[PATCH v2 0/2] KVM: SVM: Handle EferLmsleUnsupported

[PATCH v2 0/2] KVM: SVM: Handle EferLmsleUnsupported

[Jim Mattson]

It is no longer the case that EFER.LMSLE is supported by all SVM-capable
processors. AMD enumerates the absence of this feature by CPUID
Fn8000_0008_EBX[EferLmlseUnsupported](bit 20)=1.

Advertise this defeature bit to userspace via KVM_GET_SUPPORTED_CPUID,
and don't allow a guest to set EFER.LMSLE on hardware that doesn't
support the feature.

Jim Mattson (2):
  KVM: x86: Advertise EferLmsleUnsupported to userspace
  KVM: SVM: Disallow EFER.LMSLE when not supported by hardware

 arch/x86/include/asm/cpufeatures.h | 1 +
 arch/x86/kvm/cpuid.c               | 1 +
 arch/x86/kvm/svm/svm.c             | 4 +++-
 3 files changed, 5 insertions(+), 1 deletion(-)

-- 
2.51.0.618.g983fd99d29-goog

[PATCH v2 1/2] KVM: x86: Advertise EferLmsleUnsupported to userspace

[Jim Mattson]

CPUID.80000008H:EBX.EferLmsleUnsupported[bit 20] is a defeature
bit. When this bit is clear, EFER.LMSLE is supported. When this bit is
set, EFER.LMLSE is unsupported. KVM has never supported EFER.LMSLE, so
it cannot support a 0-setting of this bit.

Pass through the bit in KVM_GET_SUPPORTED_CPUID to advertise the
unavailability of EFER.LMSLE to userspace.

Signed-off-by: Jim Mattson <jmattson@google.com>
---
 v1 -> v2:
   Pass through the bit from hardware, rather than forcing it to be set.

 arch/x86/include/asm/cpufeatures.h | 1 +
 arch/x86/kvm/cpuid.c               | 1 +
 2 files changed, 2 insertions(+)

diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index 751ca35386b0..f9b593721917 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -338,6 +338,7 @@
 #define X86_FEATURE_AMD_STIBP		(13*32+15) /* Single Thread Indirect Branch Predictors */
 #define X86_FEATURE_AMD_STIBP_ALWAYS_ON	(13*32+17) /* Single Thread Indirect Branch Predictors always-on preferred */
 #define X86_FEATURE_AMD_IBRS_SAME_MODE	(13*32+19) /* Indirect Branch Restricted Speculation same mode protection*/
+#define X86_FEATURE_EFER_LMSLE_MBZ	(13*32+20) /* EFER.LMSLE must be zero */
 #define X86_FEATURE_AMD_PPIN		(13*32+23) /* "amd_ppin" Protected Processor Inventory Number */
 #define X86_FEATURE_AMD_SSBD		(13*32+24) /* Speculative Store Bypass Disable */
 #define X86_FEATURE_VIRT_SSBD		(13*32+25) /* "virt_ssbd" Virtualized Speculative Store Bypass Disable */
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index e2836a255b16..4823970611fd 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -1096,6 +1096,7 @@ void kvm_set_cpu_caps(void)
 		F(AMD_STIBP),
 		F(AMD_STIBP_ALWAYS_ON),
 		F(AMD_IBRS_SAME_MODE),
+		F(EFER_LMSLE_MBZ),
 		F(AMD_PSFD),
 		F(AMD_IBPB_RET),
 	);
-- 
2.51.0.618.g983fd99d29-goog

[PATCH v2 2/2] KVM: SVM: Disallow EFER.LMSLE when not supported by hardware

[Jim Mattson]

Modern AMD CPUs do not support segment limit checks in 64-bit mode
(i.e. EFER.LMSLE must be zero). Do not allow a guest to set EFER.LMSLE
on a CPU that requires the bit to be zero.

For backwards compatibility, allow EFER.LMSLE to be set on CPUs that
support segment limit checks in 64-bit mode, even though KVM's
implementation of the feature is incomplete (e.g. KVM's emulator does
not enforce segment limits in 64-bit mode).

Fixes: eec4b140c924 ("KVM: SVM: Allow EFER.LMSLE to be set with nested svm")

Signed-off-by: Jim Mattson <jmattson@google.com>
---
 arch/x86/kvm/svm/svm.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 1bfebe40854f..78d0fc85d0bd 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -5351,7 +5351,9 @@ static __init int svm_hardware_setup(void)
 
 	if (nested) {
 		pr_info("Nested Virtualization enabled\n");
-		kvm_enable_efer_bits(EFER_SVME | EFER_LMSLE);
+		kvm_enable_efer_bits(EFER_SVME);
+		if (!boot_cpu_has(X86_FEATURE_EFER_LMSLE_MBZ))
+			kvm_enable_efer_bits(EFER_LMSLE);
 
 		r = nested_svm_init_msrpm_merge_offsets();
 		if (r)
-- 
2.51.0.618.g983fd99d29-goog

Re: [PATCH v2 1/2] KVM: x86: Advertise EferLmsleUnsupported to userspace

[Yosry Ahmed]

On Tue, Sep 30, 2025 at 05:14:07PM -0700, Jim Mattson wrote:
> CPUID.80000008H:EBX.EferLmsleUnsupported[bit 20] is a defeature
> bit. When this bit is clear, EFER.LMSLE is supported. When this bit is
> set, EFER.LMLSE is unsupported. KVM has never supported EFER.LMSLE, so
> it cannot support a 0-setting of this bit.
> 
> Pass through the bit in KVM_GET_SUPPORTED_CPUID to advertise the
> unavailability of EFER.LMSLE to userspace.
> 
> Signed-off-by: Jim Mattson <jmattson@google.com>

Reviewed-by: Yosry Ahmed <yosry.ahmed@linux.dev>

> ---
>  v1 -> v2:
>    Pass through the bit from hardware, rather than forcing it to be set.
> 
>  arch/x86/include/asm/cpufeatures.h | 1 +
>  arch/x86/kvm/cpuid.c               | 1 +
>  2 files changed, 2 insertions(+)
> 
> diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
> index 751ca35386b0..f9b593721917 100644
> --- a/arch/x86/include/asm/cpufeatures.h
> +++ b/arch/x86/include/asm/cpufeatures.h
> @@ -338,6 +338,7 @@
>  #define X86_FEATURE_AMD_STIBP		(13*32+15) /* Single Thread Indirect Branch Predictors */
>  #define X86_FEATURE_AMD_STIBP_ALWAYS_ON	(13*32+17) /* Single Thread Indirect Branch Predictors always-on preferred */
>  #define X86_FEATURE_AMD_IBRS_SAME_MODE	(13*32+19) /* Indirect Branch Restricted Speculation same mode protection*/
> +#define X86_FEATURE_EFER_LMSLE_MBZ	(13*32+20) /* EFER.LMSLE must be zero */
>  #define X86_FEATURE_AMD_PPIN		(13*32+23) /* "amd_ppin" Protected Processor Inventory Number */
>  #define X86_FEATURE_AMD_SSBD		(13*32+24) /* Speculative Store Bypass Disable */
>  #define X86_FEATURE_VIRT_SSBD		(13*32+25) /* "virt_ssbd" Virtualized Speculative Store Bypass Disable */
> diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
> index e2836a255b16..4823970611fd 100644
> --- a/arch/x86/kvm/cpuid.c
> +++ b/arch/x86/kvm/cpuid.c
> @@ -1096,6 +1096,7 @@ void kvm_set_cpu_caps(void)
>  		F(AMD_STIBP),
>  		F(AMD_STIBP_ALWAYS_ON),
>  		F(AMD_IBRS_SAME_MODE),
> +		F(EFER_LMSLE_MBZ),
>  		F(AMD_PSFD),
>  		F(AMD_IBPB_RET),
>  	);
> -- 
> 2.51.0.618.g983fd99d29-goog
> 

Re: [PATCH v2 2/2] KVM: SVM: Disallow EFER.LMSLE when not supported by hardware

[Yosry Ahmed]

On Tue, Sep 30, 2025 at 05:14:08PM -0700, Jim Mattson wrote:
> Modern AMD CPUs do not support segment limit checks in 64-bit mode
> (i.e. EFER.LMSLE must be zero). Do not allow a guest to set EFER.LMSLE
> on a CPU that requires the bit to be zero.
> 
> For backwards compatibility, allow EFER.LMSLE to be set on CPUs that
> support segment limit checks in 64-bit mode, even though KVM's
> implementation of the feature is incomplete (e.g. KVM's emulator does
> not enforce segment limits in 64-bit mode).
> 
> Fixes: eec4b140c924 ("KVM: SVM: Allow EFER.LMSLE to be set with nested svm")
> 
> Signed-off-by: Jim Mattson <jmattson@google.com>

Reviewed-by: Yosry Ahmed <yosry.ahmed@linux.dev>

> ---
>  arch/x86/kvm/svm/svm.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
> index 1bfebe40854f..78d0fc85d0bd 100644
> --- a/arch/x86/kvm/svm/svm.c
> +++ b/arch/x86/kvm/svm/svm.c
> @@ -5351,7 +5351,9 @@ static __init int svm_hardware_setup(void)
>  
>  	if (nested) {
>  		pr_info("Nested Virtualization enabled\n");
> -		kvm_enable_efer_bits(EFER_SVME | EFER_LMSLE);
> +		kvm_enable_efer_bits(EFER_SVME);
> +		if (!boot_cpu_has(X86_FEATURE_EFER_LMSLE_MBZ))
> +			kvm_enable_efer_bits(EFER_LMSLE);
>  
>  		r = nested_svm_init_msrpm_merge_offsets();
>  		if (r)
> -- 
> 2.51.0.618.g983fd99d29-goog
> 

Re: [PATCH v2 2/2] KVM: SVM: Disallow EFER.LMSLE when not supported by hardware

[Yosry Ahmed]

On Tue, Sep 30, 2025 at 05:14:08PM -0700, Jim Mattson wrote:
> Modern AMD CPUs do not support segment limit checks in 64-bit mode
> (i.e. EFER.LMSLE must be zero). Do not allow a guest to set EFER.LMSLE
> on a CPU that requires the bit to be zero.

If anyone is as curious as I was, the bit seemingly started being set on
Milan. Rome (and supposedly older CPUs) support EFER.LMSLE.

> 
> For backwards compatibility, allow EFER.LMSLE to be set on CPUs that
> support segment limit checks in 64-bit mode, even though KVM's
> implementation of the feature is incomplete (e.g. KVM's emulator does
> not enforce segment limits in 64-bit mode).
> 
> Fixes: eec4b140c924 ("KVM: SVM: Allow EFER.LMSLE to be set with nested svm")
> 
> Signed-off-by: Jim Mattson <jmattson@google.com>
> ---
>  arch/x86/kvm/svm/svm.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
> index 1bfebe40854f..78d0fc85d0bd 100644
> --- a/arch/x86/kvm/svm/svm.c
> +++ b/arch/x86/kvm/svm/svm.c
> @@ -5351,7 +5351,9 @@ static __init int svm_hardware_setup(void)
>  
>  	if (nested) {
>  		pr_info("Nested Virtualization enabled\n");
> -		kvm_enable_efer_bits(EFER_SVME | EFER_LMSLE);
> +		kvm_enable_efer_bits(EFER_SVME);
> +		if (!boot_cpu_has(X86_FEATURE_EFER_LMSLE_MBZ))
> +			kvm_enable_efer_bits(EFER_LMSLE);
>  
>  		r = nested_svm_init_msrpm_merge_offsets();
>  		if (r)
> -- 
> 2.51.0.618.g983fd99d29-goog
> 

Re: [PATCH v2 1/2] KVM: x86: Advertise EferLmsleUnsupported to userspace

[Nikunj A Dadhania]

