[GIT PULL] KVM: x86 pull requests for 6.20

[GIT PULL] KVM: x86 pull requests for 6.20

[Sean Christopherson]

Unless I'm forgetting something, there's only one conflict, between "selftests"
and the kvm-riscv tree[*] (Anup also mentioned this in his pull request).

There are two ABI changes, both of which I'm confident won't break userspace:

 - When populating guest_memfd, require the source to be 4KiB aligned.
 - Disallow changing the virtual CPU model when L2 is active (basically an
   extension of the existing rule that the model can't be changed after KVM_RUN.

Oh, and except for the PMU pull request, these are all against 6.19-rc4.

[*] https://lore.kernel.org/all/aXt2F2jIm5YK8LB1@sirena.org.uk

[GIT PULL] KVM: x86: APIC related changes for 6.20

[Sean Christopherson]

A variety of cleanups and minor fixes, mostly related to APIC and APICv.

The following changes since commit 9ace4753a5202b02191d54e9fdf7f9e3d02b85eb:

  Linux 6.19-rc4 (2026-01-04 14:41:55 -0800)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-apic-6.20

for you to fetch changes up to ac4f869c56301831a60706a84acbf13b4f0f9886:

  KVM: VMX: Remove declaration of nested_mark_vmcs12_pages_dirty() (2026-01-14 06:01:03 -0800)

----------------------------------------------------------------
KVM x86 APIC-ish changes for 6.20

 - Fix a benign bug where KVM could use the wrong memslots (ignored SMM) when
   creating a vCPU-specific mapping of guest memory.

 - Clean up KVM's handling of marking mapped vCPU pages dirty.

 - Drop a pile of *ancient* sanity checks hidden behind in KVM's unused
   ASSERT() macro, most of which could be trivially triggered by the guest
   and/or user, and all of which were useless.

 - Fold "struct dest_map" into its sole user, "struct rtc_status", to make it
   more obvious what the weird parameter is used for, and to allow burying the
   RTC shenanigans behind CONFIG_KVM_IOAPIC=y.

 - Bury all of ioapic.h and KVM_IRQCHIP_KERNEL behind CONFIG_KVM_IOAPIC=y.

 - Add a regression test for recent APICv update fixes.

 - Rework KVM's handling of VMCS updates while L2 is active to temporarily
   switch to vmcs01 instead of deferring the update until the next nested
   VM-Exit.  The deferred updates approach directly contributed to several
   bugs, was proving to be a maintenance burden due to the difficulty in
   auditing the correctness of deferred updates, and was polluting
   "struct nested_vmx" with a growing pile of booleans.

 - Handle "hardware APIC ISR", a.k.a. SVI, updates in kvm_apic_update_apicv()
   to consolidate the updates, and to co-locate SVI updates with the updates
   for KVM's own cache of ISR information.

 - Drop a dead function declaration.

----------------------------------------------------------------
Binbin Wu (1):
      KVM: VMX: Remove declaration of nested_mark_vmcs12_pages_dirty()

Fred Griffoul (1):
      KVM: nVMX: Mark APIC access page dirty when syncing vmcs12 pages

Sean Christopherson (21):
      KVM: Use vCPU specific memslots in __kvm_vcpu_map()
      KVM: x86: Mark vmcs12 pages as dirty if and only if they're mapped
      KVM: nVMX: Precisely mark vAPIC and PID maps dirty when delivering nested PI
      KVM: VMX: Move nested_mark_vmcs12_pages_dirty() to vmx.c, and rename
      KVM: x86: Drop ASSERT()s on APIC/vCPU being non-NULL
      KVM: x86: Drop guest/user-triggerable asserts on IRR/ISR vectors
      KVM: x86: Drop ASSERT() on I/O APIC EOIs being only for LEVEL_to WARN_ON_ONCE
      KVM: x86: Drop guest-triggerable ASSERT()s on I/O APIC access alignment
      KVM: x86: Drop MAX_NR_RESERVED_IOAPIC_PINS, use KVM_MAX_IRQ_ROUTES directly
      KVM: x86: Add a wrapper to handle common case of IRQ delivery without dest_map
      KVM: x86: Fold "struct dest_map" into "struct rtc_status"
      KVM: x86: Bury ioapic.h definitions behind CONFIG_KVM_IOAPIC
      KVM: x86: Hide KVM_IRQCHIP_KERNEL behind CONFIG_KVM_IOAPIC=y
      KVM: selftests: Add a test to verify APICv updates (while L2 is active)
      KVM: nVMX: Switch to vmcs01 to update PML controls on-demand if L2 is active
      KVM: nVMX: Switch to vmcs01 to update TPR threshold on-demand if L2 is active
      KVM: nVMX: Switch to vmcs01 to update SVI on-demand if L2 is active
      KVM: nVMX: Switch to vmcs01 to refresh APICv controls on-demand if L2 is active
      KVM: nVMX: Switch to vmcs01 to update APIC page on-demand if L2 is active
      KVM: nVMX: Switch to vmcs01 to set virtual APICv mode on-demand if L2 is active
      KVM: x86: Update APICv ISR (a.k.a. SVI) as part of kvm_apic_update_apicv()

 arch/x86/include/asm/kvm_host.h                    |   2 +
 arch/x86/kvm/hyperv.c                              |   2 +-
 arch/x86/kvm/ioapic.c                              |  43 +++---
 arch/x86/kvm/ioapic.h                              |  38 ++---
 arch/x86/kvm/irq.c                                 |   4 +-
 arch/x86/kvm/lapic.c                               |  97 ++++++-------
 arch/x86/kvm/lapic.h                               |  21 ++-
 arch/x86/kvm/vmx/nested.c                          |  54 +------
 arch/x86/kvm/vmx/nested.h                          |   1 -
 arch/x86/kvm/vmx/vmx.c                             | 106 +++++++++-----
 arch/x86/kvm/vmx/vmx.h                             |   9 --
 arch/x86/kvm/x86.c                                 |  11 +-
 arch/x86/kvm/xen.c                                 |   2 +-
 include/linux/kvm_host.h                           |   9 +-
 tools/testing/selftests/kvm/Makefile.kvm           |   1 +
 tools/testing/selftests/kvm/include/x86/apic.h     |   4 +
 .../selftests/kvm/x86/vmx_apicv_updates_test.c     | 155 +++++++++++++++++++++
 virt/kvm/kvm_main.c                                |   2 +-
 18 files changed, 334 insertions(+), 227 deletions(-)
 create mode 100644 tools/testing/selftests/kvm/x86/vmx_apicv_updates_test.c

Re: [GIT PULL] KVM: x86: APIC related changes for 6.20

[Paolo Bonzini]

On Sat, Feb 7, 2026 at 5:10 AM Sean Christopherson <seanjc@google.com> wrote:
>
> A variety of cleanups and minor fixes, mostly related to APIC and APICv.
>
> The following changes since commit 9ace4753a5202b02191d54e9fdf7f9e3d02b85eb:
>
>   Linux 6.19-rc4 (2026-01-04 14:41:55 -0800)
>
> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-apic-6.20
>
> for you to fetch changes up to ac4f869c56301831a60706a84acbf13b4f0f9886:
>
>   KVM: VMX: Remove declaration of nested_mark_vmcs12_pages_dirty() (2026-01-14 06:01:03 -0800)

Pulled, thanks.

Paolo

> ----------------------------------------------------------------
> KVM x86 APIC-ish changes for 6.20
>
>  - Fix a benign bug where KVM could use the wrong memslots (ignored SMM) when
>    creating a vCPU-specific mapping of guest memory.
>
>  - Clean up KVM's handling of marking mapped vCPU pages dirty.
>
>  - Drop a pile of *ancient* sanity checks hidden behind in KVM's unused
>    ASSERT() macro, most of which could be trivially triggered by the guest
>    and/or user, and all of which were useless.
>
>  - Fold "struct dest_map" into its sole user, "struct rtc_status", to make it
>    more obvious what the weird parameter is used for, and to allow burying the
>    RTC shenanigans behind CONFIG_KVM_IOAPIC=y.
>
>  - Bury all of ioapic.h and KVM_IRQCHIP_KERNEL behind CONFIG_KVM_IOAPIC=y.
>
>  - Add a regression test for recent APICv update fixes.
>
>  - Rework KVM's handling of VMCS updates while L2 is active to temporarily
>    switch to vmcs01 instead of deferring the update until the next nested
>    VM-Exit.  The deferred updates approach directly contributed to several
>    bugs, was proving to be a maintenance burden due to the difficulty in
>    auditing the correctness of deferred updates, and was polluting
>    "struct nested_vmx" with a growing pile of booleans.
>
>  - Handle "hardware APIC ISR", a.k.a. SVI, updates in kvm_apic_update_apicv()
>    to consolidate the updates, and to co-locate SVI updates with the updates
>    for KVM's own cache of ISR information.
>
>  - Drop a dead function declaration.
>
> ----------------------------------------------------------------
> Binbin Wu (1):
>       KVM: VMX: Remove declaration of nested_mark_vmcs12_pages_dirty()
>
> Fred Griffoul (1):
>       KVM: nVMX: Mark APIC access page dirty when syncing vmcs12 pages
>
> Sean Christopherson (21):
>       KVM: Use vCPU specific memslots in __kvm_vcpu_map()
>       KVM: x86: Mark vmcs12 pages as dirty if and only if they're mapped
>       KVM: nVMX: Precisely mark vAPIC and PID maps dirty when delivering nested PI
>       KVM: VMX: Move nested_mark_vmcs12_pages_dirty() to vmx.c, and rename
>       KVM: x86: Drop ASSERT()s on APIC/vCPU being non-NULL
>       KVM: x86: Drop guest/user-triggerable asserts on IRR/ISR vectors
>       KVM: x86: Drop ASSERT() on I/O APIC EOIs being only for LEVEL_to WARN_ON_ONCE
>       KVM: x86: Drop guest-triggerable ASSERT()s on I/O APIC access alignment
>       KVM: x86: Drop MAX_NR_RESERVED_IOAPIC_PINS, use KVM_MAX_IRQ_ROUTES directly
>       KVM: x86: Add a wrapper to handle common case of IRQ delivery without dest_map
>       KVM: x86: Fold "struct dest_map" into "struct rtc_status"
>       KVM: x86: Bury ioapic.h definitions behind CONFIG_KVM_IOAPIC
>       KVM: x86: Hide KVM_IRQCHIP_KERNEL behind CONFIG_KVM_IOAPIC=y
>       KVM: selftests: Add a test to verify APICv updates (while L2 is active)
>       KVM: nVMX: Switch to vmcs01 to update PML controls on-demand if L2 is active
>       KVM: nVMX: Switch to vmcs01 to update TPR threshold on-demand if L2 is active
>       KVM: nVMX: Switch to vmcs01 to update SVI on-demand if L2 is active
>       KVM: nVMX: Switch to vmcs01 to refresh APICv controls on-demand if L2 is active
>       KVM: nVMX: Switch to vmcs01 to update APIC page on-demand if L2 is active
>       KVM: nVMX: Switch to vmcs01 to set virtual APICv mode on-demand if L2 is active
>       KVM: x86: Update APICv ISR (a.k.a. SVI) as part of kvm_apic_update_apicv()
>
>  arch/x86/include/asm/kvm_host.h                    |   2 +
>  arch/x86/kvm/hyperv.c                              |   2 +-
>  arch/x86/kvm/ioapic.c                              |  43 +++---
>  arch/x86/kvm/ioapic.h                              |  38 ++---
>  arch/x86/kvm/irq.c                                 |   4 +-
>  arch/x86/kvm/lapic.c                               |  97 ++++++-------
>  arch/x86/kvm/lapic.h                               |  21 ++-
>  arch/x86/kvm/vmx/nested.c                          |  54 +------
>  arch/x86/kvm/vmx/nested.h                          |   1 -
>  arch/x86/kvm/vmx/vmx.c                             | 106 +++++++++-----
>  arch/x86/kvm/vmx/vmx.h                             |   9 --
>  arch/x86/kvm/x86.c                                 |  11 +-
>  arch/x86/kvm/xen.c                                 |   2 +-
>  include/linux/kvm_host.h                           |   9 +-
>  tools/testing/selftests/kvm/Makefile.kvm           |   1 +
>  tools/testing/selftests/kvm/include/x86/apic.h     |   4 +
>  .../selftests/kvm/x86/vmx_apicv_updates_test.c     | 155 +++++++++++++++++++++
>  virt/kvm/kvm_main.c                                |   2 +-
>  18 files changed, 334 insertions(+), 227 deletions(-)
>  create mode 100644 tools/testing/selftests/kvm/x86/vmx_apicv_updates_test.c
>

[GIT PULL] KVM: Generic changes for 6.20

[Sean Christopherson]

Fix -Wflex-array-member-not-at-end warnings and document that vcpu->mutex is
taken outside of kvm->slots_lock.

The following changes since commit 9ace4753a5202b02191d54e9fdf7f9e3d02b85eb:

  Linux 6.19-rc4 (2026-01-04 14:41:55 -0800)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-generic-6.20

for you to fetch changes up to 98333091750d0288b1c64c47afe1950dbda1afe6:

  Documentation: KVM: Formalizing taking vcpu->mutex *outside* of kvm->slots_lock (2026-01-08 11:00:35 -0800)

----------------------------------------------------------------
KVM generic changes for 6.20

 - Remove a subtle pseudo-overlay of kvm_stats_desc, which, aside from being
   unnecessary and confusing, triggered compiler warnings due to
   -Wflex-array-member-not-at-end.

 - Document that vcpu->mutex is take outside of kvm->slots_lock, which is all
   kinds of unintuitive, but is unfortunately the existing behavior for
   multiple architectures, and in a weird way actually makes sense.

----------------------------------------------------------------
Sean Christopherson (2):
      KVM: Remove subtle "struct kvm_stats_desc" pseudo-overlay
      Documentation: KVM: Formalizing taking vcpu->mutex *outside* of kvm->slots_lock

 Documentation/virt/kvm/locking.rst |  2 +
 arch/arm64/kvm/guest.c             |  4 +-
 arch/loongarch/kvm/vcpu.c          |  2 +-
 arch/loongarch/kvm/vm.c            |  2 +-
 arch/mips/kvm/mips.c               |  4 +-
 arch/powerpc/kvm/book3s.c          |  4 +-
 arch/powerpc/kvm/booke.c           |  4 +-
 arch/riscv/kvm/vcpu.c              |  2 +-
 arch/riscv/kvm/vm.c                |  2 +-
 arch/s390/kvm/kvm-s390.c           |  4 +-
 arch/x86/kvm/x86.c                 |  4 +-
 include/linux/kvm_host.h           | 83 ++++++++++++++++----------------------
 include/uapi/linux/kvm.h           |  8 ++++
 virt/kvm/binary_stats.c            |  2 +-
 virt/kvm/kvm_main.c                | 20 ++++-----
 15 files changed, 72 insertions(+), 75 deletions(-)

Re: [GIT PULL] KVM: Generic changes for 6.20

[Paolo Bonzini]

On Sat, Feb 7, 2026 at 5:10 AM Sean Christopherson <seanjc@google.com> wrote:
>  - Document that vcpu->mutex is take outside of kvm->slots_lock, which is all
>    kinds of unintuitive, but is unfortunately the existing behavior for
>    multiple architectures, and in a weird way actually makes sense.

I disagree that it is "arguably wrong" how you put it in the commit
message. vcpu->mutex is really a "don't worry about multiple ioctls at
the same time" mutex that tries to stay out of the way.  It only
becomes unintuitive in special cases like
tdx_acquire_vm_state_locks().

By itself this would not be a reason to resend, but while at it you
could mention that vcpu->mutex is taken outside kvm->slots_arch_lock?

Paolo

> ----------------------------------------------------------------
> Sean Christopherson (2):
>       KVM: Remove subtle "struct kvm_stats_desc" pseudo-overlay
>       Documentation: KVM: Formalizing taking vcpu->mutex *outside* of kvm->slots_lock
>
>  Documentation/virt/kvm/locking.rst |  2 +
>  arch/arm64/kvm/guest.c             |  4 +-
>  arch/loongarch/kvm/vcpu.c          |  2 +-
>  arch/loongarch/kvm/vm.c            |  2 +-
>  arch/mips/kvm/mips.c               |  4 +-
>  arch/powerpc/kvm/book3s.c          |  4 +-
>  arch/powerpc/kvm/booke.c           |  4 +-
>  arch/riscv/kvm/vcpu.c              |  2 +-
>  arch/riscv/kvm/vm.c                |  2 +-
>  arch/s390/kvm/kvm-s390.c           |  4 +-
>  arch/x86/kvm/x86.c                 |  4 +-
>  include/linux/kvm_host.h           | 83 ++++++++++++++++----------------------
>  include/uapi/linux/kvm.h           |  8 ++++
>  virt/kvm/binary_stats.c            |  2 +-
>  virt/kvm/kvm_main.c                | 20 ++++-----
>  15 files changed, 72 insertions(+), 75 deletions(-)
>

Re: [GIT PULL] KVM: Generic changes for 6.20

[Paolo Bonzini]

On Mon, Feb 9, 2026 at 6:38 PM Paolo Bonzini <pbonzini@redhat.com> wrote:
>
> On Sat, Feb 7, 2026 at 5:10 AM Sean Christopherson <seanjc@google.com> wrote:
> >  - Document that vcpu->mutex is take outside of kvm->slots_lock, which is all
> >    kinds of unintuitive, but is unfortunately the existing behavior for
> >    multiple architectures, and in a weird way actually makes sense.
>
> I disagree that it is "arguably wrong" how you put it in the commit
> message. vcpu->mutex is really a "don't worry about multiple ioctls at
> the same time" mutex that tries to stay out of the way.  It only
> becomes unintuitive in special cases like
> tdx_acquire_vm_state_locks().
>
> By itself this would not be a reason to resend, but while at it you
> could mention that vcpu->mutex is taken outside kvm->slots_arch_lock?

... as well as mention kvm_alloc_apic_access_page() in the commit message.

Paolo

Re: [GIT PULL] KVM: Generic changes for 6.20

[Sean Christopherson]

On Mon, Feb 09, 2026, Paolo Bonzini wrote:
> On Mon, Feb 9, 2026 at 6:38 PM Paolo Bonzini <pbonzini@redhat.com> wrote:
> >
> > On Sat, Feb 7, 2026 at 5:10 AM Sean Christopherson <seanjc@google.com> wrote:
> > >  - Document that vcpu->mutex is take outside of kvm->slots_lock, which is all
> > >    kinds of unintuitive, but is unfortunately the existing behavior for
> > >    multiple architectures, and in a weird way actually makes sense.
> >
> > I disagree that it is "arguably wrong" how you put it in the commit
> > message. vcpu->mutex is really a "don't worry about multiple ioctls at
> > the same time" mutex that tries to stay out of the way.  It only
> > becomes unintuitive in special cases like
> > tdx_acquire_vm_state_locks().
> >
> > By itself this would not be a reason to resend, but while at it you
> > could mention that vcpu->mutex is taken outside kvm->slots_arch_lock?
> 
> ... as well as mention kvm_alloc_apic_access_page() in the commit message.

Ya, will do.

Re: [GIT PULL] KVM: Generic changes for 6.20

[Sean Christopherson]

On Mon, Feb 09, 2026, Sean Christopherson wrote:
> On Mon, Feb 09, 2026, Paolo Bonzini wrote:
> > On Mon, Feb 9, 2026 at 6:38 PM Paolo Bonzini <pbonzini@redhat.com> wrote:
> > >
> > > On Sat, Feb 7, 2026 at 5:10 AM Sean Christopherson <seanjc@google.com> wrote:
> > > >  - Document that vcpu->mutex is take outside of kvm->slots_lock, which is all
> > > >    kinds of unintuitive, but is unfortunately the existing behavior for
> > > >    multiple architectures, and in a weird way actually makes sense.
> > >
> > > I disagree that it is "arguably wrong" how you put it in the commit
> > > message. vcpu->mutex is really a "don't worry about multiple ioctls at
> > > the same time" mutex that tries to stay out of the way.  It only
> > > becomes unintuitive in special cases like
> > > tdx_acquire_vm_state_locks().
> > >
> > > By itself this would not be a reason to resend, but while at it you
> > > could mention that vcpu->mutex is taken outside kvm->slots_arch_lock?
> > 
> > ... as well as mention kvm_alloc_apic_access_page() in the commit message.
> 
> Ya, will do.

Finally got around to prepping a v2, and I realized that vcpu->mutex isn't held
when kvm_alloc_apic_access_page() is called, and thus isn't (currently) taken
outside kvm->slots_arch_lock.

avic_init_backing_page() and kvm_alloc_apic_access_page() are called with a vCPU,
but only via kvm_arch_vcpu_create(), when neither vcpu->mutex nor kvm->lock are
held (the vCPU is still unreachable).

Given that locking.rst doesn't bother documenting that kvm->lock is taken outside
kvm->slots_arch_lock (there's a whole section on slots locking), I'm inclined to
keep the new entry as just:

  - vcpu->mutex is taken outside kvm->slots_lock

But update the changelog to not claim that the behavior is "arguablyh wrong".  

Re: [GIT PULL] KVM: Generic changes for 6.20

[Paolo Bonzini]

On Sat, Feb 28, 2026 at 12:21 AM Sean Christopherson <seanjc@google.com> wrote:
> Finally got around to prepping a v2, and I realized that vcpu->mutex isn't held
> when kvm_alloc_apic_access_page() is called, and thus isn't (currently) taken
> outside kvm->slots_arch_lock.

It is, via kvm_mmu_new_pgd (kvm_mmu_reload -> kvm_mmu_load ->
mmu_alloc_shadow_roots -> mmu_first_shadow_root_alloc).  In fact
commit b10a038e added slots_arch_lock exactly to have something that
could be taken within the SRCU critical section, and thus within
vcpu->mutex :)

(slots_arch_lock is also taken inside slots_lock, and therefore it
must be taken inside vcpu->mutex transitively; but more to the point
it exists specifically to be taken during KVM_RUN).

> But update the changelog to not claim that the behavior is "arguablyh wrong".

That too, yes.

Paolo

Re: [GIT PULL] KVM: Generic changes for 6.20

[Sean Christopherson]

On Sat, Feb 28, 2026, Paolo Bonzini wrote:
> On Sat, Feb 28, 2026 at 12:21 AM Sean Christopherson <seanjc@google.com> wrote:
> > Finally got around to prepping a v2, and I realized that vcpu->mutex isn't held
> > when kvm_alloc_apic_access_page() is called, and thus isn't (currently) taken
> > outside kvm->slots_arch_lock.
> 
> It is, via kvm_mmu_new_pgd (kvm_mmu_reload -> kvm_mmu_load ->
> mmu_alloc_shadow_roots -> mmu_first_shadow_root_alloc).  In fact
> commit b10a038e added slots_arch_lock exactly to have something that
> could be taken within the SRCU critical section, and thus within
> vcpu->mutex :)

Oh, right, duh.  I was fixated on kvm_alloc_apic_access_page() and didn't think
about the "other" side of the lock (i.e. the whole reason the lock exists...).

Oof, and it's also taken via

  kvm_inhibit_apic_access_page()
  |
  -> __x86_set_memory_region()
     |
     -> kvm_set_internal_memslot()
        |
        -> kvm_set_memory_region()
           |
           -> kvm_set_memslot()

So I was right about kvm_alloc_apic_access_page(), and wrong about everything
else.  Go me.

> (slots_arch_lock is also taken inside slots_lock, and therefore it
> must be taken inside vcpu->mutex transitively; but more to the point
> it exists specifically to be taken during KVM_RUN).

[GIT PULL] KVM: guest_memfd changes for 6.20

[Sean Christopherson]

In preparation (pun intended) for in-place conversion, drop gmem's preparation
tracking, GUP source pages outside of filemap invalidate lock to avoid AB-BA
locking, and require source pages to be 4KiB aligned.

Regarding the retroactive alignment requirement, I know we discussed it in PUCK,
but I forget if we ever formalized a decision there.  After going over various
VMMs, we gained enough confidence to just bite the bullet and hope for the best.

The following changes since commit 9ace4753a5202b02191d54e9fdf7f9e3d02b85eb:

  Linux 6.19-rc4 (2026-01-04 14:41:55 -0800)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-gmem-6.20

for you to fetch changes up to 2a62345b30529e488beb6a1220577b3495933724:

  KVM: guest_memfd: GUP source pages prior to populating guest memory (2026-01-15 12:31:17 -0800)

----------------------------------------------------------------
KVM guest_memfd changes for 6.20

 - Remove kvm_gmem_populate()'s preparation tracking and half-baked hugepage
   handling, and instead rely on SNP (the only user of the tracking) to do its
   own tracking via the RMP.

 - Retroactively document and enforce (for SNP) that KVM_SEV_SNP_LAUNCH_UPDATE
   and KVM_TDX_INIT_MEM_REGION require the source page to be 4KiB aligned, to
   avoid non-trivial complexity for a non-existent usecase (and because
   in-place conversion simply can't support unaligned sources).

 - When populating guest_memfd memory, GUP the source page in common code and
   pass the refcounted page to the vendor callback, instead of letting vendor
   code do the heavy lifting.  Doing so avoids a looming deadlock bug with
   in-place due an AB-BA conflict betwee mmap_lock and guest_memfd's filemap
   invalidate lock.

----------------------------------------------------------------
Michael Roth (5):
      KVM: guest_memfd: Remove partial hugepage handling from kvm_gmem_populate()
      KVM: guest_memfd: Remove preparation tracking
      KVM: SEV: Document/enforce page-alignment for KVM_SEV_SNP_LAUNCH_UPDATE
      KVM: TDX: Document alignment requirements for KVM_TDX_INIT_MEM_REGION
      KVM: guest_memfd: GUP source pages prior to populating guest memory

Yan Zhao (1):
      KVM: SVM: Fix a missing kunmap_local() in sev_gmem_post_populate()

 .../virt/kvm/x86/amd-memory-encryption.rst         |   2 +-
 Documentation/virt/kvm/x86/intel-tdx.rst           |   2 +-
 arch/x86/kvm/svm/sev.c                             | 108 +++++++---------
 arch/x86/kvm/vmx/tdx.c                             |  16 +--
 include/linux/kvm_host.h                           |   4 +-
 virt/kvm/guest_memfd.c                             | 139 +++++++++++----------
 6 files changed, 130 insertions(+), 141 deletions(-)

[GIT PULL] KVM: x86: Misc changes for 6.20

[Sean Christopherson]

No real theme here, truly a misc set of changes.  The most notable change is
the Suppress EOI Broadcast quirk (not actually implemented as a quirk), which
generated a _lot_ of discussion (David W. still isn't thrilled that in-kernel
I/O APIC support isn't included[*]), but overall I think we ended up with a
solid implementation.

