Re: [RFC PATCH v2 00/24] KVM: combined patchset for MBEC/GMET support

[Paolo Bonzini]

On Mon, Mar 30, 2026 at 8:59 PM Jon Kohler <jon@xxxxxxxxxxx> wrote:
> > Great, thanks! FWIW I found a small hole (just by code inspection);
> > translate_nested_gpa is always setting PFERR_USER_MASK and therefore
> > always using XU (and always allowing execution for GMET). The fix is
> > not hard, basically translate_nested_gpa needs to become an entry in
> > the nested_ops and the callers need a little bit of adjustment to pass
> > more info down. Then the vendor code can do respectively:
>
> Ok cool, will look forward to that!

And a few more from Sashiko...

1) do not clear blindly ACC_USER_EXEC_MASK for NX huge pages in
make_spte(), because NX huge page mitigation can actually run on AMD
machines as well.

2) add a comment about fast_page_fault happening only with XS==XU, at
least for now

3) include the XU bit in __is_bad_mt_xwr(), evaluating bad_mt_xwr for
(XS|XU, W, R)

4) only enable nested MBEC if enable_mbec==true, likewise only set
X86_FEATURE_GMET in svm_set_cpu_caps if gmet_enabled==true

5) check CPL != 3 instead of CPL == 0 to recover PFERR_USER_MASK for GMET

6) change shadow_acc_track_mask in "KVM: VMX: enable use of MBEC", not
"KVM: x86/mmu: split XS/XU bits for EPT" (for consistency with
shadow_xu_mask).

7) clear SVM_NESTED_CTL_GMET_ENABLE in
__nested_copy_vmcb_control_to_cache, not __nested_vmcb_check_controls
(i.e. sanitize the destination of the copy)

Overall a pretty solid analysis from our new overlord. Roughly 50%
false positives, but I accept that given the high quality of the other
50%. Also, a couple false positives are worth adding comments about;
it may not shut up the AI (#1 was explicitly called out as "cannot
happen" by an incorrect comment that I added...) but it can be useful
for humans anyway.

That said, it uses a damn *lot* of tokens to do this kind of analysis.

Paolo