From: Yosry Ahmed <yosry@kernel.org>
To: Nikunj A Dadhania <nikunj@amd.com>
Cc: kvm@vger.kernel.org, seanjc@google.com, pbonzini@redhat.com,
thomas.lendacky@amd.com, bp@alien8.de,
joao.m.martins@oracle.com, kai.huang@intel.com
Subject: Re: [PATCH v7 7/7] KVM: SVM: Add Page modification logging support
Date: Mon, 18 May 2026 17:12:18 +0000 [thread overview]
Message-ID: <agtGh82vLu4G6pWI@google.com> (raw)
In-Reply-To: <20260518045916.2988667-8-nikunj@amd.com>
> diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
> index 4ef9bc6a553f3..dd30aef9fc497 100644
> --- a/arch/x86/kvm/svm/nested.c
> +++ b/arch/x86/kvm/svm/nested.c
> @@ -882,6 +882,12 @@ static void nested_vmcb02_prepare_control(struct vcpu_svm *svm)
> vmcb02->control.msrpm_base_pa = vmcb01->control.msrpm_base_pa;
> vmcb_mark_dirty(vmcb02, VMCB_PERM_MAP);
>
> + /* Clear PML fields to avoid stale data in vmcb02. */
> + if (pml) {
> + vmcb02->control.pml_addr = 0;
> + vmcb02->control.pml_index = -1;
> + }
I think the comment here is misleading. vmcb02 is allocated with
__GFP_ZERO, and IIUC pml_index should not matter when pml_addr is zero.
This is strictly for hardening as far as I can tell, especially looking
at commit c3bb9a20834f ("KVM: nVMX: Disable PML in hardware when running
L2"), which introduced something similar for VMX.
So maybe something like:
/*
* PML is never enabled in hardware for L2. Make sure that an
* unexpected PML write would trigger a PML_FULL VM-Exit.
*/
Also, the above commit also hanlded a PML_FULL VM-Exit as unexpected,
maybe we want to do that here as well? Or is that too paranoid?
Annoyingly, the unexpected exit reason handling is in
svm_invoke_exit_handler(), but the guest mode check is in
svm_handle_exit(), so if we do that we may need to move some code
around.
next prev parent reply other threads:[~2026-05-18 17:12 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-18 4:59 [PATCH v7 0/7] KVM: SVM: Add Page Modification Logging (PML) support Nikunj A Dadhania
2026-05-18 4:59 ` [PATCH v7 1/7] KVM: VMX: Pass @vcpu, not @vmx to init_vmcs() Nikunj A Dadhania
2026-05-18 11:35 ` Huang, Kai
2026-05-18 4:59 ` [PATCH v7 2/7] KVM: x86: Move PML page to common vcpu arch structure Nikunj A Dadhania
2026-05-18 4:59 ` [PATCH v7 3/7] KVM: x86: Carve out PML flush routine Nikunj A Dadhania
2026-05-18 4:59 ` [PATCH v7 4/7] KVM: VMX: Use cpu_dirty_log_size instead of enable_pml for PML checks Nikunj A Dadhania
2026-05-18 4:59 ` [PATCH v7 5/7] x86/cpufeatures: Add Page modification logging Nikunj A Dadhania
2026-05-18 4:59 ` [PATCH v7 6/7] KVM: SVM: Use BIT_ULL for 64-bit misc_ctl bit definitions Nikunj A Dadhania
2026-05-18 4:59 ` [PATCH v7 7/7] KVM: SVM: Add Page modification logging support Nikunj A Dadhania
2026-05-18 17:12 ` Yosry Ahmed [this message]
2026-05-18 18:55 ` Sean Christopherson
2026-05-18 19:14 ` Yosry Ahmed
2026-05-18 19:25 ` Yosry Ahmed
2026-05-19 14:46 ` Nikunj A. Dadhania
2026-05-29 6:38 ` [PATCH v7.1] " Nikunj A Dadhania
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=agtGh82vLu4G6pWI@google.com \
--to=yosry@kernel.org \
--cc=bp@alien8.de \
--cc=joao.m.martins@oracle.com \
--cc=kai.huang@intel.com \
--cc=kvm@vger.kernel.org \
--cc=nikunj@amd.com \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.