Re: [PATCH] x86/entry: Zap the #VC entry user and kernel macros

[Nikunj A. Dadhania]

On 4/20/2026 10:13 PM, Borislav Petkov wrote:
> From: "Borislav Petkov (AMD)" <bp@xxxxxxxxx>
> 
> Drop the separate kernel and user macros in favor of calling a single #VC
> C handler which multiplexes between the kernel and user #VC entry points
> by looking at CS's RPL.
> 
> Zap unused DEFINE_IDTENTRY_VC while at it.
> 
> There should be no functionality change resulting from this - just code
> simplification.
> 
> Signed-off-by: Borislav Petkov (AMD) <bp@xxxxxxxxx>

Boot tested with and without FRED on various guest combination (SVM, SEV, ES and SNP)

Tested-by: Nikunj A. Dadhania <nikunj@xxxxxxx>
Reviewed-by: Nikunj A. Dadhania <nikunj@xxxxxxx>

> ---
>  arch/x86/coco/sev/internal.h    |  3 +++
>  arch/x86/coco/sev/vc-handle.c   | 12 ++++++++++--
>  arch/x86/entry/entry_64.S       |  4 ++--
>  arch/x86/entry/entry_fred.c     | 10 ----------
>  arch/x86/include/asm/idtentry.h | 29 +++--------------------------
>  5 files changed, 18 insertions(+), 40 deletions(-)
> 
> diff --git a/arch/x86/coco/sev/internal.h b/arch/x86/coco/sev/internal.h
> index b1d0c66a651a..b9632c0fc391 100644
> --- a/arch/x86/coco/sev/internal.h
> +++ b/arch/x86/coco/sev/internal.h
> @@ -70,6 +70,9 @@ void svsm_pval_pages(struct snp_psc_desc *desc);
>  int svsm_perform_call_protocol(struct svsm_call *call);
>  bool snp_svsm_vtpm_probe(void);
>  
> +noinstr void kernel_exc_vmm_communication(struct pt_regs *regs, unsigned long error_code);
> +noinstr void user_exc_vmm_communication(struct pt_regs *regs, unsigned long error_code);
> +
>  static inline u64 sev_es_rd_ghcb_msr(void)
>  {
>  	return native_rdmsrq(MSR_AMD64_SEV_ES_GHCB);
> diff --git a/arch/x86/coco/sev/vc-handle.c b/arch/x86/coco/sev/vc-handle.c
> index d98b5c08ef00..96b62b49b2b5 100644
> --- a/arch/x86/coco/sev/vc-handle.c
> +++ b/arch/x86/coco/sev/vc-handle.c
> @@ -954,7 +954,7 @@ static __always_inline bool vc_is_db(unsigned long error_code)
>   * Runtime #VC exception handler when raised from kernel mode. Runs in NMI mode
>   * and will panic when an error happens.
>   */
> -DEFINE_IDTENTRY_VC_KERNEL(exc_vmm_communication)
> +noinstr void kernel_exc_vmm_communication(struct pt_regs *regs, unsigned long error_code)
>  {
>  	irqentry_state_t irq_state;
>  
> @@ -1006,7 +1006,7 @@ DEFINE_IDTENTRY_VC_KERNEL(exc_vmm_communication)
>   * Runtime #VC exception handler when raised from user mode. Runs in IRQ mode
>   * and will kill the current task with SIGBUS when an error happens.
>   */
> -DEFINE_IDTENTRY_VC_USER(exc_vmm_communication)
> +noinstr void user_exc_vmm_communication(struct pt_regs *regs, unsigned long error_code)
>  {
>  	/*
>  	 * Handle #DB before calling into !noinstr code to avoid recursive #DB.
> @@ -1032,6 +1032,14 @@ DEFINE_IDTENTRY_VC_USER(exc_vmm_communication)
>  	irqentry_exit_to_user_mode(regs);
>  }
>  
> +DEFINE_IDTENTRY_RAW_ERRORCODE(exc_vmm_communication)
> +{
> +	if (user_mode(regs))
> +		return user_exc_vmm_communication(regs, error_code);
> +	else
> +		return kernel_exc_vmm_communication(regs, error_code);
> +}
> +
>  bool __init handle_vc_boot_ghcb(struct pt_regs *regs)
>  {
>  	unsigned long exit_code = regs->orig_ax;
> diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
> index 42447b1e1dff..c6d996593f32 100644
> --- a/arch/x86/entry/entry_64.S
> +++ b/arch/x86/entry/entry_64.S
> @@ -492,7 +492,7 @@ SYM_CODE_START(\asmsym)
>  
>  	movq	%rsp, %rdi		/* pt_regs pointer */
>  
> -	call	kernel_\cfunc
> +	call	\cfunc
>  
>  	/*
>  	 * No need to switch back to the IST stack. The current stack is either
> @@ -503,7 +503,7 @@ SYM_CODE_START(\asmsym)
>  
>  	/* Switch to the regular task stack */
>  .Lfrom_usermode_switch_stack_\@:
> -	idtentry_body user_\cfunc, has_error_code=1
> +	idtentry_body \cfunc, has_error_code=1
>  
>  _ASM_NOKPROBE(\asmsym)
>  SYM_CODE_END(\asmsym)
> diff --git a/arch/x86/entry/entry_fred.c b/arch/x86/entry/entry_fred.c
> index fbe2d10dd737..fb3594ddf731 100644
> --- a/arch/x86/entry/entry_fred.c
> +++ b/arch/x86/entry/entry_fred.c
> @@ -177,16 +177,6 @@ static noinstr void fred_extint(struct pt_regs *regs)
>  	}
>  }
>  
> -#ifdef CONFIG_AMD_MEM_ENCRYPT
> -noinstr void exc_vmm_communication(struct pt_regs *regs, unsigned long error_code)
> -{
> -	if (user_mode(regs))
> -		return user_exc_vmm_communication(regs, error_code);
> -	else
> -		return kernel_exc_vmm_communication(regs, error_code);
> -}
> -#endif
> -
>  static noinstr void fred_hwexc(struct pt_regs *regs, unsigned long error_code)
>  {
>  	/* Optimize for #PF. That's the only exception which matters performance wise */
> diff --git a/arch/x86/include/asm/idtentry.h b/arch/x86/include/asm/idtentry.h
> index 42bf6a58ec36..20f548702404 100644
> --- a/arch/x86/include/asm/idtentry.h
> +++ b/arch/x86/include/asm/idtentry.h
> @@ -340,17 +340,14 @@ static __always_inline void __##func(struct pt_regs *regs)
>  	__visible void noist_##func(struct pt_regs *regs)
>  
>  /**
> - * DECLARE_IDTENTRY_VC - Declare functions for the VC entry point
> + * DECLARE_IDTENTRY_VC - Declare a function for the VC entry point
>   * @vector:	Vector number (ignored for C)
>   * @func:	Function name of the entry point
>   *
> - * Maps to DECLARE_IDTENTRY_RAW_ERRORCODE, but declares also the
> - * safe_stack C handler.
> + * Maps to DECLARE_IDTENTRY_RAW_ERRORCODE.
>   */
>  #define DECLARE_IDTENTRY_VC(vector, func)				\
> -	DECLARE_IDTENTRY_RAW_ERRORCODE(vector, func);			\
> -	__visible noinstr void kernel_##func(struct pt_regs *regs, unsigned long error_code);	\
> -	__visible noinstr void   user_##func(struct pt_regs *regs, unsigned long error_code)
> +	DECLARE_IDTENTRY_RAW_ERRORCODE(vector, func);
>  
>  /**
>   * DEFINE_IDTENTRY_IST - Emit code for IST entry points
> @@ -391,26 +388,6 @@ static __always_inline void __##func(struct pt_regs *regs)
>  #define DEFINE_IDTENTRY_DF(func)					\
>  	DEFINE_IDTENTRY_RAW_ERRORCODE(func)
>  
> -/**
> - * DEFINE_IDTENTRY_VC_KERNEL - Emit code for VMM communication handler
> - *			       when raised from kernel mode
> - * @func:	Function name of the entry point
> - *
> - * Maps to DEFINE_IDTENTRY_RAW_ERRORCODE
> - */
> -#define DEFINE_IDTENTRY_VC_KERNEL(func)				\
> -	DEFINE_IDTENTRY_RAW_ERRORCODE(kernel_##func)
> -
> -/**
> - * DEFINE_IDTENTRY_VC_USER - Emit code for VMM communication handler
> - *			     when raised from user mode
> - * @func:	Function name of the entry point
> - *
> - * Maps to DEFINE_IDTENTRY_RAW_ERRORCODE
> - */
> -#define DEFINE_IDTENTRY_VC_USER(func)				\
> -	DEFINE_IDTENTRY_RAW_ERRORCODE(user_##func)
> -
>  #else	/* CONFIG_X86_64 */
>  
>  /**