From: "Chang S. Bae" <chang.seok.bae@intel.com>
To: pbonzini@redhat.com, seanjc@google.com
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
chao.gao@intel.com, chang.seok.bae@intel.com
Subject: [PATCH v3 16/20] KVM: x86: Guard valid XCR0.APX settings
Date: Tue, 28 Apr 2026 05:01:07 +0000 [thread overview]
Message-ID: <20260428050111.39323-17-chang.seok.bae@intel.com> (raw)
In-Reply-To: <20260428050111.39323-1-chang.seok.bae@intel.com>
Prevent invalid XCR0.APX configurations in two cases: conflict with MPX
and lack of SVM support.
In the non-compacted XSAVE format, APX and MPX conflict on the same
offset. Although MPX is being deprecated in practice, KVM should
explicitly reject such configurations that set both bits.
At this point, only VMX supports EGPRs. SVM will require corresponding
extensions to handle EGPR indices.
Updating the supported XCR0 mask will be done separately with CPUID
exposure.
Link: https://lore.kernel.org/ab3f4937-38f5-4354-8850-bf773c159bbe@redhat.com
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Chang S. Bae <chang.seok.bae@intel.com>
---
arch/x86/kvm/svm/svm.c | 7 ++++++-
arch/x86/kvm/x86.c | 4 ++++
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 73febbb24340..080bc2f829d9 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -5546,8 +5546,13 @@ static __init int svm_hardware_setup(void)
return -EOPNOTSUPP;
}
+ /*
+ * APX introduces EGPRs, which require additional VMCB support.
+ * Disable APX until the necessary extensions are handled.
+ */
kvm_caps.supported_xcr0 &= ~(XFEATURE_MASK_BNDREGS |
- XFEATURE_MASK_BNDCSR);
+ XFEATURE_MASK_BNDCSR |
+ XFEATURE_MASK_APX);
if (tsc_scaling) {
if (!boot_cpu_has(X86_FEATURE_TSCRATEMSR)) {
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index fb77869f0233..b6b2fd877893 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -1290,6 +1290,10 @@ int __kvm_set_xcr(struct kvm_vcpu *vcpu, u32 index, u64 xcr)
(!(xcr0 & XFEATURE_MASK_BNDCSR)))
return 1;
+ /* MPX and APX conflict in the non-compacted XSAVE format */
+ if (xcr0 & XFEATURE_MASK_BNDREGS && xcr0 & XFEATURE_MASK_APX)
+ return 1;
+
if (xcr0 & XFEATURE_MASK_AVX512) {
if (!(xcr0 & XFEATURE_MASK_YMM))
return 1;
--
2.51.0
next prev parent reply other threads:[~2026-04-28 5:26 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-28 5:00 [PATCH v3 00/20] KVM: x86: Enable APX for guests Chang S. Bae
2026-04-28 5:00 ` [PATCH v3 01/20] KVM: VMX: Macrofy 64-bit GPR swapping in __vmx_vcpu_run() Chang S. Bae
2026-04-28 9:03 ` Paolo Bonzini
2026-04-28 20:12 ` Chang S. Bae
2026-04-29 7:50 ` Paolo Bonzini
2026-04-29 17:22 ` Chang S. Bae
2026-04-28 9:09 ` Paolo Bonzini
2026-04-28 5:00 ` [PATCH v3 02/20] KVM: SVM: Macrofy 64-bit GPR swapping in __svm_vcpu_run() Chang S. Bae
2026-04-28 5:00 ` [PATCH v3 03/20] KVM: SEV: Macrofy 64-bit GPR swapping in __svm_sev_es_vcpu_run() Chang S. Bae
2026-04-28 5:00 ` [PATCH v3 04/20] KVM: x86: Extend VCPU registers for EGPRs Chang S. Bae
2026-04-28 5:00 ` [PATCH v3 05/20] KVM: VMX: Save guest EGPRs in VCPU cache Chang S. Bae
2026-04-28 5:00 ` [PATCH v3 06/20] KVM: x86: Support APX state for XSAVE ABI Chang S. Bae
2026-04-28 9:31 ` Paolo Bonzini
2026-04-28 5:00 ` [PATCH v3 07/20] KVM: VMX: Refactor VMX instruction information access Chang S. Bae
2026-04-28 5:00 ` [PATCH v3 08/20] KVM: VMX: Refactor instruction information decoding Chang S. Bae
2026-04-28 5:01 ` [PATCH v3 09/20] KVM: VMX: Refactor register index retrieval from exit qualification Chang S. Bae
2026-04-28 5:01 ` [PATCH v3 10/20] KVM: VMX: Support instruction information extension Chang S. Bae
2026-04-28 5:01 ` [PATCH v3 11/20] KVM: nVMX: Propagate the extended instruction info field Chang S. Bae
2026-04-28 5:01 ` [PATCH v3 12/20] KVM: x86: Support EGPR accessing and tracking for emulator Chang S. Bae
2026-04-28 5:01 ` [PATCH v3 13/20] KVM: x86: Handle EGPR index and REX2-incompatible opcodes Chang S. Bae
2026-04-28 5:01 ` [PATCH v3 14/20] KVM: x86: Support REX2-prefixed opcode decode Chang S. Bae
2026-04-28 5:01 ` [PATCH v3 15/20] KVM: x86: Reject EVEX-prefixed instructions Chang S. Bae
2026-04-28 5:01 ` Chang S. Bae [this message]
2026-04-28 5:01 ` [PATCH v3 17/20] KVM: x86: Expose APX foundation feature to guests Chang S. Bae
2026-04-28 5:01 ` [PATCH v3 18/20] KVM: x86: Expose APX sub-features " Chang S. Bae
2026-04-28 5:01 ` [PATCH v3 19/20] KVM: x86: selftests: Add APX state and ABI test Chang S. Bae
2026-04-28 5:01 ` [PATCH v3 20/20] KVM: x86: selftests: Add APX state handling and XCR0 sanity checks Chang S. Bae
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260428050111.39323-17-chang.seok.bae@intel.com \
--to=chang.seok.bae@intel.com \
--cc=chao.gao@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox