[GIT PULL] KVM: x86 pull requests for 7.1

[GIT PULL] KVM: x86 pull requests for 7.1

[Sean Christopherson]

There are some "fun" conflicts this time around between the "nested" pull
request and kvm/master (RSM fixes, ugh), and a notable oddity: there are two
versions of the "svm" pull request: a full version that includes a large set
of SEV changes to fix locking bugs and then add a lockdep assertion to guard
against similar bugs, and a short version without the SEV changes.

I'm including the partial/short version as the SEV changes haven't gotten
much soak time in -next, and (AFAIK) haven't been reviewed by anyone.  I
squeezed them into the initial pull request because the fixes are urgent
enough to warrant inclusion in 7.1 no matter what, and the hardening changes
largely fall into the category of "these either work or don't".

I don't have a strong preference between taking the full version now versus
waiting a ~week to give people more time to tell me what I broke.  But I do
really want to land the hardening sooner than later, e.g. see the rash of SEV+
bugs we've had...

[GIT PULL] KVM: x86: A lonely fix for 7.1

[Sean Christopherson]

Please pull a single fix for 7.1 that I tossed in a "fixes" branch with the
intent of sending it along for 7.0, and then promptly forgot about.

The following changes since commit d2ea4ff1ce50787a98a3900b3fb1636f3620b7cf:

  KVM: selftests: Verify SEV+ guests can read and write EFER, CR0, CR4, and CR8 (2026-03-12 17:31:53 +0100)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-fixes-7.1

for you to fetch changes up to 2619da73bb2f10d88f7e1087125c40144fdf0987:

  KVM: x86: Use __DECLARE_FLEX_ARRAY() for UAPI structures with VLAs (2026-03-12 10:56:10 -0700)

----------------------------------------------------------------
KVM x86 fixes for 7.1

Declare flexible arrays in uAPI structures using __DECLARE_FLEX_ARRAY() so
that KVM's uAPI headers can be included in C++ projects.

----------------------------------------------------------------
David Woodhouse (1):
      KVM: x86: Use __DECLARE_FLEX_ARRAY() for UAPI structures with VLAs

 arch/x86/include/uapi/asm/kvm.h | 12 ++++++------
 include/uapi/linux/kvm.h        | 11 ++++++-----
 2 files changed, 12 insertions(+), 11 deletions(-)

[GIT PULL] KVM: guest_memfd change for 7.1

[Sean Christopherson]

A single gmem change to not set FGP_ACCESSED, in preparation for in-place
conversion.

The following changes since commit 11439c4635edd669ae435eec308f4ab8a0804808:

  Linux 7.0-rc2 (2026-03-01 15:39:31 -0800)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-gmem-7.1

for you to fetch changes up to 6dad5447c7bfca26b5d72604b5378dca6dc58bbc:

  KVM: guest_memfd: Don't set FGP_ACCESSED when getting folios (2026-03-02 14:51:10 -0800)

----------------------------------------------------------------
KVM guest_memfd changes for 7.1

Don't mark guest_memfd folios as accessed, as guest_memfd doesn't support
reclaim, the memory is unevictable, and there is no storage to write back to.

----------------------------------------------------------------
Ackerley Tng (1):
      KVM: guest_memfd: Don't set FGP_ACCESSED when getting folios

 virt/kvm/guest_memfd.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

[GIT PULL] KVM: x86: Misc changes for 7.1

[Sean Christopherson]

A truly misc bundle of changes.  A few minor fixes, some cleanups, some
hardening, and one new feature (AVX512 BMM on AMD).

The following changes since commit 11439c4635edd669ae435eec308f4ab8a0804808:

  Linux 7.0-rc2 (2026-03-01 15:39:31 -0800)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-misc-7.1

for you to fetch changes up to de0bfdc7137d5132b71dd1fe7aa3ca3df4d68241:

  KVM: x86: Advertise AVX512 Bit Matrix Multiply (BMM) to userspace (2026-03-12 10:56:36 -0700)

----------------------------------------------------------------
KVM x86 misc changes for 7.1

 - Advertise support for AVX512 Bit Matrix Multiply (BMM) when it's present in
   hardware (no additional emulation/virtualization required).

 - Immediately fail the build if a required #define is missing in one of KVM's
   headers that is included multiple times.

 - Reject SET_GUEST_DEBUG with -EBUSY if there's an already injected exception,
   mostly to prevent syzkaller from abusing the uAPI to trigger WARNs, but also
   because it can help prevent userspace from unintentionally crashing the VM.

 - Exempt SMM from CPUID faulting on Intel, as per the spec.

 - Misc hardening and cleanup changes.

----------------------------------------------------------------
Anel Orazgaliyeva (1):
      KVM: X86: Fix array_index_nospec protection in __pv_send_ipi

Carlos López (1):
      KVM: x86/pmu: annotate struct kvm_x86_pmu_event_filter with __counted_by()

Jim Mattson (1):
      KVM: x86: Ignore cpuid faulting in SMM

Li RongQing (2):
      KVM: Mark halt poll and other module parameters with appropriate memory attributes
      KVM: SVM: Mark module parameters as __ro_after_init for security and performance

Nikunj A Dadhania (1):
      KVM: x86: Advertise AVX512 Bit Matrix Multiply (BMM) to userspace

Sean Christopherson (1):
      KVM: x86: Immediately fail the build when possible if required #define is missing

Uros Bizjak (1):
      KVM: x86: Zero-initialize temporary fxregs_state buffers in FXSAVE emulation

