[PATCH v2 0/8] KVM: x86: nSVM: Improve PAT virtualization

Thu, 15 Jan 2026 15:22:23 -0800 

Currently, KVM's implementation of nested SVM treats the PAT MSR the same
way whether or not nested NPT is enabled: L1 and L2 share a single
PAT. However, the APM specifies that when nested NPT is enabled, the host
(L1) and the guest (L2) should have independent PATs: hPAT for L1 and gPAT
for L2. This patch series implements the architectural specification in
KVM.

The existing PAT MSR (vcpu->arch.pat) is used for hPAT, and the
vmcb02.save.g_pat field is used for gPAT. With nested NPT enabled, guest
accesses to the IA32_PAT MSR are redirected to gPAT, which is stored in
vmcb02->save.g_pat. All other accesses, including userspace accesses via
KVM_{GET,SET}_MSRS, continue to reference hPAT.

The special handling of userspace accesses ensures save/restore forward
compatibility (i.e. resuming a new checkpoint on an older kernel). When an
old kernel restores a checkpoint from a new kernel, the gPAT will be lost,
and L2 will simply use L1's PAT, which is the behavior of the old kernel
anyway.

v1 -> v2:
  Adhere to the architectural specification
  Drop the preservation of vmcb01->g_pat across virtual SMM
  Store the gPAT rather than the hPAT in the nested state (save.g_pat)
  Fix forward compatibility
  Handle backward compatibility when MSRs are restored after nested state
  (setq-default fill-column 75) [Sean]
  Or the KVM_STATE_SVM_VALID_GPAT bit into flags [Sean]
  
Jim Mattson (8):
  KVM: x86: nSVM: Redirect IA32_PAT accesses to either hPAT or gPAT
  KVM: x86: nSVM: Cache g_pat in vmcb_save_area_cached
  KVM: x86: nSVM: Add validity check for vmcb12 g_pat
  KVM: x86: nSVM: Set vmcb02.g_pat correctly for nested NPT
  KVM: x86: nSVM: Save gPAT to vmcb12.g_pat on VMEXIT
  KVM: x86: nSVM: Save/restore gPAT with KVM_{GET,SET}_NESTED_STATE
  KVM: x86: nSVM: Handle restore of legacy nested state
  KVM: selftests: nSVM: Add svm_nested_pat test

 arch/x86/include/uapi/asm/kvm.h               |   3 +
 arch/x86/kvm/svm/nested.c                     |  49 ++-
 arch/x86/kvm/svm/svm.c                        |  39 +-
 arch/x86/kvm/svm/svm.h                        |   7 +
 tools/testing/selftests/kvm/Makefile.kvm      |   1 +
 .../selftests/kvm/x86/svm_nested_pat_test.c   | 357 ++++++++++++++++++
 6 files changed, 442 insertions(+), 14 deletions(-)
 create mode 100644 tools/testing/selftests/kvm/x86/svm_nested_pat_test.c


base-commit: f62b64b970570c92fe22503b0cdc65be7ce7fc7c
-- 
2.52.0.457.g6b5491de43-goog

Reply via email to