The SVM DecodeAssists feature is reported in CPUID Fn8000_000A_EDX[7]. When available, hardware provides the length and bytes of the intercepted instruction in the VMCB, allowing a hypervisor to consume the decode information directly instead of re-decoding the instruction in software on relevant VM-Exit paths.
KVM currently does not expose DecodeAssists to nested SVM guests, even when the host supports it, and does not propagate the hardware-provided instruction length and bytes from VMCB02 to VMCB12 on nested VM-Exit. This leaves L1 with an incomplete virtual SVM CPUID model and prevents L1 from using the same hardware-assisted decode information that KVM receives for L2 exits. The missing virtualization was observed in practice with Hyper-V as L1, where the absence of DecodeAssists prevented nested SVM from being made available to L2 guests. The fix is not Hyper-V specific. Complete nested SVM virtualization of DecodeAssists by advertising the feature to L1 when supported by hardware, and by copying the decode-assist fields into VMCB12 on nested VM-Exit. Add a selftest that triggers a nested page fault from L2 and verifies that L1 sees a non-zero instruction length and instruction bytes matching the faulting instruction. Tested with: make -C tools/testing/selftests TARGETS=kvm run_tests Tina Zhang (2): KVM: nSVM: Virtualize DecodeAssists for nested guests KVM: selftests: Add nested SVM DecodeAssists test arch/x86/kvm/svm/nested.c | 47 ++++++++- arch/x86/kvm/svm/svm.c | 3 + arch/x86/kvm/svm/svm.h | 6 ++ tools/testing/selftests/kvm/Makefile.kvm | 1 + .../selftests/kvm/include/x86/processor.h | 1 + .../kvm/x86/svm_nested_decode_assists_test.c | 99 +++++++++++++++++++ 6 files changed, 156 insertions(+), 1 deletion(-) create mode 100644 tools/testing/selftests/kvm/x86/svm_nested_decode_assists_test.c -- 2.43.0
