Re: [PATCH v5 00/28] KVM: combined patchset for MBEC/GMET support

[Paolo Bonzini]

On 4/30/26 17:07, Paolo Bonzini wrote:
> I will once more send you to v3 (https://lore.kernel.org/kvm/20260408154217.458420-1-pbonzini@xxxxxxxxxx/)
> for the description of the series.
>
> v4 incorrectly rebased onto 7.1 KVM and broke the case where L1 disables
> NPT.  On top of that I made a few final touches on the patch split, and
> opted to use the XU bit unconditionally in the MMU even if MBEC is disabled.
> This is more consistent with the idea of reducing as much as possible
> the differences between mbec=0 and mbec=1 modes.

I placed this also at branch kvm-mbec of 
https://git.kernel.org/pub/scm/virt/kvm/kvm.git.

Paolo

> Paolo
>
> v4->v5:
> - patches 8 and 9: swap to clarify use of ACC_USER_MASK to detect read faults
> - patch 11: fix final argument to kvm_translate_gpa (using pte_access instead
>    of walker->pte_access worked more or less accidentally, but it is incorrect
>    because vmx_translate_nested_gpa uses ACC_* constants rather than PT_*)
> - patches 13 and 15: revert to always setting shadow_xu_mask ==
>    VMX_EPT_USER_EXECUTABLE_MASK, even if MBEC is disabled.  The MMU always
>    operates as if MBEC is available, instead of complicating its life (and
>    potentially introducing bugs) by mapping XU onto X; blocking incorrect
>    configuration can be done at higher levels.  Add a comment on the design.
> - patch 24: also block CR4.SMAP
> - patches 26 and 28: fix rebase onto 7.1 KVM (fixes nested NPT disabled)
>
> v3->v4:
> - patch 15: clear enable_mbec = 0 if enable_ept == 0
> - patches 23-27: adjust for rename of nested_ctl to misc_ctl
> - patch 24: new
> - patch 27: disable svm_get_cpl for SEV-ES/SEV-SNP
> - patch 28: fix commit message reference to __nested_svm_check_controls
>
>
> Jon Kohler (5):
>    KVM: TDX/VMX: rework EPT_VIOLATION_EXEC_FOR_RING3_LIN into PROT_MASK
>    KVM: x86/mmu: remove SPTE_PERM_MASK
>    KVM: x86/mmu: free up bit 10 of PTEs in preparation for MBEC
>    KVM: nVMX: advertise MBEC to nested guests
>    KVM: nVMX: allow MBEC with EVMCS
>
> Paolo Bonzini (23):
>    KVM: x86/mmu: shuffle high bits of SPTEs in preparation for MBEC
>    KVM: x86/mmu: remove SPTE_EPT_*
>    KVM: x86/mmu: merge make_spte_{non,}executable
>    KVM: x86/mmu: rename and clarify BYTE_MASK
>    KVM: x86/mmu: separate more EPT/non-EPT permission_fault()
>    KVM: x86/mmu: introduce ACC_READ_MASK
>    KVM: x86/mmu: pass PFERR_GUEST_PAGE/FINAL_MASK to kvm_translate_gpa
>    KVM: x86/mmu: pass pte_access for final nGPA->GPA walk
>    KVM: x86: make translate_nested_gpa vendor-specific
>    KVM: x86/mmu: split XS/XU bits for EPT
>    KVM: x86/mmu: move cr4_smep to base role
>    KVM: VMX: enable use of MBEC
>    KVM: nVMX: pass advanced EPT violation vmexit info to guest
>    KVM: nVMX: pass PFERR_USER_MASK to MMU on EPT violations
>    KVM: x86/mmu: add support for MBEC to EPT page table walks
>    KVM: x86/mmu: propagate access mask from root pages down
>    KVM: x86/mmu: introduce cpu_role bit for availability of PFEC.I/D
>    KVM: SVM: add GMET bit definitions
>    KVM: x86/mmu: hard code more bits in kvm_init_shadow_npt_mmu
>    KVM: x86/mmu: add support for GMET to NPT page table walks
>    KVM: SVM: enable GMET and set it in MMU role
>    KVM: SVM: work around errata 1218
>    KVM: nSVM: enable GMET for guests
>
>   Documentation/virt/kvm/x86/mmu.rst |  10 +-
>   arch/x86/include/asm/cpufeatures.h |   1 +
>   arch/x86/include/asm/kvm-x86-ops.h |   1 +
>   arch/x86/include/asm/kvm_host.h    |  48 +++++---
>   arch/x86/include/asm/svm.h         |   1 +
>   arch/x86/include/asm/vmx.h         |  14 ++-
>   arch/x86/kvm/hyperv.c              |   4 +-
>   arch/x86/kvm/mmu.h                 |  30 +++--
>   arch/x86/kvm/mmu/mmu.c             | 176 ++++++++++++++++++++---------
>   arch/x86/kvm/mmu/mmutrace.h        |  19 ++--
>   arch/x86/kvm/mmu/paging_tmpl.h     |  73 ++++++++----
>   arch/x86/kvm/mmu/spte.c            |  92 +++++++++------
>   arch/x86/kvm/mmu/spte.h            |  70 +++++++-----
>   arch/x86/kvm/mmu/tdp_mmu.c         |   6 +-
>   arch/x86/kvm/svm/nested.c          |  38 ++++++-
>   arch/x86/kvm/svm/svm.c             |  31 +++++
>   arch/x86/kvm/svm/svm.h             |   1 +
>   arch/x86/kvm/vmx/capabilities.h    |  12 +-
>   arch/x86/kvm/vmx/common.h          |  20 ++--
>   arch/x86/kvm/vmx/hyperv_evmcs.h    |   1 +
>   arch/x86/kvm/vmx/main.c            |   9 ++
>   arch/x86/kvm/vmx/nested.c          |  46 +++++++-
>   arch/x86/kvm/vmx/tdx.c             |   2 +-
>   arch/x86/kvm/vmx/vmx.c             |  27 ++++-
>   arch/x86/kvm/vmx/vmx.h             |   1 +
>   arch/x86/kvm/vmx/x86_ops.h         |   1 +
>   arch/x86/kvm/x86.c                 |  18 +--
>   27 files changed, 529 insertions(+), 223 deletions(-)