Re: [PATCH v3 07/16] KVM: SVM: Move core EFER.SVME enablement to kernel
From: Sean Christopherson
Date: Thu Feb 26 2026 - 18:43:31 EST
On Thu, Feb 26, 2026, Chao Gao wrote:
> >-static inline void kvm_cpu_svm_disable(void)
> >-{
> >- uint64_t efer;
> >-
> >- wrmsrq(MSR_VM_HSAVE_PA, 0);
> >- rdmsrq(MSR_EFER, efer);
> >- if (efer & EFER_SVME) {
> >- /*
> >- * Force GIF=1 prior to disabling SVM, e.g. to ensure INIT and
> >- * NMI aren't blocked.
> >- */
> >- stgi();
> >- wrmsrq(MSR_EFER, efer & ~EFER_SVME);
> >- }
> >-}
> >-
> > static void svm_emergency_disable_virtualization_cpu(void)
> > {
> >- virt_rebooting = true;
> >-
> >- kvm_cpu_svm_disable();
> >+ wrmsrq(MSR_VM_HSAVE_PA, 0);
> > }
> >
> > static void svm_disable_virtualization_cpu(void)
> >@@ -507,7 +489,7 @@ static void svm_disable_virtualization_cpu(void)
> > if (tsc_scaling)
> > __svm_write_tsc_multiplier(SVM_TSC_RATIO_DEFAULT);
> >
> >- kvm_cpu_svm_disable();
> >+ x86_svm_disable_virtualization_cpu();
>
> There's a functional change here. The new x86_svm_disable_virtualization_cpu()
> doesn't reset MSR_VM_HSAVE_PA, but the old kvm_cpu_svm_disable() does.
Doh. I'll squash this as fixup, assuming there are no other goofs:
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 5f033bf3ba83..fc08450cb4b7 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -490,6 +490,7 @@ static void svm_disable_virtualization_cpu(void)
__svm_write_tsc_multiplier(SVM_TSC_RATIO_DEFAULT);
x86_svm_disable_virtualization_cpu();
+ wrmsrq(MSR_VM_HSAVE_PA, 0);
amd_pmu_disable_virt();
}
Very nice catch!
P.S. This reminded me that there's a lurking wart with __sev_snp_init_locked()
where it forces MSR_VM_HSAVE_PA to '0' on all CPUs. That's firmly a "hypervisor"
thing so it doesn't really fit here (and code wise it's also kludgy), just thought
I'd mention it in case someone has a brilliant idea and/or runs into problems with
it. IIRC, we ran into a problem where __sev_snp_init_locked() clobbered KVM's
value, but I think the underlying problem was effectively fixed by commit
6f1d5a3513c2 ("KVM: SVM: Add support to initialize SEV/SNP functionality in KVM").