Re: [PATCH v5 1/2] KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1

Next message: Bo Gan: "Re: [PATCH net-next v3 1/3] dt-bindings: ethernet: eswin: add clock sampling control"
Previous message: Yosry Ahmed: "Re: [PATCH v5 2/2] KVM: nSVM: Always intercept VMMCALL when L2 is active"
In reply to: Sean Christopherson: "[PATCH v5 1/2] KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1"
Next in thread: Vitaly Kuznetsov: "Re: [PATCH v5 1/2] KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Yosry Ahmed

Date: Tue Mar 03 2026 - 20:18:22 EST

On Tue, Mar 03, 2026 at 04:22:22PM -0800, Sean Christopherson wrote:
> From: Kevin Cheng <chengkev@xxxxxxxxxx>
>
> Explicitly synthesize a #UD for VMMCALL if L2 is active, L1 does NOT want
> to intercept VMMCALL, nested_svm_l2_tlb_flush_enabled() is true, and the
> hypercall is something other than one of the supported Hyper-V hypercalls.
> When all of the above conditions are met, KVM will intercept VMMCALL but
> never forward it to L1, i.e. will let L2 make hypercalls as if it were L1.
>
> The TLFS says a whole lot of nothing about this scenario, so go with the
> architectural behavior, which says that VMMCALL #UDs if it's not
> intercepted.
>
> Opportunistically do a 2-for-1 stub trade by stub-ifying the new API
> instead of the helpers it uses. The last remaining "single" stub will
> soon be dropped as well.
>
> Suggested-by: Sean Christopherson <seanjc@xxxxxxxxxx>
> Fixes: 3f4a812edf5c ("KVM: nSVM: hyper-v: Enable L2 TLB flush")
> Cc: Vitaly Kuznetsov <vkuznets@xxxxxxxxxx>
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Kevin Cheng <chengkev@xxxxxxxxxx>
> Link: https://patch.msgid.link/20260228033328.2285047-5-chengkev@xxxxxxxxxx
> [sean: rewrite changelog and comment, tag for stable, remove defunct stubs]
> Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>

Reviewed-by: Yosry Ahmed <yosry@xxxxxxxxxx>