git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Jon Kohler <jon@nutanix.com>
	Wed, 8 Apr 2026 15:41:51 +0000 (11:41 -0400)
committer	Paolo Bonzini <pbonzini@redhat.com>
	Thu, 30 Apr 2026 15:59:54 +0000 (11:59 -0400)
commit	91a4e313cbc284c8c75bd80c44617a4cfcf19e2d
tree	bcd7c6bb4b1f79b790342c5d56b13d8192d4b2a4	tree \| snapshot
parent	6b802031877a995456c528095c41d1948546bf45	commit \| diff

KVM: TDX/VMX: rework EPT_VIOLATION_EXEC_FOR_RING3_LIN into PROT_MASK

EPT exit qualification bit 6 is used when mode-based execute control
is enabled, and reflects user executable addresses. Rework name to
reflect the intention and add to EPT_VIOLATION_PROT_MASK, which allows
simplifying the return evaluation in
tdx_is_sept_violation_unexpected_pending a pinch.

Rework handling in __vmx_handle_ept_violation to unconditionally clear
EPT_VIOLATION_PROT_USER_EXEC until MBEC is implemented, as suggested by
Sean [1].

Note: Intel SDM Table 29-7 defines bit 6 as:
  If the "mode-based execute control" VM-execution control is 0, the
  value of this bit is undefined. If that control is 1, this bit is the
  logical-AND of bit 10 in the EPT paging-structure entries used to
  translate the guest-physical address of the access causing the EPT
  violation. In this case, it indicates whether the guest-physical
  address was executable for user-mode linear addresses.

[1] https://lore.kernel.org/all/aCJDzU1p_SFNRIJd@google.com/

Suggested-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Jon Kohler <jon@nutanix.com>
Message-ID: <20251223054806.1611168-2-jon@nutanix.com>
Tested-by: David Riley <d.riley@proxmox.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

arch/x86/include/asm/vmx.h		diff \| blob \| blame \| history
arch/x86/kvm/vmx/common.h		diff \| blob \| blame \| history
arch/x86/kvm/vmx/tdx.c		diff \| blob \| blame \| history