On Thu, May 14, 2026 at 7:28 AM Sean Christopherson <[email protected]> wrote: > > On Thu, May 14, 2026, Jim Mattson wrote: > > > diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h > > > index 95d09ccbf951..fc96ba86c644 100644 > > > --- a/arch/x86/kvm/cpuid.h > > > +++ b/arch/x86/kvm/cpuid.h > > > @@ -185,8 +185,9 @@ static inline int guest_cpuid_stepping(struct > > > kvm_vcpu *vcpu) > > > > > > static inline bool cpuid_fault_enabled(struct kvm_vcpu *vcpu) > > > { > > > - return vcpu->arch.msr_misc_features_enables & > > > - MSR_MISC_FEATURES_ENABLES_CPUID_FAULT; > > > + return (vcpu->arch.msr_misc_features_enables & > > > + MSR_MISC_FEATURES_ENABLES_CPUID_FAULT) || > > > + (vcpu->arch.msr_hwcr & MSR_K7_HWCR_CPUID_USER_DIS); > > > } > > > > Sashiko raises a good point here about a pre-existing issue that > > Calling this pre-existing is a bit of a stretch. I'm guessing VMX doesn't > check > the #GP before the VM-Exit (checking #GP before a VM-Exit is so stupid).
Per the SDM, volume 3, section 27.1.1: Relative Priority of Faults and VM Exits > Certain exceptions have priority over VM exits. These include invalid-opcode > exceptions, faults based on privilege level,1 and general-protection exceptions that are based on checking I/O permission bits in the task- state segment (TSS). For example, execution of RDMSR with CPL = 3 generates a general-protection exception and not a VM exit.2 > Yes, KVM technically emulates MSR_MISC_FEATURES_ENABLES_CPUID_FAULT for AMD, > but > we're firmly in "making shit up" territory when reasoning about the > interactions > between SVM and a feature that doesn't exist on real AMD CPUs. True. > > probably warrants a fix before propagating it further: > > > > > Does this emulation of CPUID faulting respect architectural fault > > > priorities in a nested virtualization scenario? > > > > > > According to the AMD APM, if CPUID faulting is enabled, a #GP fault takes > > > precedence over a CPUID VM-exit intercept. > > Where in the APM? I can't find anything in the description of CPUID or > CpuidUserDis > that specifies the priority, and "Table 15-7. Instruction Intercepts" is flat > out > wrong because it just says: > > CPUID CPUID No exceptions to check. APM volume 2, section 15.7: Intercept Operation > Generally, instruction intercepts are checked after simple exceptions (such as #GP—when CPL is incorrect—or #UD) have been checked, but before exceptions related to memory accesses (such as page faults) and exceptions based on specific operand values.
