KVM: x86: nSVM: Set vmcb02.g_pat correctly for nested NPT Jim Mattson
2026-02-06 18:23 ` Sean Christopherson
2026-02-06 18:29 ` Yosry Ahmed
2026-02-06 19:14 ` Sean Christopherson
2026-02-05 21:43 ` [PATCH v3 4/8] KVM: x86: nSVM: Redirect IA32_PAT accesses to either hPAT or gPAT Jim Mattson
2026-02-05 21:43 ` [PATCH v3 5/8] KVM: x86: nSVM: Save gPAT to vmcb12.g_pat on VMEXIT Jim Mattson
2026-02-05 21:43 ` [PATCH v3 6/8] KVM: x86: nSVM: Save/restore gPAT with KVM_{GET,SET}_NESTED_STATE Jim Mattson
2026-02-05 21:43 ` [PATCH v3 7/8] KVM: x86: nSVM: Handle restore of legacy nested state Jim Mattson
2026-02-06 19:17 ` Sean Christopherson
2026-02-06 22:38 ` Jim Mattson
2026-02-05 21:43 ` [PATCH v3 8/8] KVM: selftests: nSVM: Add svm_nested_pat test Jim Mattson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aYZ0FMl6E6P1MRf0@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=shuah@kernel.org \
--cc=tglx@kernel.org \
--cc=x86@kernel.org \
--cc=yosry.ahmed@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.