Re: [PATCH 00/10] KVM: x86: nSVM: Improve PAT virtualization

Next message: Marcos Paulo de Souza: "Re: [PATCH 00/19] printk cleanup - part 3"
Previous message: Gideon Adjei: "Re: [PATCH v3] staging: fbtft: Change udelay() to fsleep()"
In reply to: Jim Mattson: "[PATCH 10/10] KVM: selftests: nSVM: Add svm_nested_pat test"
Next in thread: Sean Christopherson: "Re: [PATCH 00/10] KVM: x86: nSVM: Improve PAT virtualization"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jim Mattson

Date: Tue Jan 13 2026 - 19:32:04 EST

On Mon, Jan 12, 2026 at 4:30 PM Jim Mattson <jmattson@xxxxxxxxxx> wrote:
>
> KVM's implementation of nested SVM treats PAT the same way whether or
> not nested NPT is enabled: L1 and L2 share a PAT.
>
> This is correct when nested NPT is disabled, but incorrect when nested
> NPT is enabled. When nested NPT is enabled, L1 and L2 have independent
> PATs.

Yosry points out that this series does not correctly handle saving a
checkpoint on a new kernel and restoring it on an old kernel. In that
scenario, KVM_SET_MSRS will restore the L2 PAT, and the old kernel
will not restore L1's PAT on emulated #VMEXIT.

I have also discovered that not all userspace VMMs restore MSRs before
nested state.

Ironically, I think the way to correctly deal with compatibility in
both directions is to go back to the architected separation of hPAT
and gPAT. Accesses to IA32_PAT from userspace will always have to
reference hPAT to properly restore a new checkpoint on an old kernel.

Cooking up v2...