git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Yosry Ahmed <yosry@kernel.org>
	Tue, 3 Mar 2026 00:34:08 +0000 (00:34 +0000)
committer	Sean Christopherson <seanjc@google.com>
	Thu, 5 Mar 2026 00:08:52 +0000 (16:08 -0800)
commit	e0b6f031d64c086edd563e7af9c0c0a2261dd2a4
tree	1ac6b8abf82d385e597a72b556d61da36d6c9439	tree \| snapshot
parent	b786e34cde42922dace620e6f56f0858edae2311	commit \| diff

KVM: nSVM: Drop the non-architectural consistency check for NP_ENABLE

KVM currenty fails a nested VMRUN and injects VMEXIT_INVALID (aka
SVM_EXIT_ERR) if L1 sets NP_ENABLE and the host does not support NPTs.
On first glance, it seems like the check should actually be for
guest_cpu_cap_has(X86_FEATURE_NPT) instead, as it is possible for the
host to support NPTs but the guest CPUID to not advertise it.

However, the consistency check is not architectural to begin with. The
APM does not mention VMEXIT_INVALID if NP_ENABLE is set on a processor
that does not have X86_FEATURE_NPT. Hence, NP_ENABLE should be ignored
if X86_FEATURE_NPT is not available for L1, so sanitize it when copying
from the VMCB12 to KVM's cache.

Apart from the consistency check, NP_ENABLE in VMCB12 is currently
ignored because the bit is actually copied from VMCB01 to VMCB02, not
from VMCB12.

Fixes: 4b16184c1cca ("KVM: SVM: Initialize Nested Nested MMU context on VMRUN")
Cc: stable@vger.kernel.org
Signed-off-by: Yosry Ahmed <yosry@kernel.org>
Link: https://patch.msgid.link/20260303003421.2185681-15-yosry@kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>