[*] https://lore.kernel.org/all/83f9b0a5dd0bc1de9d1e61954f6dd5211df45163.camel@infradead.org

The following changes since commit 9ace4753a5202b02191d54e9fdf7f9e3d02b85eb:

  Linux 6.19-rc4 (2026-01-04 14:41:55 -0800)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-misc-6.20

for you to fetch changes up to 6517dfbcc918f970a928d9dc17586904bac06893:

  KVM: x86: Add x2APIC "features" to control EOI broadcast suppression (2026-01-30 13:28:35 -0800)

----------------------------------------------------------------
KVM x86 misc changes for 6.20

 - Disallow changing the virtual CPU model if L2 is active, for all the same
   reasons KVM disallows change the model after the first KVM_RUN.

 - Fix a bug where KVM would incorrectly reject host accesses to PV MSRs that
   were advertised as supported to userspace when running with
   KVM_CAP_ENFORCE_PV_FEATURE_CPUID enabled.

 - Fix a bug where KVM would attempt to read protect guest state (CR3) when
   configuring an async #PF entry.

 - Fail the build if EXPORT_SYMBOL_GPL or EXPORT_SYMBOL is used in KVM (for x86
   only) to enforce usage of EXPORT_SYMBOL_FOR_KVM_INTERNAL.  Explicitly allow
   the few exports that are intended for external usage.

 - Ignore -EBUSY when checking nested events after a vCPU exits blocking as
   the WARN is user-triggerable, and because exiting to userspace on -EBUSY
   does more harm than good in pretty much every situation.

 - Throw in the towel and drop the WARN on INIT/SIPI being blocked when vCPU is
   in Wait-For-SIPI, as playing whack-a-mole with syzkaller turned out to be an
   unwinnable game.

 - Add support for new Intel instructions that don't require anything beyond
   enumerating feature flags to userspace.

 - Grab SRCU when reading PDPTRs in KVM_GET_SREGS2.

 - Add WARNs to guard against modifying KVM's CPU caps outside of the intended
   setup flow, as nested VMX in particular is sensitive to unexpected changes
   in KVM's golden configuration.

 - Add a quirk to allow userspace to opt-in to actually suppress EOI broadcasts
   when the suppression feature is enabled by the guest (currently limited to
   split IRQCHIP, i.e. userspace I/O APIC).  Sadly, simply fixing KVM to honor
   Suppress EOI Broadcasts isn't an option as some userspaces have come to rely
   on KVM's buggy behavior (KVM advertises Supress EOI Broadcast irrespective
   of whether or not userspace I/O APIC supports Directed EOIs).

 - Minor cleanups.

----------------------------------------------------------------
Jun Miao (1):
      KVM: x86: align the code with kvm_x86_call()

Khushit Shah (1):
      KVM: x86: Add x2APIC "features" to control EOI broadcast suppression

Sean Christopherson (6):
      KVM: x86: Disallow setting CPUID and/or feature MSRs if L2 is active
      KVM: x86: Return "unsupported" instead of "invalid" on access to unsupported PV MSR
      KVM: x86: Enforce use of EXPORT_SYMBOL_FOR_KVM_INTERNAL
      KVM: x86: Ignore -EBUSY when checking nested events from vcpu_block()
      KVM: x86: Drop WARN on INIT/SIPI being blocked when vCPU is in Wait-For-SIPI
      KVM: x86: Harden against unexpected adjustments to kvm_cpu_caps

Vasiliy Kovalev (1):
      KVM: x86: Add SRCU protection for reading PDPTRs in __get_sregs2()

Xiaoyao Li (1):
      KVM: x86: Don't read guest CR3 when doing async pf while the MMU is direct

Zhao Liu (4):
      KVM: x86: Advertise MOVRS CPUID to userspace
      KVM: x86: Advertise AMX CPUIDs in subleaf 0x1E.0x1 to userspace
      KVM: x86: Advertise AVX10.2 CPUID to userspace
      KVM: x86: Advertise AVX10_VNNI_INT CPUID to userspace

 Documentation/virt/kvm/api.rst     | 28 ++++++++++++-
 arch/x86/include/asm/cpufeatures.h |  1 +
 arch/x86/include/asm/kvm_host.h    |  9 +++++
 arch/x86/include/uapi/asm/kvm.h    |  6 ++-
 arch/x86/kvm/Makefile              | 49 +++++++++++++++++++++++
 arch/x86/kvm/cpuid.c               | 75 +++++++++++++++++++++++++++++------
 arch/x86/kvm/cpuid.h               | 12 +++++-
 arch/x86/kvm/ioapic.c              |  2 +-
 arch/x86/kvm/lapic.c               | 77 +++++++++++++++++++++++++++++++-----
 arch/x86/kvm/lapic.h               |  2 +
 arch/x86/kvm/mmu/mmu.c             | 11 +++---
 arch/x86/kvm/pmu.c                 |  2 +-
 arch/x86/kvm/reverse_cpuid.h       | 19 +++++++++
 arch/x86/kvm/svm/svm.c             |  4 +-
 arch/x86/kvm/vmx/vmx.c             |  4 +-
 arch/x86/kvm/x86.c                 | 81 +++++++++++++++++++++++---------------
 arch/x86/kvm/x86.h                 | 15 ++++++-
 17 files changed, 328 insertions(+), 69 deletions(-)

Re: [GIT PULL] KVM: x86: Misc changes for 6.20

[Paolo Bonzini]

On Sat, Feb 7, 2026 at 5:10 AM Sean Christopherson <seanjc@google.com> wrote:
>  - Add WARNs to guard against modifying KVM's CPU caps outside of the intended
>    setup flow, as nested VMX in particular is sensitive to unexpected changes
>    in KVM's golden configuration.

Possible follow-up: does it make sense to sync kvm_caps.supported_xss
by calling kvm_setup_xss_caps() from kvm_finalize_cpu_caps()?

In the meanwhile I've pulled this of course---thanks!

Paolo

>  - Add a quirk to allow userspace to opt-in to actually suppress EOI broadcasts
>    when the suppression feature is enabled by the guest (currently limited to
>    split IRQCHIP, i.e. userspace I/O APIC).  Sadly, simply fixing KVM to honor
>    Suppress EOI Broadcasts isn't an option as some userspaces have come to rely
>    on KVM's buggy behavior (KVM advertises Supress EOI Broadcast irrespective
>    of whether or not userspace I/O APIC supports Directed EOIs).
>
>  - Minor cleanups.
>
> ----------------------------------------------------------------
> Jun Miao (1):
>       KVM: x86: align the code with kvm_x86_call()
>
> Khushit Shah (1):
>       KVM: x86: Add x2APIC "features" to control EOI broadcast suppression
>
> Sean Christopherson (6):
>       KVM: x86: Disallow setting CPUID and/or feature MSRs if L2 is active
>       KVM: x86: Return "unsupported" instead of "invalid" on access to unsupported PV MSR
>       KVM: x86: Enforce use of EXPORT_SYMBOL_FOR_KVM_INTERNAL
>       KVM: x86: Ignore -EBUSY when checking nested events from vcpu_block()
>       KVM: x86: Drop WARN on INIT/SIPI being blocked when vCPU is in Wait-For-SIPI
>       KVM: x86: Harden against unexpected adjustments to kvm_cpu_caps
>
> Vasiliy Kovalev (1):
>       KVM: x86: Add SRCU protection for reading PDPTRs in __get_sregs2()
>
> Xiaoyao Li (1):
>       KVM: x86: Don't read guest CR3 when doing async pf while the MMU is direct
>
> Zhao Liu (4):
>       KVM: x86: Advertise MOVRS CPUID to userspace
>       KVM: x86: Advertise AMX CPUIDs in subleaf 0x1E.0x1 to userspace
>       KVM: x86: Advertise AVX10.2 CPUID to userspace
>       KVM: x86: Advertise AVX10_VNNI_INT CPUID to userspace
>
>  Documentation/virt/kvm/api.rst     | 28 ++++++++++++-
>  arch/x86/include/asm/cpufeatures.h |  1 +
>  arch/x86/include/asm/kvm_host.h    |  9 +++++
>  arch/x86/include/uapi/asm/kvm.h    |  6 ++-
>  arch/x86/kvm/Makefile              | 49 +++++++++++++++++++++++
>  arch/x86/kvm/cpuid.c               | 75 +++++++++++++++++++++++++++++------
>  arch/x86/kvm/cpuid.h               | 12 +++++-
>  arch/x86/kvm/ioapic.c              |  2 +-
>  arch/x86/kvm/lapic.c               | 77 +++++++++++++++++++++++++++++++-----
>  arch/x86/kvm/lapic.h               |  2 +
>  arch/x86/kvm/mmu/mmu.c             | 11 +++---
>  arch/x86/kvm/pmu.c                 |  2 +-
>  arch/x86/kvm/reverse_cpuid.h       | 19 +++++++++
>  arch/x86/kvm/svm/svm.c             |  4 +-
>  arch/x86/kvm/vmx/vmx.c             |  4 +-
>  arch/x86/kvm/x86.c                 | 81 +++++++++++++++++++++++---------------
>  arch/x86/kvm/x86.h                 | 15 ++++++-
>  17 files changed, 328 insertions(+), 69 deletions(-)
>

Re: [GIT PULL] KVM: x86: Misc changes for 6.20

[Sean Christopherson]

On Mon, Feb 09, 2026, Paolo Bonzini wrote:
> On Sat, Feb 7, 2026 at 5:10 AM Sean Christopherson <seanjc@google.com> wrote:
> >  - Add WARNs to guard against modifying KVM's CPU caps outside of the intended
> >    setup flow, as nested VMX in particular is sensitive to unexpected changes
> >    in KVM's golden configuration.
> 
> Possible follow-up: does it make sense to sync kvm_caps.supported_xss
> by calling kvm_setup_xss_caps() from kvm_finalize_cpu_caps()?

