Re: [PATCH v3 3/4] KVM: x86: Virtualize AMD CPUID faulting

[Jim Mattson]

On Thu, May 14, 2026 at 7:28 AM Sean Christopherson <seanjc@xxxxxxxxxx> wrote:
>
> On Thu, May 14, 2026, Jim Mattson wrote:
> > > diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h
> > > index 95d09ccbf951..fc96ba86c644 100644
> > > --- a/arch/x86/kvm/cpuid.h
> > > +++ b/arch/x86/kvm/cpuid.h
> > > @@ -185,8 +185,9 @@ static inline int guest_cpuid_stepping(struct kvm_vcpu *vcpu)
> > >
> > >  static inline bool cpuid_fault_enabled(struct kvm_vcpu *vcpu)
> > >  {
> > > -       return vcpu->arch.msr_misc_features_enables &
> > > -                 MSR_MISC_FEATURES_ENABLES_CPUID_FAULT;
> > > +       return (vcpu->arch.msr_misc_features_enables &
> > > +               MSR_MISC_FEATURES_ENABLES_CPUID_FAULT) ||
> > > +               (vcpu->arch.msr_hwcr & MSR_K7_HWCR_CPUID_USER_DIS);
> > >  }
> >
> > Sashiko raises a good point here about a pre-existing issue that
>
> Calling this pre-existing is a bit of a stretch.  I'm guessing VMX doesn't check
> the #GP before the VM-Exit (checking #GP before a VM-Exit is so stupid).

Per the SDM, volume 3, section 27.1.1: Relative Priority of Faults and VM Exits

> Certain exceptions have priority over VM exits. These include invalid-opcode exceptions, faults based on
privilege level,1 and general-protection exceptions that are based on
checking I/O permission bits in the task-
state segment (TSS). For example, execution of RDMSR with CPL = 3
generates a general-protection exception
and not a VM exit.2

> Yes, KVM technically emulates MSR_MISC_FEATURES_ENABLES_CPUID_FAULT for AMD, but
> we're firmly in "making shit up" territory when reasoning about the interactions
> between SVM and a feature that doesn't exist on real AMD CPUs.

True.

> > probably warrants a fix before propagating it further:
> >
> > > Does this emulation of CPUID faulting respect architectural fault
> > > priorities in a nested virtualization scenario?
> > >
> > > According to the AMD APM, if CPUID faulting is enabled, a #GP fault takes
> > > precedence over a CPUID VM-exit intercept.
>
> Where in the APM?  I can't find anything in the description of CPUID or CpuidUserDis
> that specifies the priority, and "Table 15-7. Instruction Intercepts" is flat out
> wrong because it just says:
>
>    CPUID  CPUID  No exceptions to check.

APM volume 2, section 15.7: Intercept Operation

> Generally, instruction intercepts are checked after simple exceptions
(such as #GP—when CPL is incorrect—or #UD) have been checked, but
before exceptions related to
memory accesses (such as page faults) and exceptions based on specific
operand values.