On Thu, May 14, 2026, Jim Mattson wrote: > On Thu, May 14, 2026 at 7:28 AM Sean Christopherson <[email protected]> wrote: > > > > On Thu, May 14, 2026, Jim Mattson wrote: > > > > diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h > > > > index 95d09ccbf951..fc96ba86c644 100644 > > > > --- a/arch/x86/kvm/cpuid.h > > > > +++ b/arch/x86/kvm/cpuid.h > > > > @@ -185,8 +185,9 @@ static inline int guest_cpuid_stepping(struct > > > > kvm_vcpu *vcpu) > > > > > > > > static inline bool cpuid_fault_enabled(struct kvm_vcpu *vcpu) > > > > { > > > > - return vcpu->arch.msr_misc_features_enables & > > > > - MSR_MISC_FEATURES_ENABLES_CPUID_FAULT; > > > > + return (vcpu->arch.msr_misc_features_enables & > > > > + MSR_MISC_FEATURES_ENABLES_CPUID_FAULT) || > > > > + (vcpu->arch.msr_hwcr & MSR_K7_HWCR_CPUID_USER_DIS); > > > > } > > > > > > Sashiko raises a good point here about a pre-existing issue that > > > > Calling this pre-existing is a bit of a stretch. I'm guessing VMX doesn't > > check > > the #GP before the VM-Exit (checking #GP before a VM-Exit is so stupid). > > Per the SDM, volume 3, section 27.1.1: Relative Priority of Faults and VM > Exits > > Certain exceptions have priority over VM exits. These include invalid-opcode > exceptions, faults based on privilege level,1 and general-protection > exceptions that are based on checking I/O permission bits in the task- state > segment (TSS). For example, execution of RDMSR with CPL = 3 generates a > general-protection exception and not a VM exit.2
... > > Where in the APM? I can't find anything in the description of CPUID or > > CpuidUserDis > > that specifies the priority, and "Table 15-7. Instruction Intercepts" is > > flat out > > wrong because it just says: > > > > CPUID CPUID No exceptions to check. > > APM volume 2, section 15.7: Intercept Operation > > > Generally, instruction intercepts are checked after simple exceptions > (such as #GP—when CPL is incorrect—or #UD) have been checked, but > before exceptions related to > memory accesses (such as page faults) and exceptions based on specific > operand values. Oooh, this is based on the generic CPL rules. I didn't think about it from that perspective. So yeah, addressing that does make sense. What a pain.
