| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251221040742.29749-1-chang.seok.bae@intel.com>
Date: Sun, 21 Dec 2025 04:07:26 +0000
From: "Chang S. Bae" <chang.seok.bae@...el.com>
To: pbonzini@...hat.com,
seanjc@...gle.com
Cc: kvm@...r.kernel.org,
linux-kernel@...r.kernel.org,
chao.gao@...el.com,
chang.seok.bae@...el.com
Subject: [PATCH 00/16] KVM: x86: Enable APX for guests
Hi all,
Since the last RFC posting [1], Paolo provided extensive feedback that
helped clarify the overall direction, so this series is now without RFC.
The patchset incorporates those feedbacks throughout, based on v6.19-rc1
where the VEX support series [2] was merged.
Major changes were made on the emulator with rebasing and subsequent
simplifications. Below is a brief summary of each part.
* Part1, PATCH 01-03: GPR accessor refactoring
PATCH2: Rename the internal GPR access helpers to kvm_gpr_read_raw() /
kvm_gpr_write(). These accessors are selectively defined to support
EGPR indexes. Only with CONFIG_KVM_APX=y, EGPR handling is compiled
while AMD and 32-bit builds remain unchanged and continue to use the
existing accessor as is.
* Part2, PATCH 04-08: VMX support for extended register index
In the previous version, use of extended VMX fields for EGPR indices
was conditioned on XCR0.APX. However, enumeration of the APX CPUID bit
alone is sufficient to guarantee availability of the extended field in
VMCS. Now, this series checks static_cpu_has(X86_FEATURE_APX) for VMX
(PATCH8) and the corresponding vCPU value for nested VMX (PATCH7).
* Part3, PATCH 09-12: Emulation support for REX2
This part has the largest changes, with substantial simplification:
1. PATCH10/11: JMPABS support is dropped, as emulation of memory
operations are practically meaningful. Then, this drop allows reuse
of the existing opcode tables with adjustments -- adding the NoRex
tag for clarifying the #UD behavior with REX2 in PATCH10.
Subsequently, on PATCH11, REX2-prefixed opcode lookup is then
integrated into the existing flow by jumping directly to the
relevant sites.
2. PATCH11: REX2 disallows several illegal prefix sequences. The
previous version had pretty complex logic unnecessary. The new
approach relies on opcode table attributes, which is sufficient and
makes it simple. This also aligns with the spec sentences [3].
3. PATCH10: Register index extraction is simplified by a generalized
helper which interprets REX/REX2 bits.
* Part4, PATCH13-16: APX exposition and self-test
There are no changes to CPUID exposure or the self-tests. The only
adjustment is in XCR0.APX handling to explicitly prevent conflicts
with MPX (PATCH13). The code that previously referenced XCR0.APX in
the VMX exit handler was removed with the Part2 changes.
Each patch contains detailed changelogs describing the individual changes.
The previous cover letter [4] also includes some details that were
previously brought up as RFC and now seem to be established.
Thanks to Paolo for the thorough reviews and guidance, and to Chao for
spotting an important point.
The series is also available on this repository:
git://github.com/intel/apx.git apx-kvm_v1
Thanks,
Chang
[1]: https://lore.kernel.org/kvm/20251110180131.28264-1-chang.seok.bae@intel.com
[2]: https://lore.kernel.org/kvm/20251114003633.60689-1-pbonzini@redhat.com
[3]: https://lore.kernel.org/kvm/20251110180131.28264-1-chang.seok.bae@intel.com
[4]: 3.1.2.1 REX2 Prefix, APX Architecture Specification
https://cdrdv2.intel.com/v1/dl/getContent/784266
Chang S. Bae (15):
KVM: x86: Rename register accessors to be GPR-specific
KVM: x86: Refactor GPR accessors to differentiate register access
types
KVM: x86: Implement accessors for extended GPRs
KVM: VMX: Introduce unified instruction info structure
KVM: VMX: Refactor instruction information retrieval
KVM: VMX: Refactor GPR index retrieval from exit qualification
KVM: nVMX: Propagate the extended instruction info field
KVM: VMX: Support extended register index in exit handling
KVM: emulate: Support EGPR accessing and tracking
KVM: emulate: Handle EGPR index and REX2-incompatible opcodes
KVM: emulate: Support REX2-prefixed opcode decode
KVM: emulate: Reject EVEX-prefixed instructions
KVM: x86: Guard valid XCR0.APX settings
KVM: x86: Expose APX sub-features to guests
KVM: x86: selftests: Add APX state handling and XCR0 sanity checks
Peter Fang (1):
KVM: x86: Expose APX foundational feature bit to guests
arch/x86/include/asm/kvm_host.h | 19 +++
arch/x86/include/asm/kvm_vcpu_regs.h | 16 +++
arch/x86/include/asm/vmx.h | 2 +
arch/x86/kvm/Kconfig | 4 +
arch/x86/kvm/cpuid.c | 14 +-
arch/x86/kvm/emulate.c | 121 +++++++++++++-----
arch/x86/kvm/fpu.h | 82 ++++++++++++
arch/x86/kvm/kvm_emulate.h | 11 +-
arch/x86/kvm/reverse_cpuid.h | 6 +
arch/x86/kvm/svm/svm.c | 23 +++-
arch/x86/kvm/vmx/nested.c | 87 +++++++------
arch/x86/kvm/vmx/nested.h | 2 +-
arch/x86/kvm/vmx/vmcs12.c | 1 +
arch/x86/kvm/vmx/vmcs12.h | 3 +-
arch/x86/kvm/vmx/vmx.c | 26 ++--
arch/x86/kvm/vmx/vmx.h | 106 +++++++++++++--
arch/x86/kvm/x86.c | 53 ++++++--
arch/x86/kvm/x86.h | 24 +++-
arch/x86/kvm/xen.c | 2 +-
.../selftests/kvm/include/x86/processor.h | 1 +
tools/testing/selftests/kvm/x86/state_test.c | 6 +
.../selftests/kvm/x86/xcr0_cpuid_test.c | 19 +++
22 files changed, 503 insertions(+), 125 deletions(-)
base-commit: 8f0b4cce4481fb22653697cced8d0d04027cb1e8
--
2.51.0
Powered by blists - more mailing lists