Yosry Ahmed (4):
      KVM: x86: Check for injected exceptions before queuing a debug exception
      KVM: x86: Drop redundant call to kvm_deliver_exception_payload()
      KVM: x86: Move some EFER bits enablement to common code
      KVM: x86: Use kvm_cpu_cap_has() for EFER bits enablement checks

xuanqingshi (1):
      KVM: x86: Add LAPIC guard in kvm_apic_write_nodecode()

 arch/x86/include/asm/cpufeatures.h     |  1 +
 arch/x86/include/asm/kvm-x86-ops.h     | 10 +++++----
 arch/x86/include/asm/kvm-x86-pmu-ops.h |  8 ++++---
 arch/x86/include/asm/kvm_host.h        |  2 +-
 arch/x86/kvm/cpuid.c                   |  6 ++++--
 arch/x86/kvm/emulate.c                 | 10 ++++-----
 arch/x86/kvm/lapic.c                   | 13 +++++++-----
 arch/x86/kvm/pmu.c                     |  2 +-
 arch/x86/kvm/svm/avic.c                |  4 ++--
 arch/x86/kvm/svm/sev.c                 |  8 +++----
 arch/x86/kvm/svm/svm.c                 | 39 ++++++++++++++--------------------
 arch/x86/kvm/vmx/vmcs_shadow_fields.h  |  5 +++--
 arch/x86/kvm/vmx/vmx.c                 |  4 ----
 arch/x86/kvm/x86.c                     | 26 +++++++++++++++++------
 virt/kvm/kvm_main.c                    | 12 +++++------
 15 files changed, 81 insertions(+), 69 deletions(-)

[GIT PULL] KVM: x86: Emulated MMIO changes for 7.1

[Sean Christopherson]

Emulated MMIO changes to fix a use-after-free (kernel stack) bug, and do a
spring cleaning of the code (though it could certainly use even more cleaning).

The following changes since commit 11439c4635edd669ae435eec308f4ab8a0804808:

  Linux 7.0-rc2 (2026-03-01 15:39:31 -0800)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-mmio-7.1

for you to fetch changes up to e2138c4a5be1e50d75281136bdc3e709cb07ec5e:

  KVM: x86: Add helpers to prepare kvm_run for userspace MMIO exit (2026-03-02 16:06:49 -0800)

----------------------------------------------------------------
KVM x86 emulated MMIO changes for 7.1

Copy single-chunk MMIO write values into a persistent (per-fragment) field to
fix use-after-free stack bugs due to KVM dereferencing a stack pointer after an
exit to userspace.

Clean up and comment the emulated MMIO code to try to make it easier to
maintain (not necessarily "easy", but "easier").

----------------------------------------------------------------
Sean Christopherson (14):
      KVM: x86: Use scratch field in MMIO fragment to hold small write values
      KVM: x86: Open code handling of completed MMIO reads in emulator_read_write()
      KVM: x86: Trace unsatisfied MMIO reads on a per-page basis
      KVM: x86: Use local MMIO fragment variable to clean up emulator_read_write()
      KVM: x86: Open code read vs. write userspace MMIO exits in emulator_read_write()
      KVM: x86: Move MMIO write tracing into vcpu_mmio_write()
      KVM: x86: Harden SEV-ES MMIO against on-stack use-after-free
      KVM: x86: Dedup kvm_sev_es_mmio_{read,write}()
      KVM: x86: Consolidate SEV-ES MMIO emulation into a single public API
      KVM: x86: Bury emulator read/write ops in emulator_{read,write}_emulated()
      KVM: x86: Fold emulator_write_phys() into write_emulate()
      KVM: x86: Rename .read_write_emulate() to .read_write_guest()
      KVM: x86: Don't panic the kernel if completing userspace I/O / MMIO goes sideways
      KVM: x86: Add helpers to prepare kvm_run for userspace MMIO exit

 arch/x86/include/asm/kvm_host.h |   3 -
 arch/x86/kvm/emulate.c          |  13 ++
 arch/x86/kvm/svm/sev.c          |  20 +--
 arch/x86/kvm/vmx/tdx.c          |  14 +-
 arch/x86/kvm/x86.c              | 287 ++++++++++++++++++----------------------
 arch/x86/kvm/x86.h              |  32 ++++-
 include/linux/kvm_host.h        |   3 +-
 7 files changed, 180 insertions(+), 192 deletions(-)

[GIT PULL] KVM: x86: MMU changes for 7.1

[Sean Christopherson]

Fix an amusing UBSAN warning where nx_huge_pages can be read before KVM is
fully loaded, optimize the unsync flow, and micro-optimize hugepage splitting
in the TDP MMU.

The following changes since commit 11439c4635edd669ae435eec308f4ab8a0804808:

  Linux 7.0-rc2 (2026-03-01 15:39:31 -0800)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-mmu-7.1

for you to fetch changes up to b3ae3ceb556945724d0c046ddb4ea0cf492a0ce6:

  KVM: x86/mmu: KVM: x86/mmu: Skip unsync when large pages are allowed (2026-03-12 10:36:01 -0700)

----------------------------------------------------------------
KVM x86 MMU changes for 7.1

 - Fix an undefined behavior warning where a crafty userspace can read kvm.ko's
   nx_huge_pages before it's fully initialized.

 - Don't zero-allocate page tables that are used for splitting hugepages in the
   TDP MMU, as KVM is guaranteed to set all SPTEs in the page table and thus
   write all bytes.

 - Bail early when trying to unsync 4KiB mappings if the target gfn can be
   mapped with a 2MiB hugepage, to avoid the gfn hash lookup.

----------------------------------------------------------------
Gal Pressman (1):
      KVM: x86/mmu: Fix UBSAN warning when reading nx_huge_pages parameter

Lai Jiangshan (1):
      KVM: x86/mmu: KVM: x86/mmu: Skip unsync when large pages are allowed

Sean Christopherson (1):
      KVM: x86/mmu: Don't zero-allocate page table used for splitting a hugepage

 arch/x86/kvm/mmu/mmu.c     | 14 ++++++++++++++
 arch/x86/kvm/mmu/tdp_mmu.c |  2 +-
 2 files changed, 15 insertions(+), 1 deletion(-)

[GIT PULL] KVM: x86: Nested SVM changes for 7.1

[Sean Christopherson]

A massive pile of nSVM changes, the majority of which are fixes of varying
urgency (though nothing so urgent as to warrant a mid-cycle pull request).

FWIW, there are a few more nSVM series lined up for 7.2 (gPAT, PMU host/guest
bits, and #NPF error code fixes), and I'm also hoping to see a series to
optimize TLB flushing sooner than later (but certainly not for 7.2).

As noted in the "svm" PULL request, the virt_ext => misc_ctl2 rename has a
minor conflict with the sev_es_guest() => is_sev_es_guest() overhaul.

There are several much-less-fun conflicts with kvm/master due to the RSM
fixes.  Here's what git shows for my merge commit (or just make it look like
kvm-x86/next and hope I didn't screw up? :-D).

diff --cc arch/x86/kvm/svm/nested.c
index b36c33255bed,b42d95fc8499..961804df5f45
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@@ -402,31 -448,6 +448,17 @@@ static bool nested_vmcb_check_save(stru
  	return true;
  }
  
- static bool nested_vmcb_check_save(struct kvm_vcpu *vcpu)
- {
- 	struct vcpu_svm *svm = to_svm(vcpu);
- 	struct vmcb_save_area_cached *save = &svm->nested.save;
- 
- 	return __nested_vmcb_check_save(vcpu, save);
- }
- 
- static bool nested_vmcb_check_controls(struct kvm_vcpu *vcpu)
- {
- 	struct vcpu_svm *svm = to_svm(vcpu);
- 	struct vmcb_ctrl_area_cached *ctl = &svm->nested.ctl;
- 
- 	return __nested_vmcb_check_controls(vcpu, ctl);
- }
- 
 +int nested_svm_check_cached_vmcb12(struct kvm_vcpu *vcpu)
 +{
- 	if (!nested_vmcb_check_save(vcpu) ||
- 	    !nested_vmcb_check_controls(vcpu))
++	struct vcpu_svm *svm = to_svm(vcpu);
++
++	if (!nested_vmcb_check_save(vcpu, &svm->nested.save) ||
++	    !nested_vmcb_check_controls(vcpu, &svm->nested.ctl))
 +		return -EINVAL;
 +
 +	return 0;
 +}
 +
  /*
   * If a feature is not advertised to L1, clear the corresponding vmcb12
   * intercept.
@@@ -992,6 -1047,35 +1058,34 @@@ int enter_svm_guest_mode(struct kvm_vcp
  	return 0;
  }
  
+ static int nested_svm_copy_vmcb12_to_cache(struct kvm_vcpu *vcpu, u64 vmcb12_gpa)
+ {
+ 	struct vcpu_svm *svm = to_svm(vcpu);
+ 	struct kvm_host_map map;
+ 	struct vmcb *vmcb12;
+ 	int r = 0;
+ 
+ 	if (kvm_vcpu_map(vcpu, gpa_to_gfn(vmcb12_gpa), &map))
+ 		return -EFAULT;
+ 
+ 	vmcb12 = map.hva;
+ 	nested_copy_vmcb_control_to_cache(svm, &vmcb12->control);
+ 	nested_copy_vmcb_save_to_cache(svm, &vmcb12->save);
+ 
 -	if (!nested_vmcb_check_save(vcpu, &svm->nested.save) ||
 -	    !nested_vmcb_check_controls(vcpu, &svm->nested.ctl)) {
++	if (nested_svm_check_cached_vmcb12(vcpu) < 0) {
+ 		vmcb12->control.exit_code = SVM_EXIT_ERR;
+ 		vmcb12->control.exit_info_1 = 0;
+ 		vmcb12->control.exit_info_2 = 0;
+ 		vmcb12->control.event_inj = 0;
+ 		vmcb12->control.event_inj_err = 0;
+ 		svm_set_gif(svm, false);
+ 		r = -EINVAL;
+ 	}
+ 
+ 	kvm_vcpu_unmap(vcpu, &map);
+ 	return r;
+ }
+ 
  int nested_svm_vmrun(struct kvm_vcpu *vcpu)
  {
  	struct vcpu_svm *svm = to_svm(vcpu);
diff --cc arch/x86/kvm/svm/svm.c
index d304568588c7,1e51cbb80e86..07ed964dacf5
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@@ -4880,16 -4999,12 +5000,15 @@@ static int svm_leave_smm(struct kvm_vcp
  	vmcb12 = map.hva;
  	nested_copy_vmcb_control_to_cache(svm, &vmcb12->control);
  	nested_copy_vmcb_save_to_cache(svm, &vmcb12->save);
 -	ret = enter_svm_guest_mode(vcpu, smram64->svm_guest_vmcb_gpa, false);
  
 -	if (ret)
 +	if (nested_svm_check_cached_vmcb12(vcpu) < 0)
  		goto unmap_save;
  
- 	if (enter_svm_guest_mode(vcpu, smram64->svm_guest_vmcb_gpa,
- 				 vmcb12, false) != 0)
++	if (enter_svm_guest_mode(vcpu, smram64->svm_guest_vmcb_gpa, false) != 0)
 +		goto unmap_save;
 +
 +	ret = 0;
- 	svm->nested.nested_run_pending = 1;
+ 	vcpu->arch.nested_run_pending = KVM_NESTED_RUN_PENDING;
  
  unmap_save:
  	kvm_vcpu_unmap(vcpu, &map_save);
diff --cc arch/x86/kvm/vmx/vmx.c
index d16427a079f6,d75f6b22d74c..d76a21c38506
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@@ -8528,15 -8528,11 +8528,15 @@@ int vmx_leave_smm(struct kvm_vcpu *vcpu
  	}
  
  	if (vmx->nested.smm.guest_mode) {
 +		/* Triple fault if the state is invalid.  */
 +		if (nested_vmx_check_restored_vmcs12(vcpu) < 0)
 +			return 1;
 +
  		ret = nested_vmx_enter_non_root_mode(vcpu, false);
 -		if (ret)
 -			return ret;
 +		if (ret != NVMX_VMENTRY_SUCCESS)
 +			return 1;
  
- 		vmx->nested.nested_run_pending = 1;
+ 		vcpu->arch.nested_run_pending = KVM_NESTED_RUN_PENDING;
  		vmx->nested.smm.guest_mode = false;
  	}
  	return 0;


The following changes since commit 11439c4635edd669ae435eec308f4ab8a0804808:

  Linux 7.0-rc2 (2026-03-01 15:39:31 -0800)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-nested-7.1

for you to fetch changes up to 052ca584bd7c51de0de96e684631570459d46cda:

  KVM: selftests: Drop 'invalid' from svm_nested_invalid_vmcb12_gpa's name (2026-04-03 16:08:05 -0700)

----------------------------------------------------------------
KVM nested SVM changes for 7.1 (with one common x86 fix)

 - To minimize the probability of corrupting guest state, defer KVM's
   non-architectural delivery of exception payloads (e.g. CR2 and DR6) until
   consumption of the payload is imminent, and force delivery of the payload
   in all paths where userspace saves relevant state.

 - Use vcpu->arch.cr2 when updating vmcb12's CR2 on nested #VMEXIT to fix a
   bug where L2's CR2 can get corrupted after a save/restore, e.g. if the VM
   is migrated while L2 is faulting in memory.

 - Fix a class of nSVM bugs where some fields written by the CPU are not
   synchronized from vmcb02 to cached vmcb12 after VMRUN, and so are not
   up-to-date when saved by KVM_GET_NESTED_STATE.

 - Fix a class of bugs where the ordering between KVM_SET_NESTED_STATE and
   KVM_SET_{S}REGS could cause vmcb02 to be incorrectly initialized after
   save+restore.

 - Add a variety of missing nSVM consistency checks.

 - Fix several bugs where KVM failed to correctly update VMCB fields on nested
   #VMEXIT.

 - Fix several bugs where KVM failed to correctly synthesize #UD or #GP for
   SVM-related instructions.

 - Add support for save+restore of virtualized LBRs (on SVM).

 - Refactor various helpers and macros to improve clarity and (hopefully) make
   the code easier to maintain.

 - Aggressively sanitize fields when copying from vmcb12 to guard against
   unintentionally allowing L1 to utilize yet-to-be-defined features.

 - Fix several bugs where KVM botched rAX legality checks when emulating SVM
   instructions.  Note, KVM is still flawed in that KVM doesn't address size
   prefix overrides for 64-bit guests; this should probably be documented as a
   KVM erratum.

 - Fail emulation of VMRUN/VMLOAD/VMSAVE if mapping vmcb12 fails instead of
   somewhat arbitrarily synthesizing #GP (i.e. don't bastardize AMD's already-
   sketchy behavior of generating #GP if for "unsupported" addresses).

 - Cache all used vmcb12 fields to further harden against TOCTOU bugs.

----------------------------------------------------------------
Jim Mattson (1):
      KVM: x86: SVM: Remove vmcb_is_dirty()

Kevin Cheng (4):
      KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0
      KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1
      KVM: SVM: Move STGI and CLGI intercept handling
      KVM: SVM: Recalc instructions intercepts when EFER.SVME is toggled

Sean Christopherson (12):
      KVM: x86: Defer non-architectural deliver of exception payload to userspace read
      KVM: nSVM: Delay setting soft IRQ RIP tracking fields until vCPU run
      KVM: SVM: Explicitly mark vmcb01 dirty after modifying VMCB intercepts
      KVM: nSVM: Always intercept VMMCALL when L2 is active
      KVM: SVM: Separate recalc_intercepts() into nested vs. non-nested parts
      KVM: nSVM: Directly (re)calc vmcb02 intercepts from nested_vmcb02_prepare_control()
      KVM: nSVM: Use intuitive local variables in nested_vmcb02_recalc_intercepts()
      KVM: nSVM: Move vmcb_ctrl_area_cached.bus_lock_rip to svm_nested_state
      KVM: nSVM: Capture svm->nested.ctl as vmcb12_ctrl when preparing vmcb02
      KVM: SVM: Rename vmcb->nested_ctl to vmcb->misc_ctl
      KVM: SVM: Add a helper to get LBR field pointer to dedup MSR accesses
      KVM: x86: Suppress WARNs on nested_run_pending after userspace exit

Yosry Ahmed (49):
      KVM: nSVM: Use vcpu->arch.cr2 when updating vmcb12 on nested #VMEXIT
      KVM: nSVM: Mark all of vmcb02 dirty when restoring nested state
      KVM: nSVM: Ensure AVIC is inhibited when restoring a vCPU to guest mode
      KVM: nSVM: Sync NextRIP to cached vmcb12 after VMRUN of L2
      KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2
      KVM: selftests: Extend state_test to check vGIF
      KVM: selftests: Extend state_test to check next_rip
      KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN
      KVM: nSVM: Delay stuffing L2's current RIP into NextRIP until vCPU run
      KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12
      KVM: SVM: Switch svm_copy_lbrs() to a macro
      KVM: SVM: Add missing save/restore handling of LBR MSRs
      KVM: selftests: Add a test for LBR save/restore (ft. nested)
      KVM: nSVM: Always inject a #GP if mapping VMCB12 fails on nested VMRUN
      KVM: nSVM: Refactor checking LBRV enablement in vmcb12 into a helper
      KVM: nSVM: Refactor writing vmcb12 on nested #VMEXIT as a helper
      KVM: nSVM: Triple fault if mapping VMCB12 fails on nested #VMEXIT
      KVM: nSVM: Triple fault if restore host CR3 fails on nested #VMEXIT
      KVM: nSVM: Clear GIF on nested #VMEXIT(INVALID)
      KVM: nSVM: Clear EVENTINJ fields in vmcb12 on nested #VMEXIT
      KVM: nSVM: Clear tracking of L1->L2 NMI and soft IRQ on nested #VMEXIT
      KVM: nSVM: Drop nested_vmcb_check_{save/control}() wrappers
      KVM: nSVM: Drop the non-architectural consistency check for NP_ENABLE
      KVM: nSVM: Add missing consistency check for nCR3 validity
      KVM: nSVM: Add missing consistency check for EFER, CR0, CR4, and CS
      KVM: nSVM: Add missing consistency check for EVENTINJ
      KVM: nSVM: WARN and abort vmcb02 intercepts recalc if vmcb02 isn't active
      KVM: nSVM: Use vmcb12_is_intercept() in nested_sync_control_from_vmcb02()
      KVM: SVM: Rename vmcb->virt_ext to vmcb->misc_ctl2
      KVM: nSVM: Cache all used fields from VMCB12
      KVM: nSVM: Restrict mapping vmcb12 on nested VMRUN
      KVM: nSVM: Use PAGE_MASK to drop lower bits of bitmap GPAs from vmcb12
      KVM: nSVM: Sanitize TLB_CONTROL field when copying from vmcb12
      KVM: nSVM: Sanitize INT/EVENTINJ fields when copying from vmcb12
      KVM: nSVM: Only copy SVM_MISC_ENABLE_NP from VMCB01's misc_ctl
      KVM: selftest: Add a selftest for VMRUN/#VMEXIT with unmappable vmcb12
      KVM: SVM: Triple fault L1 on unintercepted EFER.SVME clear by L2
      KVM: selftests: Add a test for L2 clearing EFER.SVME without intercept
      KVM: nSVM: Simplify error handling of nested_svm_copy_vmcb12_to_cache()
      KVM: x86: Move nested_run_pending to kvm_vcpu_arch
      KVM: SVM: Properly check RAX in the emulator for SVM instructions
      KVM: SVM: Refactor SVM instruction handling on #GP intercept
      KVM: SVM: Properly check RAX on #GP intercept of SVM instructions
      KVM: SVM: Move RAX legality check to SVM insn interception handlers
      KVM: SVM: Check EFER.SVME and CPL on #GP intercept of SVM instructions
      KVM: SVM: Treat mapping failures equally in VMLOAD/VMSAVE emulation
      KVM: nSVM: Fail emulation of VMRUN/VMLOAD/VMSAVE if mapping vmcb12 fails
      KVM: selftests: Rework svm_nested_invalid_vmcb12_gpa
      KVM: selftests: Drop 'invalid' from svm_nested_invalid_vmcb12_gpa's name

 arch/x86/include/asm/kvm_host.h                    |  15 +
 arch/x86/include/asm/svm.h                         |  20 +-
 arch/x86/kvm/emulate.c                             |   3 +-
 arch/x86/kvm/hyperv.h                              |   8 -
 arch/x86/kvm/kvm_emulate.h                         |   2 +
 arch/x86/kvm/svm/hyperv.h                          |   9 +-
 arch/x86/kvm/svm/nested.c                          | 613 ++++++++++++---------
 arch/x86/kvm/svm/sev.c                             |   6 +-
 arch/x86/kvm/svm/svm.c                             | 352 ++++++++----
 arch/x86/kvm/svm/svm.h                             |  81 ++-
 arch/x86/kvm/vmx/nested.c                          |  50 +-
 arch/x86/kvm/vmx/vmx.c                             |  16 +-
 arch/x86/kvm/vmx/vmx.h                             |   3 -
 arch/x86/kvm/x86.c                                 |  78 ++-
 arch/x86/kvm/x86.h                                 |  10 +
 tools/testing/selftests/kvm/Makefile.kvm           |   3 +
 .../testing/selftests/kvm/include/x86/processor.h  |   5 +
 tools/testing/selftests/kvm/include/x86/svm.h      |  14 +-
 tools/testing/selftests/kvm/lib/x86/svm.c          |   2 +-
 .../selftests/kvm/x86/nested_vmsave_vmload_test.c  |  16 +-
 tools/testing/selftests/kvm/x86/state_test.c       |  35 ++
 .../selftests/kvm/x86/svm_lbr_nested_state.c       | 145 +++++
 .../selftests/kvm/x86/svm_nested_clear_efer_svme.c |  55 ++
 .../selftests/kvm/x86/svm_nested_vmcb12_gpa.c      | 176 ++++++
 24 files changed, 1228 insertions(+), 489 deletions(-)
 create mode 100644 tools/testing/selftests/kvm/x86/svm_lbr_nested_state.c
 create mode 100644 tools/testing/selftests/kvm/x86/svm_nested_clear_efer_svme.c
 create mode 100644 tools/testing/selftests/kvm/x86/svm_nested_vmcb12_gpa.c

[GIT PULL] KVM: Selftests changes for 7.1

[Sean Christopherson]

Add Hygon support, fix a related bug in the MSR test, and add MADV_COLLAPSE
regression test for guest_memfd.

I'm also going to post patches and send a pull request to convert selftests to
kernel-style u{8,16,32,64} types after you merge all initial arch pulls.
Please yell at me if you don't see anything on that front by ~Wednesday.

The following changes since commit 11439c4635edd669ae435eec308f4ab8a0804808:

  Linux 7.0-rc2 (2026-03-01 15:39:31 -0800)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-selftests-7.1

for you to fetch changes up to 9830209b4ae8c8eecae7e6af271cebf1e1285142:

  KVM: selftests: Test MADV_COLLAPSE on guest_memfd (2026-03-04 14:57:27 -0800)

----------------------------------------------------------------
KVM selftests changes for 7.1

 - Add support for Hygon CPUs in KVM selftests.

 - Fix a bug in the MSR test where it would get false failures on AMD/Hygon
   CPUs with exactly one of RDPID or RDTSCP.

 - Add an MADV_COLLAPSE testcase for guest_memfd as a regression test for a
   bug where the kernel would attempt to collapse guest_memfd folios against
   KVM's will.

----------------------------------------------------------------
Ackerley Tng (2):
      KVM: selftests: Wrap madvise() to assert success
      KVM: selftests: Test MADV_COLLAPSE on guest_memfd

Sean Christopherson (1):
      KVM: selftests: Fix reserved value WRMSR testcase for multi-feature MSRs

Zhiquan Li (3):
      KVM: selftests: Add CPU vendor detection for Hygon
      KVM: selftests: Add a flag to identify AMD compatible test cases
      KVM: selftests: Allow the PMU event filter test for Hygon

 tools/testing/selftests/kvm/guest_memfd_test.c     | 70 +++++++++++++++++++++-
 tools/testing/selftests/kvm/include/kvm_syscalls.h |  1 +
 .../testing/selftests/kvm/include/x86/processor.h  |  7 +++
 tools/testing/selftests/kvm/lib/x86/processor.c    | 15 +++--
 .../testing/selftests/kvm/x86/fix_hypercall_test.c |  2 +-
 tools/testing/selftests/kvm/x86/msrs_test.c        |  4 +-
 .../selftests/kvm/x86/pmu_event_filter_test.c      |  3 +-
 tools/testing/selftests/kvm/x86/xapic_state_test.c |  2 +-
 8 files changed, 92 insertions(+), 12 deletions(-)

[GIT PULL] KVM: x86: SVM+SEV changes

[Sean Christopherson]

This is the full set of SVM+SEV changes.  The end goal of the SEV changes, after
fixing a few fatal bugs, is to add a lockdep assertion to ensure that kvm->lock
is held when checking if the VM is an SEV+ guest.  This is at least the second
fatal bug we've had due to SEV+ state being unwound on failure, and lack of
formal-ish rules makes it hard to reason about the safety of any related code,
e.g. when reviewing new code.

This has a superficial (I can't even figure out why git treats it as a conflict,
I think it's both deleting white space or something?) syntactic conflict with the
"vmxon" PULL request; just take this one.

There's a syntactic conflict with the "nested" PULL request (this is what I
see when merging the "nested" one first):

@@@ -870,8 -881,8 +886,8 @@@ void svm_enable_lbrv(struct kvm_vcpu *v
  
  static void __svm_disable_lbrv(struct kvm_vcpu *vcpu)
  {
-       KVM_BUG_ON(sev_es_guest(vcpu->kvm), vcpu->kvm);
+       KVM_BUG_ON(is_sev_es_guest(vcpu), vcpu->kvm);
 -      to_svm(vcpu)->vmcb->control.virt_ext &= ~LBR_CTL_ENABLE_MASK;
 +      to_svm(vcpu)->vmcb->control.misc_ctl2 &= ~SVM_MISC2_ENABLE_V_LBR;
  }

and a semantic conflict with kvm/master due to the CR8 interception fix:

diff --cc arch/x86/kvm/svm/avic.c
index 2885c5993ebc,7056c4891f93..adf211860949
--- a/arch/x86/kvm/svm/avic.c
+++ b/arch/x86/kvm/svm/avic.c
@@@ -226,9 -237,6 +237,9 @@@ static void avic_deactivate_vmcb(struc
        vmcb->control.int_ctl &= ~(AVIC_ENABLE_MASK | X2APIC_MODE_MASK);
        vmcb->control.avic_physical_id &= ~AVIC_PHYSICAL_MAX_INDEX_MASK;
  
-       if (!sev_es_guest(svm->vcpu.kvm))
++      if (!is_sev_es_guest(&svm->vcpu))
 +              svm_set_intercept(svm, INTERCEPT_CR8_WRITE);
 +
        /*
         * If running nested and the guest uses its own MSR bitmap, there
         * is no need to update L0's msr bitmap


The following changes since commit 11439c4635edd669ae435eec308f4ab8a0804808:

  Linux 7.0-rc2 (2026-03-01 15:39:31 -0800)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-svm-7.1

for you to fetch changes up to bc0932cf9b9917e826871db947398aa2b62789b2:

  KVM: SEV: Goto an existing error label if charging misc_cg for an ASID fails (2026-04-09 12:00:24 -0700)

----------------------------------------------------------------
KVM SVM changes for 7.1

 - Fix and optimize IRQ window inhibit handling for AVIC (the tracking needs to
   be per-vCPU, e.g. so that KVM doesn't prematurely re-enable AVIC if multiple
   vCPUs have to-be-injected IRQs).

 - Fix an undefined behavior warning where a crafty userspace can read the
   "avic" module param before it's fully initialized.

 - Fix a (likely benign) bug in the "OS-visible workarounds" handling, where
   KVM could clobber state when enabling virtualization on multiple CPUs in
   parallel, and clean up and optimize the code.

 - Drop a WARN in KVM_MEMORY_ENCRYPT_REG_REGION where KVM complains about a
   "too large" size based purely on user input, and clean up and harden the
   related pinning code.

 - Disallow synchronizing a VMSA of an already-launched/encrypted vCPU, as
   doing so for an SNP guest will trigger an RMP violation #PF and crash the
   host.

 - Protect all of sev_mem_enc_register_region() with kvm->lock to ensure
   sev_guest() is stable for the entire of the function.

 - Lock all vCPUs when synchronizing VMSAs for SNP guests to ensure the VMSA
   page isn't actively being used.

 - Overhaul KVM's APIs for detecting SEV+ guests so that VM-scoped queries are
   required to hold kvm->lock (KVM has had multiple bugs due "is SEV?" checks
   becoming stale), enforced by lockdep.  Add and use vCPU-scoped APIs when
   possible/appropriate, as all checks that originate from a vCPU are
   guaranteed to be stable.

 - Convert a pile of kvm->lock SEV code to guard().

----------------------------------------------------------------
Carlos López (5):
      KVM: SEV: use mutex guard in snp_launch_update()
      KVM: SEV: use mutex guard in sev_mem_enc_ioctl()
      KVM: SEV: use mutex guard in sev_mem_enc_unregister_region()
      KVM: SEV: use mutex guard in snp_handle_guest_req()
      KVM: SVM: Move lock-protected allocation of SEV ASID into a separate helper

Gal Pressman (1):
      KVM: SVM: Fix UBSAN warning when reading avic parameter

Li RongQing (1):
      KVM: SVM: Mark module parameters as __ro_after_init for security and performance

Sean Christopherson (30):
      KVM: SVM: Fix clearing IRQ window inhibit with nested guests
      KVM: SVM: Fix IRQ window inhibit handling across multiple vCPUs
      KVM: SVM: Optimize IRQ window inhibit handling
      KVM: Isolate apicv_update_lock and apicv_nr_irq_window_req in a cacheline
      KVM: SVM: Serialize updates to global OS-Visible Workarounds variables
      KVM: SVM: Skip OSVW MSR reads if KVM is treating all errata as present
      KVM: SVM: Extract OS-visible workarounds setup to helper function
      KVM: SVM: Skip OSVW variable updates if current CPU's errata are a subset
      KVM: SVM: Skip OSVW MSR reads if current CPU doesn't support the feature
      KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION
      KVM: SEV: Drop useless sanity checks in sev_mem_enc_register_region()
      KVM: SEV: Disallow pinning more pages than exist in the system
      KVM: SEV: Use PFN_DOWN() to simplify "number of pages" math when pinning memory
      KVM: SEV: Use kvzalloc_objs() when pinning userpages
      KVM: selftests: Remove duplicate LAUNCH_UPDATE_VMSA call in SEV-ES migrate test
      KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU
      KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock
      KVM: SEV: Disallow LAUNCH_FINISH if vCPUs are actively being created
      KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish
      KVM: SEV: Lock all vCPUs for the duration of SEV-ES VMSA synchronization
      KVM: SEV: Provide vCPU-scoped accessors for detecting SEV+ guests
      KVM: SEV: Add quad-underscore version of VM-scoped APIs to detect SEV+ guests
      KVM: SEV: Document the SEV-ES check when querying SMM support as "safe"
      KVM: SEV: Move standard VM-scoped helpers to detect SEV+ guests to sev.c
      KVM: SEV: Move SEV-specific VM initialization to sev.c
      KVM: SEV: WARN on unhandled VM type when initializing VM
      KVM: SEV: Hide "struct kvm_sev_info" behind CONFIG_KVM_AMD_SEV=y
      KVM: SEV: Document that checking for SEV+ guests when reclaiming memory is "safe"
      KVM: SEV: Assert that kvm->lock is held when querying SEV+ support
      KVM: SEV: Goto an existing error label if charging misc_cg for an ASID fails

 arch/x86/include/asm/kvm_host.h                    |  29 +-
 arch/x86/kvm/svm/avic.c                            |  17 +-
 arch/x86/kvm/svm/sev.c                             | 374 ++++++++++++---------
 arch/x86/kvm/svm/svm.c                             | 270 ++++++++-------
 arch/x86/kvm/svm/svm.h                             |  37 +-
 arch/x86/kvm/x86.c                                 |  45 ++-
 include/linux/kvm_host.h                           |   7 +
 .../testing/selftests/kvm/x86/sev_migrate_tests.c  |   2 -
 8 files changed, 487 insertions(+), 294 deletions(-)

[GIT PULL] KVM: x86: SVM changes for 7.1 (short version)

[Sean Christopherson]

This is (obviously) the partial version of the SVM changes.

The highlight is here is the AVIC IRQ window fixes and optimizations.  The OSVW
changes aren't motivated by anything beyond a "someone is wrong on the internet!"
type reaction.

The following changes since commit 11439c4635edd669ae435eec308f4ab8a0804808:

  Linux 7.0-rc2 (2026-03-01 15:39:31 -0800)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-svm-partial-7.1

for you to fetch changes up to a56444d5e7387effbc61d6b98fe5d68897017fc9:

  KVM: SVM: Skip OSVW MSR reads if current CPU doesn't support the feature (2026-03-03 12:23:26 -0800)

----------------------------------------------------------------
KVM SVM changes for 7.1 (short version)

 - Fix and optimize IRQ window inhibit handling for AVIC (the tracking needs to
   be per-vCPU, e.g. so that KVM doesn't prematurely re-enable AVIC if multiple
   vCPUs have to-be-injected IRQs).

 - Fix an undefined behavior warning where a crafty userspace can read the
   "avic" module param before it's fully initialized.

 - Fix a (likely benign) bug in the "OS-visible workarounds" handling, where
   KVM could clobber state when enabling virtualization on multiple CPUs in
   parallel, and clean up and optimize the code.

----------------------------------------------------------------
Gal Pressman (1):
      KVM: SVM: Fix UBSAN warning when reading avic parameter

Li RongQing (1):
      KVM: SVM: Mark module parameters as __ro_after_init for security and performance

Sean Christopherson (9):
      KVM: SVM: Fix clearing IRQ window inhibit with nested guests
      KVM: SVM: Fix IRQ window inhibit handling across multiple vCPUs
      KVM: SVM: Optimize IRQ window inhibit handling
      KVM: Isolate apicv_update_lock and apicv_nr_irq_window_req in a cacheline
      KVM: SVM: Serialize updates to global OS-Visible Workarounds variables
      KVM: SVM: Skip OSVW MSR reads if KVM is treating all errata as present
      KVM: SVM: Extract OS-visible workarounds setup to helper function
      KVM: SVM: Skip OSVW variable updates if current CPU's errata are a subset
      KVM: SVM: Skip OSVW MSR reads if current CPU doesn't support the feature

 arch/x86/include/asm/kvm_host.h |  29 ++++++-
 arch/x86/kvm/svm/avic.c         |  17 ++++-
 arch/x86/kvm/svm/sev.c          |   8 +-
 arch/x86/kvm/svm/svm.c          | 164 ++++++++++++++++++++++++----------------
 arch/x86/kvm/svm/svm.h          |   1 +
 arch/x86/kvm/x86.c              |  45 ++++++++++-
 6 files changed, 188 insertions(+), 76 deletions(-)

[GIT PULL] KVM: x86: VMX changes for 7.1

[Sean Christopherson]

Two perf tweaks for Uros and a minor cleanup.

The following changes since commit 11439c4635edd669ae435eec308f4ab8a0804808:

  Linux 7.0-rc2 (2026-03-01 15:39:31 -0800)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-vmx-7.1

for you to fetch changes up to 577da677aa7cbc13040e4951170d39ec7663ad8a:

  KVM: VMX: Remove unnecessary parentheses (2026-03-12 09:05:56 -0700)

----------------------------------------------------------------
KVM VMX changes for 7.1

 - Drop obsolete (largely ignored by hardwre) branch hint prefixes from the
   VMX instruction macros, as saving a byte of code per instruction provides
   more benefits than the (mostly) superfluous prefixes.

 - Use ASM_INPUT_RM() in __vmcs_writel() to coerce clang into using a register
   input when appropriate.

 - Drop unnecessary parentheses in cpu_has_load_cet_ctrl() so as not to suggest
   that "return (x & y);" is KVM's preferred style.

----------------------------------------------------------------
Uros Bizjak (2):
      KVM: VMX: Drop obsolete branch hint prefixes from inline asm
      KVM: VMX: Use ASM_INPUT_RM in __vmcs_writel

Xin Li (1):
      KVM: VMX: Remove unnecessary parentheses

 arch/x86/kvm/vmx/capabilities.h | 2 +-
 arch/x86/kvm/vmx/vmx_ops.h      | 5 +----
 2 files changed, 2 insertions(+), 5 deletions(-)

[GIT PULL] KVM: x86: VMXON and EFER.SVME extraction for 7.1

[Sean Christopherson]

Move VMXON and EFER.SVME handling out of KVM and into the core kernel so that
core TDX code can do SEAMCALLs without needing to ensure KVM is loaded.

As noted in the full "svm" PULL request, there's a superficial conflict with
the OSVW changes.

The following changes since commit 11439c4635edd669ae435eec308f4ab8a0804808:

  Linux 7.0-rc2 (2026-03-01 15:39:31 -0800)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-vmxon-7.1

for you to fetch changes up to e30aa03d032df0f3ee5efb1995a7a2fe662177be:

  x86/virt: Treat SVM as unsupported when running as an SEV+ guest (2026-04-09 12:21:53 -0700)

----------------------------------------------------------------
KVM x86 VMXON and EFER.SVME extraction for 7.1

Move _only_ VMXON+VMXOFF and EFER.SVME toggling out of KVM (versus all of VMX
and SVM enabling) out of KVM and into the core kernel so that non-KVM TDX
enabling, e.g. for trusted I/O, can make SEAMCALLs without needing to ensure
KVM is fully loaded.

TDX isn't a hypervisor, and isn't trying to be a hypervisor. Specifically, TDX
should _never_ have it's own VMCSes (that are visible to the host; the
TDX-Module has it's own VMCSes to do SEAMCALL/SEAMRET), and so there is simply
no reason to move that functionality out of KVM.

With that out of the way, dealing with VMXON/VMXOFF and EFER.SVME is a fairly
simple refcounting game.

----------------------------------------------------------------
Chao Gao (1):
      x86/virt/tdx: KVM: Consolidate TDX CPU hotplug handling

Sean Christopherson (16):
      KVM: x86: Move kvm_rebooting to x86
      KVM: VMX: Move architectural "vmcs" and "vmcs_hdr" structures to public vmx.h
      KVM: x86: Move "kvm_rebooting" to kernel as "virt_rebooting"
      KVM: VMX: Unconditionally allocate root VMCSes during boot CPU bringup
      x86/virt: Force-clear X86_FEATURE_VMX if configuring root VMCS fails
      KVM: VMX: Move core VMXON enablement to kernel
      KVM: SVM: Move core EFER.SVME enablement to kernel
      KVM: x86: Move bulk of emergency virtualizaton logic to virt subsystem
      x86/virt: Add refcounting of VMX/SVM usage to support multiple in-kernel users
      x86/virt/tdx: Drop the outdated requirement that TDX be enabled in IRQ context
      KVM: x86/tdx: Do VMXON and TDX-Module initialization during subsys init
      x86/virt/tdx: Tag a pile of functions as __init, and globals as __ro_after_init
      x86/virt/tdx: Use ida_is_empty() to detect if any TDs may be running
      KVM: Bury kvm_{en,dis}able_virtualization() in kvm_main.c once more
      KVM: TDX: Fold tdx_bringup() into tdx_hardware_setup()
      x86/virt: Treat SVM as unsupported when running as an SEV+ guest

 Documentation/arch/x86/tdx.rst              |  36 +--
 arch/x86/events/intel/pt.c                  |   1 -
 arch/x86/include/asm/kvm_host.h             |   3 +-
 arch/x86/include/asm/reboot.h               |  11 -
 arch/x86/include/asm/tdx.h                  |   4 -
 arch/x86/include/asm/virt.h                 |  26 ++
 arch/x86/include/asm/vmx.h                  |  11 +
 arch/x86/kernel/cpu/common.c                |   2 +
 arch/x86/kernel/crash.c                     |   3 +-
 arch/x86/kernel/reboot.c                    |  63 +----
 arch/x86/kernel/smp.c                       |   5 +-
 arch/x86/kvm/svm/svm.c                      |  35 +--
 arch/x86/kvm/svm/vmenter.S                  |  10 +-
 arch/x86/kvm/vmx/main.c                     |  19 +-
 arch/x86/kvm/vmx/tdx.c                      | 210 ++--------------
 arch/x86/kvm/vmx/tdx.h                      |   8 +-
 arch/x86/kvm/vmx/vmcs.h                     |  11 -
 arch/x86/kvm/vmx/vmenter.S                  |   2 +-
 arch/x86/kvm/vmx/vmx.c                      | 138 +----------
 arch/x86/kvm/x86.c                          |  29 ++-
 arch/x86/virt/Makefile                      |   2 +
 arch/x86/virt/hw.c                          | 360 ++++++++++++++++++++++++++++
 arch/x86/virt/vmx/tdx/tdx.c                 | 326 ++++++++++++++-----------
 arch/x86/virt/vmx/tdx/tdx.h                 |   8 -
 arch/x86/virt/vmx/tdx/tdx_global_metadata.c |  10 +-
 include/linux/kvm_host.h                    |  16 +-
 virt/kvm/kvm_main.c                         |  31 ++-
 27 files changed, 720 insertions(+), 660 deletions(-)
 create mode 100644 arch/x86/include/asm/virt.h
 create mode 100644 arch/x86/virt/hw.c

Re: [GIT PULL] KVM: x86: VMXON and EFER.SVME extraction for 7.1

[Sean Christopherson]

On Fri, Apr 10, 2026, Sean Christopherson wrote:
> Move VMXON and EFER.SVME handling out of KVM and into the core kernel so that
> core TDX code can do SEAMCALLs without needing to ensure KVM is loaded.
> 
> As noted in the full "svm" PULL request, there's a superficial conflict with
> the OSVW changes.

And I almost forgot, there's a lurking conflict with the tip tree due to these
changes tagging a pile of TDX functions with __init.  The only notable thing
with the resolution is that get_tdx_sys_info_version() needs to be tagged as
__init as well.

https://lore.kernel.org/all/aagjzN07Pv1fnSHq@sirena.org.uk