From: Paolo Bonzini <pbonzini@redhat.com>
Date: Sat, 30 May 2026 16:55:44 +0000 (-0400)
Subject: KVM: x86: check that kvm_handle_invpcid is only invoked with shadow paging
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=af7b2ff7d46b4a2a58081c8072055e951c52774f;p=thirdparty%2Fkernel%2Flinux.git

KVM: x86: check that kvm_handle_invpcid is only invoked with shadow paging

This is true for both Intel and AMD.  On Intel, "enable INVPCID" is
set unconditionally if supported, but the vmexit is triggered by the
"INVLPG exiting" control which is disabled by enable_ept.  On AMD, KVM
can intercept INVPCID if NPT is enabled but only in order to inject #UD
in the guest.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <20260530165545.25599-5-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index a5e09bf431ce..e369e291f7a4 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -14289,6 +14289,9 @@ int kvm_handle_invpcid(struct kvm_vcpu *vcpu, unsigned long type, gva_t gva)
 		return 1;
 	}
 
+	if (WARN_ON_ONCE(tdp_enabled))
+		return 0;
+
 	pcid_enabled = kvm_is_cr4_bit_set(vcpu, X86_CR4_PCIDE);
 
 	switch (type) {