Jim Mattson <jmattson@google.com> writes:

> CPUID.80000008H:EBX.EferLmsleUnsupported[bit 20] is a defeature
> bit. When this bit is clear, EFER.LMSLE is supported. When this bit is
> set, EFER.LMLSE is unsupported. KVM has never supported EFER.LMSLE, so
> it cannot support a 0-setting of this bit.
>
> Pass through the bit in KVM_GET_SUPPORTED_CPUID to advertise the
> unavailability of EFER.LMSLE to userspace.
>
> Signed-off-by: Jim Mattson <jmattson@google.com>

Reviewed-by: Nikunj A Dadhania <nikunj@amd.com>

> ---
>  v1 -> v2:
>    Pass through the bit from hardware, rather than forcing it to be set.
>
>  arch/x86/include/asm/cpufeatures.h | 1 +
>  arch/x86/kvm/cpuid.c               | 1 +
>  2 files changed, 2 insertions(+)
>
> diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
> index 751ca35386b0..f9b593721917 100644
> --- a/arch/x86/include/asm/cpufeatures.h
> +++ b/arch/x86/include/asm/cpufeatures.h
> @@ -338,6 +338,7 @@
>  #define X86_FEATURE_AMD_STIBP		(13*32+15) /* Single Thread Indirect Branch Predictors */
>  #define X86_FEATURE_AMD_STIBP_ALWAYS_ON	(13*32+17) /* Single Thread Indirect Branch Predictors always-on preferred */
>  #define X86_FEATURE_AMD_IBRS_SAME_MODE	(13*32+19) /* Indirect Branch Restricted Speculation same mode protection*/
> +#define X86_FEATURE_EFER_LMSLE_MBZ	(13*32+20) /* EFER.LMSLE must be zero */
>  #define X86_FEATURE_AMD_PPIN		(13*32+23) /* "amd_ppin" Protected Processor Inventory Number */
>  #define X86_FEATURE_AMD_SSBD		(13*32+24) /* Speculative Store Bypass Disable */
>  #define X86_FEATURE_VIRT_SSBD		(13*32+25) /* "virt_ssbd" Virtualized Speculative Store Bypass Disable */
> diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
> index e2836a255b16..4823970611fd 100644
> --- a/arch/x86/kvm/cpuid.c
> +++ b/arch/x86/kvm/cpuid.c
> @@ -1096,6 +1096,7 @@ void kvm_set_cpu_caps(void)
>  		F(AMD_STIBP),
>  		F(AMD_STIBP_ALWAYS_ON),
>  		F(AMD_IBRS_SAME_MODE),
> +		F(EFER_LMSLE_MBZ),
>  		F(AMD_PSFD),
>  		F(AMD_IBPB_RET),
>  	);
> -- 
> 2.51.0.618.g983fd99d29-goog

Re: [PATCH v2 2/2] KVM: SVM: Disallow EFER.LMSLE when not supported by hardware

[Nikunj A Dadhania]

Jim Mattson <jmattson@google.com> writes:

> Modern AMD CPUs do not support segment limit checks in 64-bit mode
> (i.e. EFER.LMSLE must be zero). Do not allow a guest to set EFER.LMSLE
> on a CPU that requires the bit to be zero.
>
> For backwards compatibility, allow EFER.LMSLE to be set on CPUs that
> support segment limit checks in 64-bit mode, even though KVM's
> implementation of the feature is incomplete (e.g. KVM's emulator does
> not enforce segment limits in 64-bit mode).
>
> Fixes: eec4b140c924 ("KVM: SVM: Allow EFER.LMSLE to be set with nested svm")
>
> Signed-off-by: Jim Mattson <jmattson@google.com>

