Syzbot CI

Patch Series

Subject	KVM: x86: Add a paranoid mode for CPUID verification
Author	binbin.wu@linux.intel.com
Date	2026-04-17 07:35:44 +0000 UTC
Version
Cc	binbin.wu@linux.intel.com chao.gao@intel.com kai.huang@intel.com kvm@vger.kernel.org pbonzini@redhat.com rick.p.edgecombe@intel.com seanjc@google.com xiaoyao.li@intel.com

Subject

KVM: x86: Add a paranoid mode for CPUID verification

Author

binbin.wu@linux.intel.com

Date

2026-04-17 07:35:44 +0000 UTC

Version

binbin.wu@linux.intel.com chao.gao@intel.com kai.huang@intel.com kvm@vger.kernel.org pbonzini@redhat.com rick.p.edgecombe@intel.com seanjc@google.com xiaoyao.li@intel.com

Patches (27)

Name	Content [All]
[RFC PATCH 01/27] KVM: x86: Fix emulated CPUID features being applied to wrong sub-leaf	[Body]
[RFC PATCH 02/27] KVM: x86: Reorder the features for CPUID 7	[Body]
[RFC PATCH 03/27] KVM: x86: Add definitions for CPUID overlays	[Body]
[RFC PATCH 04/27] KVM: x86: Extend F() and its variants for CPUID overlays	[Body]
[RFC PATCH 05/27] KVM: x86: Extend kvm_cpu_cap_{set/clear}() to configure overlays	[Body]
[RFC PATCH 06/27] KVM: x86: Populate TDX CPUID overlay with supported feature bits	[Body]
[RFC PATCH 07/27] KVM: x86: Support KVM_GET_{SUPPORTED,EMULATED}_CPUID as VM scope ioctls	[Body]
[RFC PATCH 08/27] KVM: x86: Thread @kvm to KVM CPU capability helpers	[Body]
[RFC PATCH 09/27] KVM: x86: Use overlays of KVM CPU capabilities	[Body]
[RFC PATCH 10/27] KVM: x86: Use vendor-specific overlay flags instead of F_CPUID_DEFAULT	[Body]
[RFC PATCH 11/27] KVM: SVM: Drop unnecessary clears of unsupported common x86 features	[Body]
[RFC PATCH 12/27] KVM: x86: Split KVM CPU cap leafs into two parts	[Body]
[RFC PATCH 13/27] KVM: x86: Add a helper to initialize CPUID multi-bit fields	[Body]
[RFC PATCH 14/27] KVM: x86: Add a helper to init multiple feature bits based on raw CPUID	[Body]
[RFC PATCH 15/27] KVM: x86: Add infrastructure to track CPUID entries ignored in paranoid mode	[Body]
[RFC PATCH 16/27] KVM: x86: Init allowed masks for basic CPUID range in paranoid mode	[Body]
[RFC PATCH 17/27] KVM: x86: Init allowed masks for extended CPUID range in paranoid mode	[Body]
[RFC PATCH 18/27] KVM: x86: Handle Centaur CPUID leafs in paranoid mode	[Body]
[RFC PATCH 19/27] KVM: x86: Track KVM PV CPUID features for paranoid mode	[Body]
[RFC PATCH 20/27] KVM: x86: Add per-VM flag to track CPUID paranoid mode	[Body]
[RFC PATCH 21/27] KVM: x86: Make kvm_vcpu_after_set_cpuid() return an error code	[Body]
[RFC PATCH 22/27] KVM: x86: Verify userspace CPUID inputs in paranoid mode	[Body]
[RFC PATCH 23/27] KVM: x86: Account for runtime CPUID features in paranoid mode	[Body]
[RFC PATCH 24/27] KVM: x86: Skip paranoid CPUID check for KVM PV leafs when base is relocated	[Body]
[RFC PATCH 25/27] KVM: x86: Add new KVM_CAP_X86_CPUID_PARANOID	[Body]
[RFC PATCH 26/27] KVM: x86: Add a helper to query the allowed CPUID mask	[Body]
[RFC PATCH 27/27] KVM: TDX: Replace hardcoded CPUID filtering with the allowed mask	[Body]