Ha!  I did that in v1[*], but Xiaoyao didn't like that it hid the XSS setup, which
very technically aren't part of kvm_cpu_caps.  For the current code base, the pros
and cons of each approach seem to largely cancel each other out, so I think my vote
is to keep things as-is for now, and revisit things if/when we end up with more
common code that needs to run right before kvm_finalize_cpu_caps().

[*] https://lore.kernel.org/all/20260123221542.2498217-2-seanjc@google.com

[GIT PULL] KVM: x86: Mediated PMU for 6.20

[Sean Christopherson]

Mediated PMU support.  Note, this is based on perf-core-kvm-mediated-pmu from
the tip tree.  If the KVM pull request is merged before the perf request, this
will pull in another ~25 commits.

The following changes since commit 01122b89361e565b3c88b9fbebe92dc5c7420cb7:

  perf: Use EXPORT_SYMBOL_FOR_KVM() for the mediated APIs (2025-12-19 08:54:59 +0100)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-pmu-6.20

for you to fetch changes up to d374b89edbb9a8d552e03348f59287ff779b4c9d:

  KVM: VMX: Add mediated PMU support for CPUs without "save perf global ctrl" (2026-01-08 11:52:23 -0800)

----------------------------------------------------------------
KVM mediated PMU support for 6.20

Add support for mediated PMUs, where KVM gives the guest full ownership of PMU
hardware (contexted switched around the fastpath run loop) and allows direct
access to data MSRs and PMCs (restricted by the vPMU model), but intercepts
access to control registers, e.g. to enforce event filtering and to prevent the
guest from profiling sensitive host state.

To keep overall complexity reasonable, mediated PMU usage is all or nothing
for a given instance of KVM (controlled via module param).  The Mediated PMU
is disabled default, partly to maintain backwards compatilibity for existing
setup, partly because there are tradeoffs when running with a mediated PMU that
may be non-starters for some use cases, e.g. the host loses the ability to
profile guests with mediated PMUs, the fastpath run loop is also a blind spot,
entry/exit transitions are more expensive, etc.

Versus the emulated PMU, where KVM is "just another perf user", the mediated
PMU delivers more accurate profiling and monitoring (no risk of contention and
thus dropped events), with significantly less overhead (fewer exits and faster
emulation/programming of event selectors) E.g. when running Specint-2017 on
a single-socket Sapphire Rapids with 56 cores and no-SMT, and using perf from
within the guest:

  Perf command:
  a. basic-sampling: perf record -F 1000 -e 6-instructions  -a --overwrite
  b. multiplex-sampling: perf record -F 1000 -e 10-instructions -a --overwrite

  Guest performance overhead:
  ---------------------------------------------------------------------------
  | Test case          | emulated vPMU | all passthrough | passthrough with |
  |                    |               |                 | event filters    |
  ---------------------------------------------------------------------------
  | basic-sampling     |   33.62%      |    4.24%        |   6.21%          |
  ---------------------------------------------------------------------------
  | multiplex-sampling |   79.32%      |    7.34%        |   10.45%         |
  ---------------------------------------------------------------------------

----------------------------------------------------------------
Dapeng Mi (11):
      KVM: x86/pmu: Start stubbing in mediated PMU support
      KVM: x86/pmu: Implement Intel mediated PMU requirements and constraints
      KVM: x86/pmu: Disable RDPMC interception for compatible mediated vPMU
      KVM: x86/pmu: Load/save GLOBAL_CTRL via entry/exit fields for mediated PMU
      KVM: x86/pmu: Disable interception of select PMU MSRs for mediated vPMUs
      KVM: x86/pmu: Bypass perf checks when emulating mediated PMU counter accesses
      KVM: x86/pmu: Reprogram mediated PMU event selectors on event filter updates
      KVM: x86/pmu: Load/put mediated PMU context when entering/exiting guest
      KVM: x86/pmu: Handle emulated instruction for mediated vPMU
      KVM: nVMX: Add macros to simplify nested MSR interception setting
      KVM: x86/pmu: Expose enable_mediated_pmu parameter to user space

Mingwei Zhang (2):
      KVM: x86/pmu: Introduce eventsel_hw to prepare for pmu event filtering
      KVM: nVMX: Disable PMU MSR interception as appropriate while running L2

Sandipan Das (1):
      KVM: x86/pmu: Always stuff GuestOnly=1,HostOnly=0 for mediated PMCs on AMD

Sean Christopherson (15):
      KVM: Add a simplified wrapper for registering perf callbacks
      KVM: x86/pmu: Implement AMD mediated PMU requirements
      KVM: x86/pmu: Disallow emulation in the fastpath if mediated PMCs are active
      KVM: nSVM: Disable PMU MSR interception as appropriate while running L2
      KVM: x86/pmu: Elide WRMSRs when loading guest PMCs if values already match
      KVM: VMX: Drop intermediate "guest" field from msr_autostore
      KVM: nVMX: Don't update msr_autostore count when saving TSC for vmcs12
      KVM: VMX: Dedup code for removing MSR from VMCS's auto-load list
      KVM: VMX: Drop unused @entry_only param from add_atomic_switch_msr()
      KVM: VMX: Bug the VM if either MSR auto-load list is full
      KVM: VMX: Set MSR index auto-load entry if and only if entry is "new"
      KVM: VMX: Compartmentalize adding MSRs to host vs. guest auto-load list
      KVM: VMX: Dedup code for adding MSR to VMCS's auto list
      KVM: VMX: Initialize vmcs01.VM_EXIT_MSR_STORE_ADDR with list address
      KVM: VMX: Add mediated PMU support for CPUs without "save perf global ctrl"

Xiong Zhang (1):
      KVM: x86/pmu: Register PMI handler for mediated vPMU

 Documentation/admin-guide/kernel-parameters.txt |  49 ++++++++++++++++++++++
 arch/arm64/kvm/arm.c                            |   2 +-
 arch/loongarch/kvm/main.c                       |   2 +-
 arch/riscv/kvm/main.c                           |   2 +-
 arch/x86/include/asm/kvm-x86-pmu-ops.h          |   4 ++
 arch/x86/include/asm/kvm_host.h                 |   3 ++
 arch/x86/include/asm/msr-index.h                |   1 +
 arch/x86/include/asm/vmx.h                      |   1 +
 arch/x86/kvm/pmu.c                              | 269 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
 arch/x86/kvm/pmu.h                              |  37 +++++++++++++++-
 arch/x86/kvm/svm/nested.c                       |  18 +++++++-
 arch/x86/kvm/svm/pmu.c                          |  44 +++++++++++++++++++
 arch/x86/kvm/svm/svm.c                          |  46 ++++++++++++++++++++
 arch/x86/kvm/vmx/capabilities.h                 |   9 +++-
 arch/x86/kvm/vmx/nested.c                       | 144 ++++++++++++++++++++++++++++++++++-----------------------------
 arch/x86/kvm/vmx/pmu_intel.c                    |  92 ++++++++++++++++++++++++++++++++++------
 arch/x86/kvm/vmx/pmu_intel.h                    |  15 +++++++
 arch/x86/kvm/vmx/vmx.c                          | 212 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----------------------
 arch/x86/kvm/vmx/vmx.h                          |   9 ++--
 arch/x86/kvm/x86.c                              |  54 ++++++++++++++++++++++--
 arch/x86/kvm/x86.h                              |   1 +
 include/linux/kvm_host.h                        |  11 ++++-
 virt/kvm/kvm_main.c                             |   5 ++-
 23 files changed, 876 insertions(+), 154 deletions(-)

Re: [GIT PULL] KVM: x86: Mediated PMU for 6.20

[Sean Christopherson]

On Fri, Feb 06, 2026, Sean Christopherson wrote:
> Mediated PMU support.  Note, this is based on perf-core-kvm-mediated-pmu from
> the tip tree.  If the KVM pull request is merged before the perf request, this
> will pull in another ~25 commits.

Perf pull request: https://lore.kernel.org/all/aYmF-cST9h4MhX3I@gmail.com

[GIT PULL] KVM: selftests changes for 6.20

[Sean Christopherson]

Stub in stage-2 MMU support in the core infrastructure, and extend x86's MMU
infrastructure to support EPT and NPT.  As noted in the cover letter, this
conflicts with some RISC-V changes.

