From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 568FA3B6BE6 for ; Sun, 3 May 2026 12:29:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777811367; cv=none; b=AT+SXR1AaGfYBIauSbOOnMKLe4LMA1Ea6sIN2DoL4pM6Z+XQ/oXtcGGk1wxR8MfOS1RV41L85DuwcQ4a44wMurcO/KKNA3vy2U+uM9u7nzazRB0YGkcpSUd4BET4c1Pk0s2ltm1Kcr9pbk7qtRFodrJq3KAmR9zIXLwlBoAlksg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777811367; c=relaxed/simple; bh=VvHj7IPHg3RYoAmfkvQnZqnL7o+mkriofWTpAzQ6vAQ=; h=Subject:To:Cc:From:Date:Message-ID:MIME-Version:Content-Type; b=lohWhUUmT/zp1BTytx5RdT8ntOsX3bsgaHL/4SMesZsFV/tJoCFfBtJniEnbHrGzJS5qAnLoy2ksAZ4HhQPm+B8ZbXBSMjtI77Zw2CYrqNolwIdJqfk3YtJC3SFVNt+EeP855uL13i2rPlQYPNcFzng8jxOn9pMformkNTDcSb0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=R3dV3xFl; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="R3dV3xFl" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9DB84C2BCB4; Sun, 3 May 2026 12:29:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1777811367; bh=VvHj7IPHg3RYoAmfkvQnZqnL7o+mkriofWTpAzQ6vAQ=; h=Subject:To:Cc:From:Date:From; b=R3dV3xFlk4iGA9mZ1eiofbZj7zC+oXLIuncaBtIOTLTUmBvCNFgBZX/ZvS/vkFrZ+ iYaAv7Dm6qjTLP6j21txbYExgsj3zQ4c0wYabBfJ2rHgo9zJyMV0I2UnGh7yTIZ1Di cIUSGoefDsJVSfY9314sLo4KJKDfuChnEyTAoe6g= Subject: FAILED: patch "[PATCH] KVM: nSVM: Drop the non-architectural consistency check for" failed to apply to 6.1-stable tree To: yosry@kernel.org,seanjc@google.com Cc: From: Date: Sun, 03 May 2026 14:29:24 +0200 Message-ID: <2026050324-undertake-willfully-b40d@gregkh> Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to . To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x e0b6f031d64c086edd563e7af9c0c0a2261dd2a4 # git commit -s git send-email --to '' --in-reply-to '2026050324-undertake-willfully-b40d@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From e0b6f031d64c086edd563e7af9c0c0a2261dd2a4 Mon Sep 17 00:00:00 2001 From: Yosry Ahmed Date: Tue, 3 Mar 2026 00:34:08 +0000 Subject: [PATCH] KVM: nSVM: Drop the non-architectural consistency check for NP_ENABLE KVM currenty fails a nested VMRUN and injects VMEXIT_INVALID (aka SVM_EXIT_ERR) if L1 sets NP_ENABLE and the host does not support NPTs. On first glance, it seems like the check should actually be for guest_cpu_cap_has(X86_FEATURE_NPT) instead, as it is possible for the host to support NPTs but the guest CPUID to not advertise it. However, the consistency check is not architectural to begin with. The APM does not mention VMEXIT_INVALID if NP_ENABLE is set on a processor that does not have X86_FEATURE_NPT. Hence, NP_ENABLE should be ignored if X86_FEATURE_NPT is not available for L1, so sanitize it when copying from the VMCB12 to KVM's cache. Apart from the consistency check, NP_ENABLE in VMCB12 is currently ignored because the bit is actually copied from VMCB01 to VMCB02, not from VMCB12. Fixes: 4b16184c1cca ("KVM: SVM: Initialize Nested Nested MMU context on VMRUN") Cc: stable@vger.kernel.org Signed-off-by: Yosry Ahmed Link: https://patch.msgid.link/20260303003421.2185681-15-yosry@kernel.org Signed-off-by: Sean Christopherson diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 0d447d044101..2ed6530e7bd1 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -348,9 +348,6 @@ static bool nested_vmcb_check_controls(struct kvm_vcpu *vcpu, if (CC(control->asid == 0)) return false; - if (CC((control->nested_ctl & SVM_NESTED_CTL_NP_ENABLE) && !npt_enabled)) - return false; - if (CC(!nested_svm_check_bitmap_pa(vcpu, control->msrpm_base_pa, MSRPM_SIZE))) return false; @@ -431,6 +428,11 @@ void __nested_copy_vmcb_control_to_cache(struct kvm_vcpu *vcpu, nested_svm_sanitize_intercept(vcpu, to, SKINIT); nested_svm_sanitize_intercept(vcpu, to, RDPRU); + /* Always clear SVM_NESTED_CTL_NP_ENABLE if the guest cannot use NPTs */ + to->nested_ctl = from->nested_ctl; + if (!guest_cpu_cap_has(vcpu, X86_FEATURE_NPT)) + to->nested_ctl &= ~SVM_NESTED_CTL_NP_ENABLE; + to->iopm_base_pa = from->iopm_base_pa; to->msrpm_base_pa = from->msrpm_base_pa; to->tsc_offset = from->tsc_offset; @@ -444,7 +446,6 @@ void __nested_copy_vmcb_control_to_cache(struct kvm_vcpu *vcpu, to->exit_info_2 = from->exit_info_2; to->exit_int_info = from->exit_int_info; to->exit_int_info_err = from->exit_int_info_err; - to->nested_ctl = from->nested_ctl; to->event_inj = from->event_inj; to->event_inj_err = from->event_inj_err; to->next_rip = from->next_rip;