Name

Content [All]

[RFC PATCH 01/27] KVM: x86: Fix emulated CPUID features being applied to wrong sub-leaf

[RFC PATCH 02/27] KVM: x86: Reorder the features for CPUID 7

[RFC PATCH 03/27] KVM: x86: Add definitions for CPUID overlays

[RFC PATCH 04/27] KVM: x86: Extend F() and its variants for CPUID overlays

[RFC PATCH 05/27] KVM: x86: Extend kvm_cpu_cap_{set/clear}() to configure overlays

[RFC PATCH 06/27] KVM: x86: Populate TDX CPUID overlay with supported feature bits

[RFC PATCH 07/27] KVM: x86: Support KVM_GET_{SUPPORTED,EMULATED}_CPUID as VM scope ioctls

[RFC PATCH 08/27] KVM: x86: Thread @kvm to KVM CPU capability helpers

[RFC PATCH 09/27] KVM: x86: Use overlays of KVM CPU capabilities

[RFC PATCH 10/27] KVM: x86: Use vendor-specific overlay flags instead of F_CPUID_DEFAULT

[RFC PATCH 11/27] KVM: SVM: Drop unnecessary clears of unsupported common x86 features

[RFC PATCH 12/27] KVM: x86: Split KVM CPU cap leafs into two parts

[RFC PATCH 13/27] KVM: x86: Add a helper to initialize CPUID multi-bit fields

[RFC PATCH 14/27] KVM: x86: Add a helper to init multiple feature bits based on raw CPUID

[RFC PATCH 15/27] KVM: x86: Add infrastructure to track CPUID entries ignored in paranoid mode

[RFC PATCH 16/27] KVM: x86: Init allowed masks for basic CPUID range in paranoid mode

[RFC PATCH 17/27] KVM: x86: Init allowed masks for extended CPUID range in paranoid mode

[RFC PATCH 18/27] KVM: x86: Handle Centaur CPUID leafs in paranoid mode

[RFC PATCH 19/27] KVM: x86: Track KVM PV CPUID features for paranoid mode

[RFC PATCH 20/27] KVM: x86: Add per-VM flag to track CPUID paranoid mode

[RFC PATCH 21/27] KVM: x86: Make kvm_vcpu_after_set_cpuid() return an error code

[RFC PATCH 22/27] KVM: x86: Verify userspace CPUID inputs in paranoid mode

[RFC PATCH 23/27] KVM: x86: Account for runtime CPUID features in paranoid mode

[RFC PATCH 24/27] KVM: x86: Skip paranoid CPUID check for KVM PV leafs when base is relocated

[RFC PATCH 25/27] KVM: x86: Add new KVM_CAP_X86_CPUID_PARANOID

[RFC PATCH 26/27] KVM: x86: Add a helper to query the allowed CPUID mask

[RFC PATCH 27/27] KVM: TDX: Replace hardcoded CPUID filtering with the allowed mask

Session 2026-04-17

ID (for dev)	0b418bae-a27c-4f45-9e31-b9f4d4170049
Status	finished
Triaged	OK [Log]
Execution Log	[Link]

Test	Base	Patched	Verdict
[KASAN] Build Base	6b802031877a995456c528095c41d1948546bf45 [Config]		passed [Log]
[KASAN] Boot test: Base	6b802031877a995456c528095c41d1948546bf45 [Config]		passed [Log]
[KASAN] Build Patched		6b802031877a995456c528095c41d1948546bf45 [Config] [patched]	passed [Log]
[KASAN] Boot test: Patched		6b802031877a995456c528095c41d1948546bf45 [Config] [patched]	passed [Log]
[KASAN] Fuzz	6b802031877a995456c528095c41d1948546bf45 [Config]	6b802031877a995456c528095c41d1948546bf45 [Config] [patched]	passed [Log] [Artifacts]