The following changes since commit 9ace4753a5202b02191d54e9fdf7f9e3d02b85eb:

  Linux 6.19-rc4 (2026-01-04 14:41:55 -0800)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-selftests-6.20

for you to fetch changes up to a91cc48246605af9aeef1edd32232976d74d9502:

  KVM: selftests: Test READ=>WRITE dirty logging behavior for shadow MMU (2026-01-16 07:48:54 -0800)

----------------------------------------------------------------
KVM selftests changes for 6.20

 - Add a regression test for TPR<=>CR8 synchronization and IRQ masking.

 - Overhaul selftest's MMU infrastructure to genericize stage-2 MMU support,
   and extend x86's infrastructure to support EPT and NPT (for L2 guests).

 - Extend several nested VMX tests to also cover nested SVM.

 - Add a selftest for nested VMLOAD/VMSAVE.

 - Rework the nested dirty log test, originally added as a regression test for
   PML where KVM logged L2 GPAs instead of L1 GPAs, to improve test coverage
   and to hopefully make the test easier to understand and maintain.

----------------------------------------------------------------
MJ Pooladkhay (1):
      KVM: selftests: Fix sign extension bug in get_desc64_base()

Maciej S. Szmigiero (1):
      KVM: selftests: Test TPR / CR8 sync and interrupt masking

Sean Christopherson (7):
      KVM: selftests: Add "struct kvm_mmu" to track a given MMU instance
      KVM: selftests: Plumb "struct kvm_mmu" into x86's MMU APIs
      KVM: selftests: Add a "struct kvm_mmu_arch arch" member to kvm_mmu
      KVM: selftests: Add a stage-2 MMU instance to kvm_vm
      KVM: selftests: Move TDP mapping functions outside of vmx.c
      KVM: selftests: Rename vm_get_page_table_entry() to vm_get_pte()
      KVM: selftests: Test READ=>WRITE dirty logging behavior for shadow MMU

Yosry Ahmed (16):
      KVM: selftests: Make __vm_get_page_table_entry() static
      KVM: selftests: Stop passing a memslot to nested_map_memslot()
      KVM: selftests: Rename nested TDP mapping functions
      KVM: selftests: Kill eptPageTablePointer
      KVM: selftests: Stop setting A/D bits when creating EPT PTEs
      KVM: selftests: Move PTE bitmasks to kvm_mmu
      KVM: selftests: Use a TDP MMU to share EPT page tables between vCPUs
      KVM: selftests: Stop passing VMX metadata to TDP mapping functions
      KVM: selftests: Reuse virt mapping functions for nested EPTs
      KVM: selftests: Allow kvm_cpu_has_ept() to be called on AMD CPUs
      KVM: selftests: Add support for nested NPTs
      KVM: selftests: Set the user bit on nested NPT PTEs
      KVM: selftests: Extend vmx_dirty_log_test to cover SVM
      KVM: selftests: Extend memstress to run on nested SVM
      KVM: selftests: Slightly simplify memstress_setup_nested()
      KVM: selftests: Add a selftests for nested VMLOAD/VMSAVE

 tools/testing/selftests/kvm/Makefile.kvm           |   4 +-
 .../selftests/kvm/include/arm64/kvm_util_arch.h    |   2 +
 tools/testing/selftests/kvm/include/kvm_util.h     |  18 +-
 .../kvm/include/loongarch/kvm_util_arch.h          |   1 +
 .../selftests/kvm/include/riscv/kvm_util_arch.h    |   1 +
 .../selftests/kvm/include/s390/kvm_util_arch.h     |   1 +
 tools/testing/selftests/kvm/include/x86/apic.h     |   3 +
 .../selftests/kvm/include/x86/kvm_util_arch.h      |  22 ++
 .../testing/selftests/kvm/include/x86/processor.h  |  65 +++--
 tools/testing/selftests/kvm/include/x86/svm_util.h |   9 +
 tools/testing/selftests/kvm/include/x86/vmx.h      |  16 +-
 tools/testing/selftests/kvm/lib/arm64/processor.c  |  38 +--
 tools/testing/selftests/kvm/lib/kvm_util.c         |  28 +-
 .../selftests/kvm/lib/loongarch/processor.c        |  28 +-
 tools/testing/selftests/kvm/lib/riscv/processor.c  |  31 +--
 tools/testing/selftests/kvm/lib/s390/processor.c   |  16 +-
 tools/testing/selftests/kvm/lib/x86/memstress.c    |  65 +++--
 tools/testing/selftests/kvm/lib/x86/processor.c    | 237 +++++++++++++----
 tools/testing/selftests/kvm/lib/x86/svm.c          |  27 ++
 tools/testing/selftests/kvm/lib/x86/vmx.c          | 251 ++++--------------
 tools/testing/selftests/kvm/x86/hyperv_tlb_flush.c |   2 +-
 .../selftests/kvm/x86/nested_dirty_log_test.c      | 293 +++++++++++++++++++++
 .../selftests/kvm/x86/nested_vmsave_vmload_test.c  | 197 ++++++++++++++
 .../kvm/x86/smaller_maxphyaddr_emulation_test.c    |   4 +-
 .../testing/selftests/kvm/x86/vmx_dirty_log_test.c | 179 -------------
 .../selftests/kvm/x86/vmx_nested_la57_state_test.c |   2 +-
 tools/testing/selftests/kvm/x86/xapic_tpr_test.c   | 276 +++++++++++++++++++
 27 files changed, 1244 insertions(+), 572 deletions(-)
 create mode 100644 tools/testing/selftests/kvm/x86/nested_dirty_log_test.c
 create mode 100644 tools/testing/selftests/kvm/x86/nested_vmsave_vmload_test.c
 delete mode 100644 tools/testing/selftests/kvm/x86/vmx_dirty_log_test.c
 create mode 100644 tools/testing/selftests/kvm/x86/xapic_tpr_test.c

Re: [GIT PULL] KVM: selftests changes for 6.20

[Paolo Bonzini]

On Sat, Feb 7, 2026 at 5:10 AM Sean Christopherson <seanjc@google.com> wrote:
>
> Stub in stage-2 MMU support in the core infrastructure, and extend x86's MMU
> infrastructure to support EPT and NPT.  As noted in the cover letter, this
> conflicts with some RISC-V changes.
>
> The following changes since commit 9ace4753a5202b02191d54e9fdf7f9e3d02b85eb:
>
>   Linux 6.19-rc4 (2026-01-04 14:41:55 -0800)
>
> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-selftests-6.20
>
> for you to fetch changes up to a91cc48246605af9aeef1edd32232976d74d9502:
>
>   KVM: selftests: Test READ=>WRITE dirty logging behavior for shadow MMU (2026-01-16 07:48:54 -0800)
>
> ----------------------------------------------------------------
> KVM selftests changes for 6.20
>
>  - Add a regression test for TPR<=>CR8 synchronization and IRQ masking.
>
>  - Overhaul selftest's MMU infrastructure to genericize stage-2 MMU support,
>    and extend x86's infrastructure to support EPT and NPT (for L2 guests).
>
>  - Extend several nested VMX tests to also cover nested SVM.
>
>  - Add a selftest for nested VMLOAD/VMSAVE.
>
>  - Rework the nested dirty log test, originally added as a regression test for
>    PML where KVM logged L2 GPAs instead of L1 GPAs, to improve test coverage
>    and to hopefully make the test easier to understand and maintain.

Pulled, thanks.

