[PATCH 0/2] KVM: nSVM: Expose DecodeAssists to L1

From: Tina Zhang

Date: Mon Jun 29 2026 - 08:57:21 EST


The SVM DecodeAssists feature is reported in CPUID
Fn8000_000A_EDX[7]. When available, hardware provides the length and bytes
of the intercepted instruction in the VMCB, allowing a hypervisor to consume
the decode information directly instead of re-decoding the instruction in
software on relevant VM-Exit paths.

KVM currently does not expose DecodeAssists to nested SVM guests, even when
the host supports it, and does not propagate the hardware-provided
instruction length and bytes from VMCB02 to VMCB12 on nested VM-Exit. This
leaves L1 with an incomplete virtual SVM CPUID model and prevents L1 from
using the same hardware-assisted decode information that KVM receives for
L2 exits.

The missing virtualization was observed in practice with Hyper-V as L1,
where the absence of DecodeAssists prevented nested SVM from being made
available to L2 guests. The fix is not Hyper-V specific. Complete nested
SVM virtualization of DecodeAssists by advertising the feature to L1 when
supported by hardware, and by copying the decode-assist fields into VMCB12
on nested VM-Exit.

Add a selftest that triggers a nested page fault from L2 and verifies that
L1 sees a non-zero instruction length and instruction bytes matching the
faulting instruction.

Tested with:

make -C tools/testing/selftests TARGETS=kvm run_tests

Tina Zhang (2):
KVM: nSVM: Virtualize DecodeAssists for nested guests
KVM: selftests: Add nested SVM DecodeAssists test

arch/x86/kvm/svm/nested.c | 47 ++++++++-
arch/x86/kvm/svm/svm.c | 3 +
arch/x86/kvm/svm/svm.h | 6 ++
tools/testing/selftests/kvm/Makefile.kvm | 1 +
.../selftests/kvm/include/x86/processor.h | 1 +
.../kvm/x86/svm_nested_decode_assists_test.c | 99 +++++++++++++++++++
6 files changed, 156 insertions(+), 1 deletion(-)
create mode 100644 tools/testing/selftests/kvm/x86/svm_nested_decode_assists_test.c

--
2.43.0