Reviewed-by: Nikunj A Dadhania <nikunj@amd.com>

> ---
>  arch/x86/kvm/svm/svm.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
> index 1bfebe40854f..78d0fc85d0bd 100644
> --- a/arch/x86/kvm/svm/svm.c
> +++ b/arch/x86/kvm/svm/svm.c
> @@ -5351,7 +5351,9 @@ static __init int svm_hardware_setup(void)
>  
>  	if (nested) {
>  		pr_info("Nested Virtualization enabled\n");
> -		kvm_enable_efer_bits(EFER_SVME | EFER_LMSLE);
> +		kvm_enable_efer_bits(EFER_SVME);
> +		if (!boot_cpu_has(X86_FEATURE_EFER_LMSLE_MBZ))
> +			kvm_enable_efer_bits(EFER_LMSLE);
>  
>  		r = nested_svm_init_msrpm_merge_offsets();
>  		if (r)
> -- 
> 2.51.0.618.g983fd99d29-goog

Re: [PATCH v2 1/2] KVM: x86: Advertise EferLmsleUnsupported to userspace

[Sean Christopherson]

On Tue, Sep 30, 2025, Jim Mattson wrote:
> CPUID.80000008H:EBX.EferLmsleUnsupported[bit 20] is a defeature
> bit. When this bit is clear, EFER.LMSLE is supported. When this bit is
> set, EFER.LMLSE is unsupported. KVM has never supported EFER.LMSLE, so
> it cannot support a 0-setting of this bit.
> 
> Pass through the bit in KVM_GET_SUPPORTED_CPUID to advertise the
> unavailability of EFER.LMSLE to userspace.

This really needs to capture the discussion/context from v1.  Without that,
saying the KVM "has never supported" LMSLE and then _partially_ disabling LSMLE
is all kinds of confusing.

> Signed-off-by: Jim Mattson <jmattson@google.com>
> ---
>  v1 -> v2:
>    Pass through the bit from hardware, rather than forcing it to be set.
> 
>  arch/x86/include/asm/cpufeatures.h | 1 +
>  arch/x86/kvm/cpuid.c               | 1 +
>  2 files changed, 2 insertions(+)
> 
> diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
> index 751ca35386b0..f9b593721917 100644
> --- a/arch/x86/include/asm/cpufeatures.h
> +++ b/arch/x86/include/asm/cpufeatures.h
> @@ -338,6 +338,7 @@
>  #define X86_FEATURE_AMD_STIBP		(13*32+15) /* Single Thread Indirect Branch Predictors */
>  #define X86_FEATURE_AMD_STIBP_ALWAYS_ON	(13*32+17) /* Single Thread Indirect Branch Predictors always-on preferred */
>  #define X86_FEATURE_AMD_IBRS_SAME_MODE	(13*32+19) /* Indirect Branch Restricted Speculation same mode protection*/
> +#define X86_FEATURE_EFER_LMSLE_MBZ	(13*32+20) /* EFER.LMSLE must be zero */
>  #define X86_FEATURE_AMD_PPIN		(13*32+23) /* "amd_ppin" Protected Processor Inventory Number */
>  #define X86_FEATURE_AMD_SSBD		(13*32+24) /* Speculative Store Bypass Disable */
>  #define X86_FEATURE_VIRT_SSBD		(13*32+25) /* "virt_ssbd" Virtualized Speculative Store Bypass Disable */
> diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
> index e2836a255b16..4823970611fd 100644
> --- a/arch/x86/kvm/cpuid.c
> +++ b/arch/x86/kvm/cpuid.c
> @@ -1096,6 +1096,7 @@ void kvm_set_cpu_caps(void)
>  		F(AMD_STIBP),
>  		F(AMD_STIBP_ALWAYS_ON),
>  		F(AMD_IBRS_SAME_MODE),
> +		F(EFER_LMSLE_MBZ),

Do we want to make this PASSTHROUGH_F()?  I.e. explicitly ignore any host
manipulations of CPUID state?  I can't imagine the kernel would ever clear the
bit, but I also don't see any downside to being paranoid.

This is what I have locally and will apply unless someone objects.

---
From: Jim Mattson <jmattson@google.com>
Date: Tue, 30 Sep 2025 17:14:07 -0700
Subject: [PATCH] KVM: x86: Advertise EferLmsleUnsupported to userspace

CPUID.80000008H:EBX.EferLmsleUnsupported[bit 20] is a defeature
bit. When this bit is clear, EFER.LMSLE is supported. When this bit is
set, EFER.LMLSE is unsupported. KVM has never _emulated_ EFER.LMSLE, so
KVM cannot truly support a 0-setting of this bit.

However, KVM has allowed the guest to enable EFER.LMSLE in hardware
since commit eec4b140c924 ("KVM: SVM: Allow EFER.LMSLE to be set with
nested svm"), i.e. KVM partially virtualizes long-mode segment limits _if_
they are supported by the underlying hardware.

Pass through the bit in KVM_GET_SUPPORTED_CPUID to advertise the
unavailability of EFER.LMSLE to userspace based on the raw underlying
hardware.  Attempting to enable EFER.LSMLE on such CPUs simply doesn't
work, e.g. immediately crashes on VMRUN.

Signed-off-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Nikunj A Dadhania <nikunj@amd.com>
Reviewed-by: Yosry Ahmed <yosry.ahmed@linux.dev>
Link: https://lore.kernel.org/r/20251001001529.1119031-2-jmattson@google.com
[sean: add context about partial virtualization, use PASSTHROUGH_F]
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/include/asm/cpufeatures.h | 1 +
 arch/x86/kvm/cpuid.c               | 1 +
 2 files changed, 2 insertions(+)

diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index 4091a776e37a..6bdf868c8f8e 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -338,6 +338,7 @@
 #define X86_FEATURE_AMD_STIBP		(13*32+15) /* Single Thread Indirect Branch Predictors */
 #define X86_FEATURE_AMD_STIBP_ALWAYS_ON	(13*32+17) /* Single Thread Indirect Branch Predictors always-on preferred */
 #define X86_FEATURE_AMD_IBRS_SAME_MODE	(13*32+19) /* Indirect Branch Restricted Speculation same mode protection*/
+#define X86_FEATURE_EFER_LMSLE_MBZ	(13*32+20) /* EFER.LMSLE must be zero */
 #define X86_FEATURE_AMD_PPIN		(13*32+23) /* "amd_ppin" Protected Processor Inventory Number */
 #define X86_FEATURE_AMD_SSBD		(13*32+24) /* Speculative Store Bypass Disable */
 #define X86_FEATURE_VIRT_SSBD		(13*32+25) /* "virt_ssbd" Virtualized Speculative Store Bypass Disable */
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index 52524e0ca97f..d563a948318b 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -1135,6 +1135,7 @@ void kvm_set_cpu_caps(void)
 		F(AMD_STIBP),
 		F(AMD_STIBP_ALWAYS_ON),
 		F(AMD_IBRS_SAME_MODE),
+		PASSTHROUGH_F(EFER_LMSLE_MBZ),
 		F(AMD_PSFD),
 		F(AMD_IBPB_RET),
 	);

base-commit: 7c8b465a1c91f674655ea9cec5083744ec5f796a
--

Re: [PATCH v2 0/2] KVM: SVM: Handle EferLmsleUnsupported

[Sean Christopherson]

On Tue, 30 Sep 2025 17:14:06 -0700, Jim Mattson wrote:
> It is no longer the case that EFER.LMSLE is supported by all SVM-capable
> processors. AMD enumerates the absence of this feature by CPUID
> Fn8000_0008_EBX[EferLmlseUnsupported](bit 20)=1.
> 
> Advertise this defeature bit to userspace via KVM_GET_SUPPORTED_CPUID,
> and don't allow a guest to set EFER.LMSLE on hardware that doesn't
> support the feature.
> 
> [...]

Applied to kvm-x86 svm, thanks!

[1/2] KVM: x86: Advertise EferLmsleUnsupported to userspace
      https://github.com/kvm-x86/linux/commit/4793f990ea15
[2/2] KVM: SVM: Disallow EFER.LMSLE when not supported by hardware
      https://github.com/kvm-x86/linux/commit/c53c632592a4

--
https://github.com/kvm-x86/linux/tree/next