Paolo

> ----------------------------------------------------------------
> MJ Pooladkhay (1):
>       KVM: selftests: Fix sign extension bug in get_desc64_base()
>
> Maciej S. Szmigiero (1):
>       KVM: selftests: Test TPR / CR8 sync and interrupt masking
>
> Sean Christopherson (7):
>       KVM: selftests: Add "struct kvm_mmu" to track a given MMU instance
>       KVM: selftests: Plumb "struct kvm_mmu" into x86's MMU APIs
>       KVM: selftests: Add a "struct kvm_mmu_arch arch" member to kvm_mmu
>       KVM: selftests: Add a stage-2 MMU instance to kvm_vm
>       KVM: selftests: Move TDP mapping functions outside of vmx.c
>       KVM: selftests: Rename vm_get_page_table_entry() to vm_get_pte()
>       KVM: selftests: Test READ=>WRITE dirty logging behavior for shadow MMU
>
> Yosry Ahmed (16):
>       KVM: selftests: Make __vm_get_page_table_entry() static
>       KVM: selftests: Stop passing a memslot to nested_map_memslot()
>       KVM: selftests: Rename nested TDP mapping functions
>       KVM: selftests: Kill eptPageTablePointer
>       KVM: selftests: Stop setting A/D bits when creating EPT PTEs
>       KVM: selftests: Move PTE bitmasks to kvm_mmu
>       KVM: selftests: Use a TDP MMU to share EPT page tables between vCPUs
>       KVM: selftests: Stop passing VMX metadata to TDP mapping functions
>       KVM: selftests: Reuse virt mapping functions for nested EPTs
>       KVM: selftests: Allow kvm_cpu_has_ept() to be called on AMD CPUs
>       KVM: selftests: Add support for nested NPTs
>       KVM: selftests: Set the user bit on nested NPT PTEs
>       KVM: selftests: Extend vmx_dirty_log_test to cover SVM
>       KVM: selftests: Extend memstress to run on nested SVM
>       KVM: selftests: Slightly simplify memstress_setup_nested()
>       KVM: selftests: Add a selftests for nested VMLOAD/VMSAVE
>
>  tools/testing/selftests/kvm/Makefile.kvm           |   4 +-
>  .../selftests/kvm/include/arm64/kvm_util_arch.h    |   2 +
>  tools/testing/selftests/kvm/include/kvm_util.h     |  18 +-
>  .../kvm/include/loongarch/kvm_util_arch.h          |   1 +
>  .../selftests/kvm/include/riscv/kvm_util_arch.h    |   1 +
>  .../selftests/kvm/include/s390/kvm_util_arch.h     |   1 +
>  tools/testing/selftests/kvm/include/x86/apic.h     |   3 +
>  .../selftests/kvm/include/x86/kvm_util_arch.h      |  22 ++
>  .../testing/selftests/kvm/include/x86/processor.h  |  65 +++--
>  tools/testing/selftests/kvm/include/x86/svm_util.h |   9 +
>  tools/testing/selftests/kvm/include/x86/vmx.h      |  16 +-
>  tools/testing/selftests/kvm/lib/arm64/processor.c  |  38 +--
>  tools/testing/selftests/kvm/lib/kvm_util.c         |  28 +-
>  .../selftests/kvm/lib/loongarch/processor.c        |  28 +-
>  tools/testing/selftests/kvm/lib/riscv/processor.c  |  31 +--
>  tools/testing/selftests/kvm/lib/s390/processor.c   |  16 +-
>  tools/testing/selftests/kvm/lib/x86/memstress.c    |  65 +++--
>  tools/testing/selftests/kvm/lib/x86/processor.c    | 237 +++++++++++++----
>  tools/testing/selftests/kvm/lib/x86/svm.c          |  27 ++
>  tools/testing/selftests/kvm/lib/x86/vmx.c          | 251 ++++--------------
>  tools/testing/selftests/kvm/x86/hyperv_tlb_flush.c |   2 +-
>  .../selftests/kvm/x86/nested_dirty_log_test.c      | 293 +++++++++++++++++++++
>  .../selftests/kvm/x86/nested_vmsave_vmload_test.c  | 197 ++++++++++++++
>  .../kvm/x86/smaller_maxphyaddr_emulation_test.c    |   4 +-
>  .../testing/selftests/kvm/x86/vmx_dirty_log_test.c | 179 -------------
>  .../selftests/kvm/x86/vmx_nested_la57_state_test.c |   2 +-
>  tools/testing/selftests/kvm/x86/xapic_tpr_test.c   | 276 +++++++++++++++++++
>  27 files changed, 1244 insertions(+), 572 deletions(-)
>  create mode 100644 tools/testing/selftests/kvm/x86/nested_dirty_log_test.c
>  create mode 100644 tools/testing/selftests/kvm/x86/nested_vmsave_vmload_test.c
>  delete mode 100644 tools/testing/selftests/kvm/x86/vmx_dirty_log_test.c
>  create mode 100644 tools/testing/selftests/kvm/x86/xapic_tpr_test.c
>

[GIT PULL] KVM: x86: SVM changes for 6.20

[Sean Christopherson]

Complete the "u64 exit_code" cleanup, start fixing nSVM issues (a lot more of
those will be coming in the near future), virtualize EPAPS, and support for
fetching SNP certificates.

The following changes since commit 9ace4753a5202b02191d54e9fdf7f9e3d02b85eb:

  Linux 6.19-rc4 (2026-01-04 14:41:55 -0800)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-svm-6.20

for you to fetch changes up to 20c3c4108d58f87c711bf44cb0b498b3ac5af6bf:

  KVM: SEV: Add KVM_SEV_SNP_ENABLE_REQ_CERTS command (2026-01-23 09:14:16 -0800)

----------------------------------------------------------------
KVM SVM changes for 6.20

 - Drop a user-triggerable WARN on nested_svm_load_cr3() failure.

 - Add support for virtualizing ERAPS.  Note, correct virtualization of ERAPS
   relies on an upcoming, publicly announced change in the APM to reduce the
   set of conditions where hardware (i.e. KVM) *must* flush the RAP.

 - Ignore nSVM intercepts for instructions that are not supported according to
   L1's virtual CPU model.

 - Add support for expedited writes to the fast MMIO bus, a la VMX's fastpath
   for EPT Misconfig.

 - Don't set GIF when clearing EFER.SVME, as GIF exists independently of SVM,
   and allow userspace to restore nested state with GIF=0.

 - Treat exit_code as an unsigned 64-bit value through all of KVM.

 - Add support for fetching SNP certificates from userspace.

 - Fix a bug where KVM would use vmcb02 instead of vmcb01 when emulating VMLOAD
   or VMSAVE on behalf of L2.

 - Misc fixes and cleanups.

----------------------------------------------------------------
Amit Shah (1):
      KVM: SVM: Virtualize and advertise support for ERAPS

Jim Mattson (2):
      KVM: SVM: Don't set GIF when clearing EFER.SVME
      KVM: SVM: Allow KVM_SET_NESTED_STATE to clear GIF when SVME==0

Kevin Cheng (1):
      KVM: SVM: Don't allow L1 intercepts for instructions not advertised

Michael Roth (2):
      KVM: Introduce KVM_EXIT_SNP_REQ_CERTS for SNP certificate-fetching
      KVM: SEV: Add KVM_SEV_SNP_ENABLE_REQ_CERTS command

Sean Christopherson (14):
      KVM: nSVM: Remove a user-triggerable WARN on nested_svm_load_cr3() succeeding
      KVM: SVM: Rename "fault_address" to "gpa" in npf_interception()
      KVM: SVM: Add support for expedited writes to the fast MMIO bus
      KVM: SVM: Drop the module param to control SEV-ES DebugSwap
      KVM: SVM: Tag sev_supported_vmsa_features as read-only after init
      KVM: SVM: Add a helper to detect VMRUN failures
      KVM: SVM: Open code handling of unexpected exits in svm_invoke_exit_handler()
      KVM: SVM: Check for an unexpected VM-Exit after RETPOLINE "fast" handling
      KVM: SVM: Filter out 64-bit exit codes when invoking exit handlers on bare metal
      KVM: SVM: Treat exit_code as an unsigned 64-bit value through all of KVM
      KVM: SVM: Limit incorrect check on SVM_EXIT_ERR to running as a VM
      KVM: SVM: Harden exit_code against being used in Spectre-like attacks
      KVM: SVM: Assert that Hyper-V's HV_SVM_EXITCODE_ENL == SVM_EXIT_SW
      KVM: SVM: Fix an off-by-one typo in the comment for enabling AVIC by default

Yosry Ahmed (5):
      KVM: selftests: Use TEST_ASSERT_EQ() in test_vmx_nested_state()
      KVM: selftests: Extend vmx_set_nested_state_test to cover SVM
      KVM: nSVM: Drop redundant/wrong comment in nested_vmcb02_prepare_save()
      KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation
      KVM: SVM: Stop toggling virtual VMSAVE/VMLOAD on intercept recalc

 Documentation/virt/kvm/api.rst                     |  44 +++++++
 .../virt/kvm/x86/amd-memory-encryption.rst         |  52 ++++++++-
 arch/x86/include/asm/cpufeatures.h                 |   1 +
 arch/x86/include/asm/kvm_host.h                    |   8 ++
 arch/x86/include/asm/svm.h                         |   9 +-
 arch/x86/include/uapi/asm/kvm.h                    |   2 +
 arch/x86/include/uapi/asm/svm.h                    |  32 ++---
 arch/x86/kvm/cpuid.c                               |   9 +-
 arch/x86/kvm/svm/avic.c                            |   4 +-
 arch/x86/kvm/svm/hyperv.c                          |   7 +-
 arch/x86/kvm/svm/nested.c                          |  82 ++++++++-----
 arch/x86/kvm/svm/sev.c                             | 129 ++++++++++++++-------
 arch/x86/kvm/svm/svm.c                             | 121 ++++++++++++++-----
 arch/x86/kvm/svm/svm.h                             |  49 ++++++--
 arch/x86/kvm/trace.h                               |   6 +-
 arch/x86/kvm/x86.c                                 |  12 ++
 include/hyperv/hvgdk.h                             |   2 +-
 include/uapi/linux/kvm.h                           |   9 ++
 tools/testing/selftests/kvm/Makefile.kvm           |   2 +-
 tools/testing/selftests/kvm/include/x86/svm.h      |   3 +-
 ...nested_state_test.c => nested_set_state_test.c} | 128 +++++++++++++++++---
 .../kvm/x86/svm_nested_soft_inject_test.c          |   4 +-
 22 files changed, 559 insertions(+), 156 deletions(-)
 rename tools/testing/selftests/kvm/x86/{vmx_set_nested_state_test.c => nested_set_state_test.c} (70%)

Re: [GIT PULL] KVM: x86: SVM changes for 6.20

[Paolo Bonzini]

On Sat, Feb 7, 2026 at 5:10 AM Sean Christopherson <seanjc@google.com> wrote:
>
> Complete the "u64 exit_code" cleanup, start fixing nSVM issues (a lot more of
> those will be coming in the near future), virtualize EPAPS, and support for
> fetching SNP certificates.
>
> The following changes since commit 9ace4753a5202b02191d54e9fdf7f9e3d02b85eb:
>
>   Linux 6.19-rc4 (2026-01-04 14:41:55 -0800)
>
> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-svm-6.20
>
> for you to fetch changes up to 20c3c4108d58f87c711bf44cb0b498b3ac5af6bf:
>
>   KVM: SEV: Add KVM_SEV_SNP_ENABLE_REQ_CERTS command (2026-01-23 09:14:16 -0800)

Pulled, thanks.

