On Mon, Jan 12, 2026 at 4:30 PM Jim Mattson <[email protected]> wrote: > > KVM's implementation of nested SVM treats PAT the same way whether or > not nested NPT is enabled: L1 and L2 share a PAT. > > This is correct when nested NPT is disabled, but incorrect when nested > NPT is enabled. When nested NPT is enabled, L1 and L2 have independent > PATs.
Yosry points out that this series does not correctly handle saving a checkpoint on a new kernel and restoring it on an old kernel. In that scenario, KVM_SET_MSRS will restore the L2 PAT, and the old kernel will not restore L1's PAT on emulated #VMEXIT. I have also discovered that not all userspace VMMs restore MSRs before nested state. Ironically, I think the way to correctly deal with compatibility in both directions is to go back to the architected separation of hPAT and gPAT. Accesses to IA32_PAT from userspace will always have to reference hPAT to properly restore a new checkpoint on an old kernel. Cooking up v2...
