Re: [PATCH V4 0/4] Align SVM with APM defined behaviors

[Sean Christopherson <seanjc@google.com>]

On Mon, Mar 02, 2026, Sean Christopherson wrote:
> On Mon, Mar 02, 2026, Yosry Ahmed wrote:
> > On Fri, Feb 27, 2026 at 7:33 PM Kevin Cheng <chengkev@google.com> wrote:
> > >
> > > The APM lists the following behaviors
> > >   - The VMRUN, VMLOAD, VMSAVE, CLGI, VMMCALL, and INVLPGA instructions
> > >     can be used when the EFER.SVME is set to 1; otherwise, these
> > >     instructions generate a #UD exception.
> > >   - If VMMCALL instruction is not intercepted, the instruction raises a
> > >     #UD exception.
> > >
> > > The patches in this series fix current SVM bugs that do not adhere to
> > > the APM listed behaviors.
> > >
> > > v3 -> v4:
> > >   - Dropped "KVM: SVM: Inject #UD for STGI if EFER.SVME=0 and SVM Lock
> > >     and DEV are not available" as per Sean
> > >   - Added back STGI and CLGI intercept clearing in init_vmcb to maintain
> > >     previous behavior on intel guests. Previously intel guests always
> > >     had STGI and CLGI intercepts cleared if vgif was enabled. In V3,
> > >     because the clearing of the intercepts was moved from init_vmcb() to
> > >     the !guest_cpuid_is_intel_compatible() case in
> > >     svm_recalc_instruction_intercepts(), the CLGI intercept would be
> > >     indefinitely set on intel guests. I added back the clearing to
> > >     init_vmcb() to retain intel guest behavior before this patch.
> > 
> > I am a bit confused by this. v4 kept initializing the intercepts as
> > cleared for all guests, but we still set the CLGI/STGI intercepts for
> > Intel-compatible guests in svm_recalc_instruction_intercepts() patch
> > 3. So what difference did this make?
> > 
> > Also taking a step back, I am not really sure what's the right thing
> > to do for Intel-compatible guests here. It also seems like even if we
> > set the intercept, svm_set_gif() will clear the STGI intercept, even
> > on Intel-compatible guests.
> > 
> > Maybe we should leave that can of worms alone, go back to removing
> > initializing the CLGI/STGI intercepts in init_vmcb(), and in
> > svm_recalc_instruction_intercepts() set/clear these intercepts based
> > on EFER.SVME alone, irrespective of Intel-compatibility?
> 
> Ya, guest_cpuid_is_intel_compatible() should only be applied to VMLOAD/VMSAVE.
> KVM intercepts VMLOAD/VMSAVE to fixup SYSENTER MSRs, not to inject #UD.  I.e. KVM
> is handling (the absoutely absurd) case that FMS reports an Intel CPU, but the
> guest enables and uses SVM.
> 
> 	/*
> 	 * Intercept VMLOAD if the vCPU model is Intel in order to emulate that
> 	 * VMLOAD drops bits 63:32 of SYSENTER (ignoring the fact that exposing
> 	 * SVM on Intel is bonkers and extremely unlikely to work).
> 	 */
> 	if (guest_cpuid_is_intel_compatible(vcpu))
> 		guest_cpu_cap_clear(vcpu, X86_FEATURE_V_VMSAVE_VMLOAD);
> 
> Sorry for not catching this in previous versions.

Because I got all kinds of confused trying to recall what was different between
v3 and v4, I went ahead and spliced them together.

Does the below look right?  If so, I'll formally post just patches 1 and 3 as v5.
I'll take 2 and 4 directly from here; I want to switch the ordering anyways so
that the vgif movement immediately precedes the Recalc "instructions" patch.

	/*
	 * Intercept instructions that #UD if EFER.SVME=0, as SVME must be set
	 * even when running the guest, i.e. hardware will only ever see
	 * EFER.SVME=1.
	 *
	 * No need to toggle any of the vgif/vls/etc. enable bits here, as they
	 * are set when the VMCB is initialized and never cleared (if the
	 * relevant intercepts are set, the enablements are meaningless anyway).
	 */
	if (!(vcpu->arch.efer & EFER_SVME)) {
		svm_set_intercept(svm, INTERCEPT_VMLOAD);
		svm_set_intercept(svm, INTERCEPT_VMSAVE);
		svm_set_intercept(svm, INTERCEPT_CLGI);
		svm_set_intercept(svm, INTERCEPT_STGI);
	} else {
		/*
		 * If hardware supports Virtual VMLOAD VMSAVE then enable it
		 * in VMCB and clear intercepts to avoid #VMEXIT.
		 */
		if (guest_cpuid_is_intel_compatible(vcpu)) {
			svm_set_intercept(svm, INTERCEPT_VMLOAD);
			svm_set_intercept(svm, INTERCEPT_VMSAVE);
		} else if (vls) {
			svm_clr_intercept(svm, INTERCEPT_VMLOAD);
			svm_clr_intercept(svm, INTERCEPT_VMSAVE);
		}

		/*
		 * Process pending events when clearing STGI/CLGI intercepts if
		 * there's at least one pending event that is masked by GIF, so
		 * that KVM re-evaluates if the intercept needs to be set again
		 * to track when GIF is re-enabled (e.g. for NMI injection).
		 */
		if (vgif) {
			svm_clr_intercept(svm, INTERCEPT_CLGI);
			svm_clr_intercept(svm, INTERCEPT_STGI);

			if (svm_has_pending_gif_event(svm))
				kvm_make_request(KVM_REQ_EVENT, &svm->vcpu);
		}
	}

where init_vmcb() is (like v3):

	if (vnmi)
		svm->vmcb->control.int_ctl |= V_NMI_ENABLE_MASK;

	if (vgif)
		svm->vmcb->control.int_ctl |= V_GIF_ENABLE_MASK;

	if (vls)
		svm->vmcb->control.virt_ext |= VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK;