Re: [PATCH] KVM: x86: Ignore cpuid faulting in SMM
From: Sean Christopherson
Date: Mon Mar 02 2026 - 17:46:31 EST
On Tue, Feb 10, 2026, Jim Mattson wrote:
> The Intel Virtualization Technology FlexMigration Application Note says,
> "When CPUID faulting is enabled, all executions of the CPUID instruction
> outside system-management mode (SMM) cause a general-protection exception
> (#GP(0)) if the current privilege level (CPL) is greater than 0."
>
> Always allow the execution of CPUID in SMM.
>
> Fixes: db2336a80489 ("KVM: x86: virtualize cpuid faulting")
I feel like we need a Technically-fixes-but-really-just-a-bad-spec tag for things
like this. MISC_ENABLES and MSR_K7_HWCR in particular are a bizarre game of
"Hold my beer!".
> Signed-off-by: Jim Mattson <jmattson@xxxxxxxxxx>
> ---
> arch/x86/kvm/cpuid.c | 3 ++-
> arch/x86/kvm/emulate.c | 6 +++---
> 2 files changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
> index 7fe4e58a6ebf..863ce81023e9 100644
> --- a/arch/x86/kvm/cpuid.c
> +++ b/arch/x86/kvm/cpuid.c
> @@ -2157,7 +2157,8 @@ int kvm_emulate_cpuid(struct kvm_vcpu *vcpu)
> {
> u32 eax, ebx, ecx, edx;
>
> - if (cpuid_fault_enabled(vcpu) && !kvm_require_cpl(vcpu, 0))
> + if (!is_smm(vcpu) && cpuid_fault_enabled(vcpu) &&
> + !kvm_require_cpl(vcpu, 0))
> return 1;
>
> eax = kvm_rax_read(vcpu);
> diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
> index c8e292e9a24d..4b7289a82bf8 100644
> --- a/arch/x86/kvm/emulate.c
> +++ b/arch/x86/kvm/emulate.c
> @@ -3583,10 +3583,10 @@ static int em_cpuid(struct x86_emulate_ctxt *ctxt)
> u64 msr = 0;
>
> ctxt->ops->get_msr(ctxt, MSR_MISC_FEATURES_ENABLES, &msr);
> - if (msr & MSR_MISC_FEATURES_ENABLES_CPUID_FAULT &&
> - ctxt->ops->cpl(ctxt)) {
> + if (!ctxt->ops->is_smm(ctxt) &&
> + (msr & MSR_MISC_FEATURES_ENABLES_CPUID_FAULT &&
> + ctxt->ops->cpl(ctxt)))
I assume you intended the parentheses to wrap the bitwise-AND. I'll fixup to
this when applying.
if (!ctxt->ops->is_smm(ctxt) &&
(msr & MSR_MISC_FEATURES_ENABLES_CPUID_FAULT) &&
ctxt->ops->cpl(ctxt))