From: Jim Mattson <jmattson@google.com>
To: "Sean Christopherson" <seanjc@google.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Ingo Molnar" <mingo@redhat.com>,
"Borislav Petkov" <bp@alien8.de>,
"Dave Hansen" <dave.hansen@linux.intel.com>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
"Alexander Graf" <agraf@suse.de>,
"Joerg Roedel" <joro@8bytes.org>, "Avi Kivity" <avi@redhat.com>,
"Radim Krčmář" <rkrcmar@redhat.com>,
"David Hildenbrand" <david@redhat.com>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Jim Mattson <jmattson@google.com>
Subject: [RFC PATCH 1/6] KVM: x86: nSVM: Shuffle guest PAT and PAT MSR in svm_set_nested_state()
Date: Fri, 7 Nov 2025 12:11:24 -0800 [thread overview]
Message-ID: <20251107201151.3303170-2-jmattson@google.com> (raw)
In-Reply-To: <20251107201151.3303170-1-jmattson@google.com>
When L2 is active and using nested paging, accesses to the PAT MSR
should be redirected to the Guest PAT register. As a result,
KVM_GET_MSRS will save the Guest PAT register rather than the PAT
MSR. However, on restore, KVM_SET_MSRS is called before
KVM_SET_NESTED_STATE, so the Guest PAT register will be restored to
the PAT MSR.
To fix the serialization of the Guest PAT register and the PAT MSR,
copy the PAT MSR to the Guest PAT register (vmcb02->save.g_pat) and
copy vmcb01->save.g_pat to the PAT MSR in svm_set_nested_state() under
the right conditions. One of these conditions is a new SVM nested
state flag, which will be set in the commit that modifies the
KVM_{GET,SET}_MSRS semantics.
Signed-off-by: Jim Mattson <jmattson@google.com>
---
arch/x86/include/uapi/asm/kvm.h | 2 ++
arch/x86/kvm/svm/nested.c | 15 +++++++++++++++
2 files changed, 17 insertions(+)
diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h
index d420c9c066d4..df8ae68f56f7 100644
--- a/arch/x86/include/uapi/asm/kvm.h
+++ b/arch/x86/include/uapi/asm/kvm.h
@@ -494,6 +494,7 @@ struct kvm_sync_regs {
#define KVM_STATE_NESTED_SVM_VMCB_SIZE 0x1000
#define KVM_STATE_VMX_PREEMPTION_TIMER_DEADLINE 0x00000001
+#define KVM_STATE_SVM_VALID_GPAT 0x00000001
/* vendor-independent attributes for system fd (group 0) */
#define KVM_X86_GRP_SYSTEM 0
@@ -529,6 +530,7 @@ struct kvm_svm_nested_state_data {
struct kvm_svm_nested_state_hdr {
__u64 vmcb_pa;
+ __u32 flags;
};
/* for KVM_CAP_NESTED_STATE */
diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index a6443feab252..ad11b11f482e 100644
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -1052,6 +1052,7 @@ void svm_copy_vmrun_state(struct vmcb_save_area *to_save,
to_save->rsp = from_save->rsp;
to_save->rip = from_save->rip;
to_save->cpl = 0;
+ to_save->g_pat = from_save->g_pat;
if (kvm_cpu_cap_has(X86_FEATURE_SHSTK)) {
to_save->s_cet = from_save->s_cet;
@@ -1890,6 +1891,20 @@ static int svm_set_nested_state(struct kvm_vcpu *vcpu,
if (WARN_ON_ONCE(ret))
goto out_free;
+ /*
+ * If nested paging is enabled in vmcb12, then KVM_SET_MSRS restored
+ * the guest PAT register to the PAT MSR. Move this to the guest PAT
+ * register (svm->vmcb->save.g_pat) and restore the PAT MSR from
+ * svm->vmcb01.ptr->save.g_pat).
+ */
+ if ((kvm_state->hdr.svm.flags & KVM_STATE_SVM_VALID_GPAT) &&
+ nested_npt_enabled(svm)) {
+ ret = -EINVAL;
+ svm->vmcb->save.g_pat = vcpu->arch.pat;
+ if (!kvm_pat_valid(svm->vmcb01.ptr->save.g_pat))
+ goto out_free;
+ vcpu->arch.pat = svm->vmcb01.ptr->save.g_pat;
+ }
svm->nested.force_msr_bitmap_recalc = true;
kvm_make_request(KVM_REQ_GET_NESTED_STATE_PAGES, vcpu);
--
2.51.2.1041.gc1ab5b90ca-goog
next prev parent reply other threads:[~2025-11-07 20:11 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-07 20:11 [RFC PATCH 0/6] KVM: x86: nSVM: Improve virtualization of VMCB12 G_PAT Jim Mattson
2025-11-07 20:11 ` Jim Mattson [this message]
2025-11-07 20:11 ` [RFC PATCH 2/6] KVM: x86: nSVM: Redirect PAT MSR accesses to gPAT when NPT is enabled in vmcb12 Jim Mattson
2025-11-07 20:11 ` [RFC PATCH 3/6] KVM: x86: nSVM: Copy current vmcb02 g_pat to vmcb12 g_pat on #VMEXIT Jim Mattson
2025-11-07 20:11 ` [RFC PATCH 4/6] KVM: x86: nSVM: Cache g_pat in vmcb_ctrl_area_cached Jim Mattson
2025-11-07 20:11 ` [RFC PATCH 5/6] KVM: x86: nSVM: Add validity check for the VMCB12 g_pat Jim Mattson
2025-11-07 20:11 ` [RFC PATCH 6/6] KVM: x86: nSVM: Use cached VMCB12 g_pat in VMCB02 when using NPT Jim Mattson
2025-11-17 20:56 ` [RFC PATCH 0/6] KVM: x86: nSVM: Improve virtualization of VMCB12 G_PAT Yosry Ahmed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251107201151.3303170-2-jmattson@google.com \
--to=jmattson@google.com \
--cc=agraf@suse.de \
--cc=avi@redhat.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=david@redhat.com \
--cc=hpa@zytor.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=rkrcmar@redhat.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox