Re: [PATCH 0/7] KVM: x86: APX reg prep work

Next message: Sean Christopherson: "Re: [PATCH v2 2/6] KVM: nSVM: Simplify error handling of nested_svm_copy_vmcb12_to_cache()"
Previous message: Sohil Mehta: "Re: [PATCH v2 1/2] x86/cpu: Disable CR pinning during CPU bringup"
In reply to: Sean Christopherson: "Re: [PATCH 0/7] KVM: x86: APX reg prep work"
Next in thread: Sean Christopherson: "Re: [PATCH 0/7] KVM: x86: APX reg prep work"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Andrew Cooper

Date: Thu Mar 12 2026 - 14:11:43 EST

> Have you measured performance/latency overhead if KVM goes straight to context
> switching R16-R31 at entry/exit? With PUSH2/POP2, it's "only" 8 more instructions
> on each side.
>
> If the overhead is in the noise, I'd be very strongly inclined to say KVM should
> swap at entry/exit regardless of kernel behavior so that we don't have to special
> case accesses on the back end.

I tried raising this point at plumbers but I don't think it came through
well.

You can't unconditionally use PUSH2/POP2 in the VMExit, because at that
point in time it's the guest's XCR0 in context. If the guest has APX
disabled, PUSH2 in the VMExit path will #UD.

You either need two VMExit handlers, one APX and one non-APX and choose
based on the guest XCR0 value, or you need a branch prior to regaining
speculative safety, or you need to save/restore XCR0 as the first
action. It's horrible any way you look at it.

I've asked both Intel and AMD for changes to VT-x/SVM to have a proper
host/guest split of XCR0 which hardware manages on entry/exit. It's the
only viable option in my opinion, but it's still an unknown period of
time away and not going to exist in the first APX-capable hardware.

~Andrew