Paolo

> ----------------------------------------------------------------
> KVM SVM changes for 6.20
>
>  - Drop a user-triggerable WARN on nested_svm_load_cr3() failure.
>
>  - Add support for virtualizing ERAPS.  Note, correct virtualization of ERAPS
>    relies on an upcoming, publicly announced change in the APM to reduce the
>    set of conditions where hardware (i.e. KVM) *must* flush the RAP.
>
>  - Ignore nSVM intercepts for instructions that are not supported according to
>    L1's virtual CPU model.
>
>  - Add support for expedited writes to the fast MMIO bus, a la VMX's fastpath
>    for EPT Misconfig.
>
>  - Don't set GIF when clearing EFER.SVME, as GIF exists independently of SVM,
>    and allow userspace to restore nested state with GIF=0.
>
>  - Treat exit_code as an unsigned 64-bit value through all of KVM.
>
>  - Add support for fetching SNP certificates from userspace.
>
>  - Fix a bug where KVM would use vmcb02 instead of vmcb01 when emulating VMLOAD
>    or VMSAVE on behalf of L2.
>
>  - Misc fixes and cleanups.
>
> ----------------------------------------------------------------
> Amit Shah (1):
>       KVM: SVM: Virtualize and advertise support for ERAPS
>
> Jim Mattson (2):
>       KVM: SVM: Don't set GIF when clearing EFER.SVME
>       KVM: SVM: Allow KVM_SET_NESTED_STATE to clear GIF when SVME==0
>
> Kevin Cheng (1):
>       KVM: SVM: Don't allow L1 intercepts for instructions not advertised
>
> Michael Roth (2):
>       KVM: Introduce KVM_EXIT_SNP_REQ_CERTS for SNP certificate-fetching
>       KVM: SEV: Add KVM_SEV_SNP_ENABLE_REQ_CERTS command
>
> Sean Christopherson (14):
>       KVM: nSVM: Remove a user-triggerable WARN on nested_svm_load_cr3() succeeding
>       KVM: SVM: Rename "fault_address" to "gpa" in npf_interception()
>       KVM: SVM: Add support for expedited writes to the fast MMIO bus
>       KVM: SVM: Drop the module param to control SEV-ES DebugSwap
>       KVM: SVM: Tag sev_supported_vmsa_features as read-only after init
>       KVM: SVM: Add a helper to detect VMRUN failures
>       KVM: SVM: Open code handling of unexpected exits in svm_invoke_exit_handler()
>       KVM: SVM: Check for an unexpected VM-Exit after RETPOLINE "fast" handling
>       KVM: SVM: Filter out 64-bit exit codes when invoking exit handlers on bare metal
>       KVM: SVM: Treat exit_code as an unsigned 64-bit value through all of KVM
>       KVM: SVM: Limit incorrect check on SVM_EXIT_ERR to running as a VM
>       KVM: SVM: Harden exit_code against being used in Spectre-like attacks
>       KVM: SVM: Assert that Hyper-V's HV_SVM_EXITCODE_ENL == SVM_EXIT_SW
>       KVM: SVM: Fix an off-by-one typo in the comment for enabling AVIC by default
>
> Yosry Ahmed (5):
>       KVM: selftests: Use TEST_ASSERT_EQ() in test_vmx_nested_state()
>       KVM: selftests: Extend vmx_set_nested_state_test to cover SVM
>       KVM: nSVM: Drop redundant/wrong comment in nested_vmcb02_prepare_save()
>       KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation
>       KVM: SVM: Stop toggling virtual VMSAVE/VMLOAD on intercept recalc
>
>  Documentation/virt/kvm/api.rst                     |  44 +++++++
>  .../virt/kvm/x86/amd-memory-encryption.rst         |  52 ++++++++-
>  arch/x86/include/asm/cpufeatures.h                 |   1 +
>  arch/x86/include/asm/kvm_host.h                    |   8 ++
>  arch/x86/include/asm/svm.h                         |   9 +-
>  arch/x86/include/uapi/asm/kvm.h                    |   2 +
>  arch/x86/include/uapi/asm/svm.h                    |  32 ++---
>  arch/x86/kvm/cpuid.c                               |   9 +-
>  arch/x86/kvm/svm/avic.c                            |   4 +-
>  arch/x86/kvm/svm/hyperv.c                          |   7 +-
>  arch/x86/kvm/svm/nested.c                          |  82 ++++++++-----
>  arch/x86/kvm/svm/sev.c                             | 129 ++++++++++++++-------
>  arch/x86/kvm/svm/svm.c                             | 121 ++++++++++++++-----
>  arch/x86/kvm/svm/svm.h                             |  49 ++++++--
>  arch/x86/kvm/trace.h                               |   6 +-
>  arch/x86/kvm/x86.c                                 |  12 ++
>  include/hyperv/hvgdk.h                             |   2 +-
>  include/uapi/linux/kvm.h                           |   9 ++
>  tools/testing/selftests/kvm/Makefile.kvm           |   2 +-
>  tools/testing/selftests/kvm/include/x86/svm.h      |   3 +-
>  ...nested_state_test.c => nested_set_state_test.c} | 128 +++++++++++++++++---
>  .../kvm/x86/svm_nested_soft_inject_test.c          |   4 +-
>  22 files changed, 559 insertions(+), 156 deletions(-)
>  rename tools/testing/selftests/kvm/x86/{vmx_set_nested_state_test.c => nested_set_state_test.c} (70%)
>

[GIT PULL] KVM: x86: VMX changes for 6.20

[Sean Christopherson]

The bulk of the changes are to disallow access to vmcs12 fields that aren't
fully supported, so that we don't have to carry a bunch of isolated checks
for shadowed fields.   But for me, the highlight is to finally print out the
offending offsets+values on VMCS config mismatches.

The following changes since commit 9ace4753a5202b02191d54e9fdf7f9e3d02b85eb:

  Linux 6.19-rc4 (2026-01-04 14:41:55 -0800)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-vmx-6.20

for you to fetch changes up to c0d6b8bbbced660e9c2efe079e2b2cb34b27d97f:

  KVM: VMX: Print out "bad" offsets+value on VMCS config mismatch (2026-01-30 13:27:46 -0800)

----------------------------------------------------------------
KVM VMX changes for 6.20

 - Fix an SGX bug where KVM would incorrectly try to handle EPCM #PFs by always
   relecting EPCM #PFs back into the guest.  KVM doesn't shadow EPCM entries,
   and so EPCM violations cannot be due to KVM interference, and can't be
   resolved by KVM.

 - Fix a bug where KVM would register its posted interrupt wakeup handler even
   if loading kvm-intel.ko ultimately failed.

 - Disallow access to vmcb12 fields that aren't fully supported, mostly to
   avoid weirdness and complexity for FRED and other features, where KVM wants
   enable VMCS shadowing for fields that conditionally exist.

 - Print out the "bad" offsets and values if kvm-intel.ko refuses to load (or
   refuses to online a CPU) due to a VMCS config mismatch.

----------------------------------------------------------------
Hou Wenlong (1):
      KVM: VMX: Don't register posted interrupt wakeup handler if alloc_kvm_area() fails

Sean Christopherson (6):
      KVM: VMX: Always reflect SGX EPCM #PFs back into the guest
      KVM: nVMX: Setup VMX MSRs on loading CPU during nested_vmx_hardware_setup()
      KVM: VMX: Add a wrapper around ROL16() to get a vmcs12 from a field encoding
      KVM: nVMX: Disallow access to vmcs12 fields that aren't supported by "hardware"
      KVM: nVMX: Remove explicit filtering of GUEST_INTR_STATUS from shadow VMCS fields
      KVM: VMX: Print out "bad" offsets+value on VMCS config mismatch

 arch/x86/kvm/vmx/hyperv_evmcs.c |  2 +-
 arch/x86/kvm/vmx/hyperv_evmcs.h |  2 +-
 arch/x86/kvm/vmx/nested.c       | 31 ++++++++-------
 arch/x86/kvm/vmx/vmcs.h         |  9 +++++
 arch/x86/kvm/vmx/vmcs12.c       | 74 +++++++++++++++++++++++++++++++++--
 arch/x86/kvm/vmx/vmcs12.h       |  8 ++--
 arch/x86/kvm/vmx/vmx.c          | 86 ++++++++++++++++++++++++++++++++---------
 7 files changed, 171 insertions(+), 41 deletions(-)