Re: [PATCH 27/28] KVM: SVM: work around errata 1218

From: mlevitsk

Date: Tue Jun 02 2026 - 10:48:10 EST


On Tue, 2026-05-05 at 21:52 +0200, Paolo Bonzini wrote:
> According to AMD, the hypervisor may not be able to determine whether a
> fault was a GMET fault or an NX fault based on EXITINFO1, and software
> "must read the relevant VMCB to determine whether a fault was a GMET
> fault or an NX fault".  The APM further details that they meant the
> CPL field.
>
> KVM uses the page fault error code to distinguish the causes of a
> nested page fault, so recalculate the PFERR_USER_MASK bit of the
> vmexit information.  Only do it for fetches and only if GMET is in
> use, because KVM does not differentiate based on PFERR_USER_MASK
> for other nested NPT page faults.
>
> Tested-by: David Riley <d.riley@xxxxxxxxxxx>
> Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
> ---
>  arch/x86/kvm/svm/svm.c | 12 ++++++++++++
>  1 file changed, 12 insertions(+)
>
> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
> index 3895d8794366..fd79874c5f4b 100644
> --- a/arch/x86/kvm/svm/svm.c
> +++ b/arch/x86/kvm/svm/svm.c
> @@ -1993,6 +1993,18 @@ static int npf_interception(struct kvm_vcpu *vcpu)
>   }
>   }
>  
> + if (!is_sev_es_guest(vcpu) &&
> +     (svm->vmcb->control.misc_ctl & SVM_MISC_ENABLE_GMET) &&
> +     (error_code & PFERR_FETCH_MASK)) {
> + /*
> + * Work around errata 1218: EXITINFO1[2] May Be Incorrectly Set
> + * When GMET (Guest Mode Execute Trap extension) is Enabled
> + */
> + error_code |= PFERR_USER_MASK;
> + if (svm_get_cpl(vcpu) != 3)
> + error_code &= ~PFERR_USER_MASK;
> + }
> +

Hi!

I wonder if we can limit this workaround to a range of Zen families at least.
For example, maybe limit this workaround to CPUs older than Zen5?
(Assuming that this errata is not present on Zen5)

The workaround does look harmless but still each workaround 
is an extra piece of code to worry about.

>   if (is_sev_snp_guest(vcpu) && (error_code & PFERR_GUEST_ENC_MASK))
>   error_code |= PFERR_PRIVATE_ACCESS;
>  


Reviewed-by: Maxim Levitsky <mlevitsk@xxxxxxxxxx>

Best regards,
Maxim Levitsky