From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Xin Li <xin@zytor.com>, Chao Gao <chao.gao@intel.com>,
Yosry Ahmed <yosry.ahmed@linux.dev>
Subject: [PATCH v2 0/2] KVM: nVMX: Disallow access to unsupported vmcs12 fields
Date: Tue, 30 Dec 2025 14:02:18 -0800 [thread overview]
Message-ID: <20251230220220.4122282-1-seanjc@google.com> (raw)
Disallow accesses to vmcs12 fields that are defined by KVM, but are unsupported
in the current incarnation of KVM, e.g. due to lack of hardware support for the
underlying VMCS fields.
The primary motivation is to avoid having to carry the same logic for shadowed
VMCS fields, which can't play nice with unsupported fields since VMREAD/VMWRITE
will fail when attempting to transfer state between vmcs12 and the shadow VMCS.
v2:
- Name the array of KVM-defined fields kvm_supported_vmcs12_field_offsets,
e.g. so that it's no confused with what's supported by hardware. [Xin]
- Combine encodings in switch statements for fields shared fate. [Xin]
- Drop the extern declaration of supported_vmcs12_field_offsets. [Chao]
- Handle GUEST_INTR_STATUS in cpu_has_vmcs12_field() and add a patch to
drop the custom handling from init_vmcs_shadow_fields(). [Chao]
v1: https://lore.kernel.org/all/20251216012918.1707681-1-seanjc@google.com
Sean Christopherson (2):
KVM: nVMX: Disallow access to vmcs12 fields that aren't supported by
"hardware"
KVM: nVMX: Remove explicit filtering of GUEST_INTR_STATUS from shadow
VMCS fields
arch/x86/kvm/vmx/nested.c | 17 +++-------
arch/x86/kvm/vmx/vmcs.h | 8 +++++
arch/x86/kvm/vmx/vmcs12.c | 70 +++++++++++++++++++++++++++++++++++++--
arch/x86/kvm/vmx/vmcs12.h | 6 ++--
arch/x86/kvm/vmx/vmx.c | 2 ++
5 files changed, 86 insertions(+), 17 deletions(-)
base-commit: 9448598b22c50c8a5bb77a9103e2d49f134c9578
--
2.52.0.351.gbe84eed79e-goog
next reply other threads:[~2025-12-30 22:02 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-30 22:02 Sean Christopherson [this message]
2025-12-30 22:02 ` [PATCH v2 1/2] KVM: nVMX: Disallow access to vmcs12 fields that aren't supported by "hardware" Sean Christopherson
2025-12-31 3:33 ` Chao Gao
2025-12-31 8:36 ` Xiaoyao Li
2025-12-31 15:38 ` Xin Li
2025-12-30 22:02 ` [PATCH v2 2/2] KVM: nVMX: Remove explicit filtering of GUEST_INTR_STATUS from shadow VMCS fields Sean Christopherson
2025-12-31 3:31 ` Chao Gao
2026-01-05 17:42 ` Sean Christopherson
2026-01-07 1:55 ` Chao Gao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251230220220.4122282-1-seanjc@google.com \
--to=seanjc@google.com \
--cc=chao.gao@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=xin@zytor.com \
--cc=yosry.ahmed@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox