Re: [RFC PATCH v2 00/24] KVM: combined patchset for MBEC/GMET support

[Paolo Bonzini]

On Mon, Mar 30, 2026 at 4:28 AM Jon Kohler <jon@xxxxxxxxxxx> wrote:
> For this RFCv2 series:
> Tested-By: Jon Kohler <jon@xxxxxxxxxxx>

Great, thanks! FWIW I found a small hole (just by code inspection);
translate_nested_gpa is always setting PFERR_USER_MASK and therefore
always using XU (and always allowing execution for GMET). The fix is
not hard, basically translate_nested_gpa needs to become an entry in
the nested_ops and the callers need a little bit of adjustment to pass
more info down. Then the vendor code can do respectively:

    /*
     * MBEC differentiates based on the effective U/S bit of
     * the guest page tables; not the processor CPL.
     */
    access &= ~PFERR_USER_MASK;
    if ((pte_access & ACC_USER_MASK)
        && (access & PFERR_GUEST_FINAL_MASK))
        access |= PFERR_USER_MASK;

and

    /* Non-GMET walks are always user-walks */
    if (!(svm->nested.ctl.nested_ctl & SVM_NESTED_CTL_GMET_ENABLE))
        access |= PFERR_USER_MASK;

I'll post this after the series gets more review altogether.

> On the ecosystem enablement side, qemu has both mbec [1] and gmet [2];
> however, they are not exposed via any model definitions (yet), so users
> would need to manually enable them in the short term. I'll work up
> a patch to expose these via model definitions and propose that to the
> list this week.
>
> [1] https://github.com/qemu/qemu/commit/bfff4b2ae5452463ab8c14b4a8a020288b5ff5d8
> [2] https://github.com/qemu/qemu/commit/746a823a17f25393cc8c0cd1257f6dcef757bc09

Sounds good!

Paolo