Re: [PATCH V3 2/5] KVM: SVM: Inject #UD for STGI if EFER.SVME=0 and SVM Lock and DEV are not available

Next message: Bjorn Helgaas: "Re: [PATCH v3] PCI/AER: Only clear error bits in PCIe Device Status register"
Previous message: Sean Christopherson: "Re: [PATCH V3 2/5] KVM: SVM: Inject #UD for STGI if EFER.SVME=0 and SVM Lock and DEV are not available"
In reply to: Sean Christopherson: "Re: [PATCH V3 2/5] KVM: SVM: Inject #UD for STGI if EFER.SVME=0 and SVM Lock and DEV are not available"
Next in thread: Kevin Cheng: "Re: [PATCH V3 2/5] KVM: SVM: Inject #UD for STGI if EFER.SVME=0 and SVM Lock and DEV are not available"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Sean Christopherson

Date: Thu Feb 12 2026 - 16:18:38 EST

On Thu, Feb 12, 2026, Sean Christopherson wrote:
> On Thu, Jan 22, 2026, Kevin Cheng wrote:
> > The AMD APM states that STGI causes a #UD if SVM is not enabled and
> > neither SVM Lock nor the device exclusion vector (DEV) are supported.
> > Support for DEV is part of the SKINIT architecture. Fix the STGI exit
> > handler by injecting #UD when these conditions are met.
>
> This is entirely pointless. SVML and SKINIT can never bet set in guest caps.
> There are many things that are documented in the SDM/APM that don't have "correct"
> handling in KVM, because they're completely unsupported.
>
> _If_ this is causing someone enough heartburn to want to "fix", just add a comment
> in nested_svm_check_permissions() stating that KVM doesn't support SVML or SKINIT.

Case in point, patch 4 is flawed because it forces interception of STGI if
EFER.SVME=0. I.e. by trying to handle the impossible, you're introducing new
and novel ways for KVM to do things "wrong".