From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CF94635DD13 for ; Thu, 12 Feb 2026 15:59:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770911965; cv=none; b=AgEf6BPsoG1EMcasErNpGcRrngQ5Pq6FbwDrOTkdXD72lPj97qZYo5G2y/Q22FVjuVP9Wj13frRwuX9uIMTLG+8zB60XTNimTUK+EzQIumsd6NK6AQ3fk8m27ig2d9QZR7O5rWHQXFMuNNevusd7CvJk6Uuq7iDHeADFEteaDpI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770911965; c=relaxed/simple; bh=k4PiYHsSuuJFMDCPsbANk87y2wEFqDT2QuLQAFxQBqU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=ldhGEFvGLa/VGsq5mmBZ/HHkL7ADJH5JAZ5v2T1KCa/SD1BgfAnbETEbDeAZprtBD3nTFvhGsJP4iJ9ebcQj+t32n/+uWUWqQj0lDWT7RIjYDxGbNgSCOU9ZbVWSHEPLSFtFZS4UxH1kIgH3VGh67w1q5z9GroVL9OGV+3RroH4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=zif59+xB; arc=none smtp.client-ip=209.85.214.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="zif59+xB" Received: by mail-pl1-f201.google.com with SMTP id d9443c01a7336-2a92a3f5de9so22263785ad.2 for ; Thu, 12 Feb 2026 07:59:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1770911963; x=1771516763; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=PVdp9sqT0g4R8OZdrPzG/zG6Qh9LMmNSXbaooXKmXCg=; b=zif59+xBcl7e0OBAqId74xmvjRidQUf3nY5NJYVNYZjDJqvDBHJ9G5EVcy/sUbh/Pr z39dkDkgf1yrBENuQtrEJzEA11tM27F0dHSA1yan4nXMhlF+RZEAc4GgUnS2PbHg3xLp IkLNIs9P50QgP0PzAbr2yF5R48H3ebaRb1/NCbi9O/zJODISKQF77ZAajDoXDyb/WqyM lKbrbMqPAHLZVOnzatRe5wchYaHTISKVFIlKxIAraaja6xUD0Lxz+2OGV1zFFd0V6v4L MTdFicP8Mc/aKk8IfIvEIkLL1sSM89FLSfuAyykQWaJTcigC2hWotzHEgy3oOhQO8uud PtwA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770911963; x=1771516763; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=PVdp9sqT0g4R8OZdrPzG/zG6Qh9LMmNSXbaooXKmXCg=; b=e2WSzTQwfyvO0nQRCsmMGiGPFHxs1R5Kp9hgyECRY+9MO71yVBSCh8qCewP08mLHMU 9QGmWLNnEQkvq0FyX4kzqvnCKubBfKuhdqTyLnrxq4+YMzE2/iN5PNktsI2DrWc6Czzo kuUS3Cuh/WkB/Oi8Icf8atSXsu0xDvUOApicxSJOqo48do40DIgb2IYgg2kjZEeHUoet q2/rrgjkK0cc+iNUMtiGiRSOY13EPq463qAT4xFiT4nNBT4G9hA0ZfGUl4dsAASu3QRf Eozy4a/oQFb3x+WZ5esZgko7zMUnUYVSl/pSa/KUJZWz2KRGALYYgqnRXVIFCjlXw60E TpxQ== X-Forwarded-Encrypted: i=1; AJvYcCWMctcjGH6Hj7bEM2LacW/MMyqDrhNRtilBfoiQFJx9iCjigT75UdFKQ3aBPfJHlI/DO10LQ2lLmUrMKRA+jpw=@vger.kernel.org X-Gm-Message-State: AOJu0YzM9n+7iIClBe/Mf1qASgxMHnoBgcNwd9qDXMcxWqKOtH2XakYa n7kxpFLWDZJ+cJwaIkeU/ECOR71P94NMK5+N8AaSpCwR4O9BiONxQDNJNuD2lAqo7mmH6Ao1/h9 kz9e/Up5qwEP2/Q== X-Received: from plbkk4.prod.google.com ([2002:a17:903:704:b0:2a9:6206:d68]) (user=jmattson job=prod-delivery.src-stubby-dispatcher) by 2002:a17:902:ec83:b0:2a7:3dbe:353d with SMTP id d9443c01a7336-2ab3b28af34mr31946425ad.53.1770911963215; Thu, 12 Feb 2026 07:59:23 -0800 (PST) Date: Thu, 12 Feb 2026 07:58:55 -0800 In-Reply-To: <20260212155905.3448571-1-jmattson@google.com> Precedence: bulk X-Mailing-List: linux-kselftest@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260212155905.3448571-1-jmattson@google.com> X-Mailer: git-send-email 2.53.0.239.g8d8fc8a987-goog Message-ID: <20260212155905.3448571-8-jmattson@google.com> Subject: [PATCH v4 7/8] KVM: x86: nSVM: Handle restore of legacy nested state From: Jim Mattson To: Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Shuah Khan , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Yosry Ahmed Cc: Jim Mattson Content-Type: text/plain; charset="UTF-8" When nested NPT is enabled and KVM_SET_NESTED_STATE is used to restore an old checkpoint (without a valid gPAT), the current IA32_PAT value must be used as L2's gPAT. Unfortunately, checkpoint restore is non-atomic, and the order in which state components are restored is not specified. Hence, the current IA32_PAT value may be restored by KVM_SET_MSRS after KVM_SET_NESTED_STATE. To further complicate matters, there may be a KVM_GET_NESTED_STATE before the next KVM_RUN. Introduce a new boolean, svm->nested.legacy_gpat_semantics. When set, hPAT updates are also applied to gPAT, preserving the old behavior (i.e. L2 shares L1's PAT). Set this boolean when restoring legacy state (i.e. nested NPT is enabled, but no GPAT is provided) in KVM_SET_NESTED_STATE. Clear this boolean in svm_vcpu_pre_run(), to ensure that hPAT and gPAT are decoupled before the vCPU resumes execution. Signed-off-by: Jim Mattson --- arch/x86/kvm/svm/nested.c | 11 ++++++++--- arch/x86/kvm/svm/svm.c | 2 ++ arch/x86/kvm/svm/svm.h | 11 +++++++++++ 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index f73f3e586012..d854d29b0bd8 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -2073,9 +2073,14 @@ static int svm_set_nested_state(struct kvm_vcpu *vcpu, if (ret) goto out_free; - if (nested_npt_enabled(svm) && - (kvm_state->hdr.svm.flags & KVM_STATE_SVM_VALID_GPAT)) - svm_set_gpat(svm, kvm_state->hdr.svm.gpat); + if (nested_npt_enabled(svm)) { + if (kvm_state->hdr.svm.flags & KVM_STATE_SVM_VALID_GPAT) { + svm_set_gpat(svm, kvm_state->hdr.svm.gpat); + } else { + svm_set_gpat(svm, vcpu->arch.pat); + svm->nested.legacy_gpat_semantics = true; + } + } svm_switch_vmcb(svm, &svm->nested.vmcb02); nested_vmcb02_prepare_control(svm, svm->vmcb->save.rip, svm->vmcb->save.cs.base); diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 205bf07896ad..d951d25f1f91 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4245,6 +4245,8 @@ static int svm_vcpu_pre_run(struct kvm_vcpu *vcpu) if (to_kvm_sev_info(vcpu->kvm)->need_init) return -EINVAL; + to_svm(vcpu)->nested.legacy_gpat_semantics = false; + return 1; } diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 88549705133f..0bb9fdcb489d 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -238,6 +238,15 @@ struct svm_nested_state { * on its side. */ bool force_msr_bitmap_recalc; + + /* + * Indicates that a legacy nested state (without a valid gPAT) was + * recently restored. Until the next KVM_RUN, updates to hPAT are + * also applied to gPAT, preserving legacy behavior (i.e. L2 shares + * L1's PAT). Because checkpoint restore is non-atomic, this + * complication is necessary for backward compatibility. + */ + bool legacy_gpat_semantics; }; struct vcpu_sev_es_state { @@ -621,6 +630,8 @@ static inline void svm_set_hpat(struct vcpu_svm *svm, u64 data) if (is_guest_mode(&svm->vcpu) && !nested_npt_enabled(svm)) vmcb_set_gpat(svm->nested.vmcb02.ptr, data); } + if (svm->nested.legacy_gpat_semantics) + svm_set_gpat(svm, data); } static inline bool nested_vnmi_enabled(struct vcpu_svm *svm) -- 2.53.0.239.g8d8fc8a987-goog