Currently KVM allows the guest to set IA32_DEBUGCTL to whatever value
the guest wants, only capped by a bitmask of allowed bits

(except in the nested entry where KVM apparently doesn't even check
this set of allowed bits - this patch series also fixes that)

However some IA32_DEBUGCTL bits can be useful for the host, e.g the
IA32_DEBUGCTL.DEBUGCTLMSR_FREEZE_IN_SMM which isolates the PMU from
the influence of the host's SMM.

Reshuffle some of the code to allow (currently only this bit) to be passed
though from its host value to the guest.

Note that host value of this bit can be toggled by writing 0 or 1 to
/sys/devices/cpu/freeze_on_smi

This was tested on a Intel(R) Xeon(R) Silver 4410Y with KVM unit tests and
kvm selftests running in parallel with tight loop writing to IO port 0xB2
which on this machine generates #SMIs.

SMI generation was also verified also by reading the MSR 0x34 which
shows the current count of #SMIs received.

Despite the flood of #SMIs, the tests survived with this patch applied.

V5: addressed the review feedback. Thanks.

I also decided to wrap the read/write of the GUEST_IA32_DEBUGCTL in pmu_intel.c as
well, just for the sake of consistency.

Best regards,
     Maxim Levitsky

Maxim Levitsky (3):
  KVM: nVMX: check vmcs12->guest_ia32_debugctl value given by L2
  KVM: VMX: wrap guest access to IA32_DEBUGCTL with wrappers
  KVM: VMX: preserve DEBUGCTLMSR_FREEZE_IN_SMM

Sean Christopherson (2):
  KVM: x86: Convert vcpu_run()'s immediate exit param into a generic
    bitmap
  KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag

 arch/x86/include/asm/kvm-x86-ops.h |  1 -
 arch/x86/include/asm/kvm_host.h    |  9 ++++++--
 arch/x86/kvm/svm/svm.c             | 14 +++++++-----
 arch/x86/kvm/vmx/main.c            | 15 +++----------
 arch/x86/kvm/vmx/nested.c          |  7 +++---
 arch/x86/kvm/vmx/pmu_intel.c       |  8 +++----
 arch/x86/kvm/vmx/tdx.c             |  3 ++-
 arch/x86/kvm/vmx/vmx.c             | 36 +++++++++++++++++++++---------
 arch/x86/kvm/vmx/vmx.h             |  3 +++
 arch/x86/kvm/vmx/x86_ops.h         |  4 ++--
 arch/x86/kvm/x86.c                 | 18 ++++++++++-----
 11 files changed, 71 insertions(+), 47 deletions(-)

-- 
2.46.0

On Wed, May 21, 2025, Maxim Levitsky wrote:
> V5: addressed the review feedback. Thanks.

I'll send v6 later today.  I want to include the TDX fix[*] in this series, and
hopefully we can save some back-and-forth on the series (I want to get this into
6.16-rc1).  My plan is to shove this into a dedicated topic branch by end of week,
and then send a separate pull request for the branch sometime next week.

[*] https://lore.kernel.org/all/aC0IwYfNvuo_vUDU@google.com

On Thu, May 22, 2025, Sean Christopherson wrote:
> On Wed, May 21, 2025, Maxim Levitsky wrote:
> > V5: addressed the review feedback. Thanks.
> 
> I'll send v6 later today.

This ain't happening.  See the conversation I'm having with myself in patch 3.
I do have a refreshed and tested (ignoring the nested mess) series prepped, i.e.
no need for you to work on a v6, I just won't get it posted today.