From nobody Wed Feb 11 04:00:15 2026 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C125A24418E for ; Thu, 29 May 2025 23:40:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562021; cv=none; b=oyzTzdtfewu2CRxhLX9us19uQsrMG5GytI6cY+jrYwmsRFPIsCVLfc8E61bDne9rJrzEPv1VbzoSbzPTOCyopN+8VLWrikYdibCiPGAc74FSzZN99VqgD1RwYwDl9/hHuNMGLI8YowcWmx3obz6gdxbY60UQp9yURLRR1Z3zFXA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562021; c=relaxed/simple; bh=U/vnhsbhBOR3k5uzXGTAfxXyl26OU5KIOSFsBImEIys=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=scRaymTEaqS22WWKJhWDmZgJVmeT0zmUkvmM0+NRjh1yT8PUk+Ubl2U9apRV4lS4BMdDKnCRulNFg1Mu7+N4xYV/sH3x6LUn8tA66HmFh+HZyuWvIvaPDZ50/3dUEe8Y+xUEYnGaZLLPHrzPe60fK3XTlwF2igVD1S2cTviC+pY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=3Tb6UnoM; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="3Tb6UnoM" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-b115fb801bcso1554319a12.3 for ; Thu, 29 May 2025 16:40:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748562019; x=1749166819; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=WOXO0V2L8rQ7JjdVAp3b4RGjNKGfCgDRi8jurzt1lTM=; b=3Tb6UnoM3evqboBeCZPG+9MokuzgUzb7j62Ntboyo8zzAeJyLMWiVMqIQdtJzz1gJx Wi9s3NZLToxyCwjTw0jJD3LXLbX7BzfQ8BMZRZQoXaTmIPdMV8qvgP3AWnfMZk4U9jiZ J4TE8EOjTG/iWncqv0taHyVm8EHEQRet47FH3lDEhpj7jVrDffvEY21a3XkJ8CCNocG7 RN4vmQ63mqvj1bHlLy/d1qXBzctgBz3+5pflDK0+q7gCl7rLG1VSE0u1wr0d6MdeazXr Lar5uyWHqHdIMeGuMEx50Lbn8RFhboSXtJDpUTpSiKhpJBg8+aqejQoEpEP5j407/80f dAJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748562019; x=1749166819; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=WOXO0V2L8rQ7JjdVAp3b4RGjNKGfCgDRi8jurzt1lTM=; b=eBI9vE39S4YvmVInrhZt5kKbNKtCeAupMYSe8CZ6S6pdlpuSR1LGcgx7MRUyoYuZAa c8ZpiRz7zsVxdkArdViQM6BN5r5lYPh61UDntBBkjvQjP+OGdr+t16io6S7I8U/plAwA IppOz0Kfkz4lYDrmAbovNOIBtgfAipAyp8plU3YPEt5U9YRdl3nMGpSgjCDOrdVXek0c 1O+0PnMK8fMT0wN2btLF2/4qaUw4q9QT8wmXFXB9zR0lf6CH0wO+0gTgRZN16hc+sDNx 9nBFKyXxNSaUgXK461xsROgusSTanF+QxcNv57qIMIkupD1YWynQw77pqkOf038Oi350 oAUA== X-Forwarded-Encrypted: i=1; AJvYcCUngQNK+LHpU78sRargWKGiU98Dlf6oS/DBfJyGbqxB4DNBdPmwFjbtWktfQuHohBpsl2XeXlXpomeutHk=@vger.kernel.org X-Gm-Message-State: AOJu0YwaF7h2xrY6E7bfioOQoP//ZSJQnwCYt3+yH3D7yw+Wad2QsV+w R6bu7CRInj/PfNy3Xu49nz1dJT6lKn+C5yeL3rmj1zla7zqe4uq97s+XFR9Ogg0lOqfRI2C88Js JO25zDg== X-Google-Smtp-Source: AGHT+IHYgGGlZHfS9w2vU3f5cVhL5YvwatjHQcXfI3teFmKUtgx7d2TkS7E4UOVFLFDpezgccvXUQXQ3Ay0= X-Received: from pjbse6.prod.google.com ([2002:a17:90b:5186:b0:30a:7da4:f075]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:1e0f:b0:308:7270:d6ea with SMTP id 98e67ed59e1d1-31241a803bfmr1863216a91.30.1748562018988; Thu, 29 May 2025 16:40:18 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 29 May 2025 16:39:46 -0700 In-Reply-To: <20250529234013.3826933-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250529234013.3826933-1-seanjc@google.com> X-Mailer: git-send-email 2.49.0.1204.g71687c7c1d-goog Message-ID: <20250529234013.3826933-2-seanjc@google.com> Subject: [PATCH 01/28] KVM: SVM: Don't BUG if setting up the MSR intercept bitmaps fails From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Borislav Petkov , Xin Li , Chao Gao , Dapeng Mi Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" WARN and reject module loading if there is a problem with KVM's MSR interception bitmaps. Panicking the host in this situation is inexcusable since it is trivially easy to propagate the error up the stack. Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/svm.c | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 0ad1a6d4fb6d..bd75ff8e4f20 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -945,7 +945,7 @@ static void svm_msr_filter_changed(struct kvm_vcpu *vcp= u) } } =20 -static void add_msr_offset(u32 offset) +static int add_msr_offset(u32 offset) { int i; =20 @@ -953,7 +953,7 @@ static void add_msr_offset(u32 offset) =20 /* Offset already in list? */ if (msrpm_offsets[i] =3D=3D offset) - return; + return 0; =20 /* Slot used by another offset? */ if (msrpm_offsets[i] !=3D MSR_INVALID) @@ -962,17 +962,13 @@ static void add_msr_offset(u32 offset) /* Add offset to list */ msrpm_offsets[i] =3D offset; =20 - return; + return 0; } =20 - /* - * If this BUG triggers the msrpm_offsets table has an overflow. Just - * increase MSRPM_OFFSETS in this case. - */ - BUG(); + return -EIO; } =20 -static void init_msrpm_offsets(void) +static int init_msrpm_offsets(void) { int i; =20 @@ -982,10 +978,13 @@ static void init_msrpm_offsets(void) u32 offset; =20 offset =3D svm_msrpm_offset(direct_access_msrs[i].index); - BUG_ON(offset =3D=3D MSR_INVALID); + if (WARN_ON(offset =3D=3D MSR_INVALID)) + return -EIO; =20 - add_msr_offset(offset); + if (WARN_ON_ONCE(add_msr_offset(offset))) + return -EIO; } + return 0; } =20 void svm_copy_lbrs(struct vmcb *to_vmcb, struct vmcb *from_vmcb) @@ -5511,7 +5510,11 @@ static __init int svm_hardware_setup(void) memset(iopm_va, 0xff, PAGE_SIZE * (1 << order)); iopm_base =3D __sme_page_pa(iopm_pages); =20 - init_msrpm_offsets(); + r =3D init_msrpm_offsets(); + if (r) { + __free_pages(__sme_pa_to_page(iopm_base), get_order(IOPM_SIZE)); + return r; + } =20 kvm_caps.supported_xcr0 &=3D ~(XFEATURE_MASK_BNDREGS | XFEATURE_MASK_BNDCSR); --=20 2.49.0.1204.g71687c7c1d-goog From nobody Wed Feb 11 04:00:15 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4B423254852 for ; Thu, 29 May 2025 23:40:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562023; cv=none; b=nI7eo0cte0nJt7LTeMwP+e8gdkiJoUuxC1MCu63yxvaKw2R2n6RW7OSkv73hZKyOSe+oToqzEtYB2hGgfPXvxrtedBAv7TqU2jnMzC8HdnyADY+QFtA88wsbUuGeJg9LW6CqhFWoj0tsyKsUVO0gP53pHCouSmSjhBHWlRuZRyk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562023; c=relaxed/simple; bh=oA5mIwWnWVZGa1VRqZsbYKhTebJt0ccotJH59gL4CN4=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=qTTSIjPBF6NSfbDrANNQLISXmcNH2FGEMbGoqnr7L/wk/ZGKMKv+aqUTG52Rcz741z8tT9QIww5a2qUCXJXkzVBANe3yagQu5OxoWkmMLIIvan9UZ9bCLti6AW63ogFQ3Zoj2ZRk4YSjHBE7fi3zAooQCUsaSf+TG+6yjfNjwTM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=yuk2tuF5; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="yuk2tuF5" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-310a0668968so1332480a91.0 for ; Thu, 29 May 2025 16:40:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748562020; x=1749166820; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=phkDMYd9+r063lx2wsvT2RvF4yzzenvwRrvfntVBbTY=; b=yuk2tuF5B4yf2m0y7JDpGH+/0pyJVKBzBVeBpaRGgmXtmVTr+pfAiyAuzBvI7GMPhW 3JSwtFBCQ/z/LPKGfqmajZVunmu4350Kbg7EoErmDqwYFhVeLVfjHsThvPAKzqc3Fpy2 rChNGKSNOTJe471XJI6oNbGY4uFOdTkl1rsV67q02lxlPHuvZ1olIhCs2oQBxR147ISi L1ypCkY2MsH2AnBhGRKPR0AKp1TU8LBa3TD49Uhc/tfpxQRW8ID11lQFjBjbN49cIJLC 2U9V2D1Cx3IumZx1LAYx9btL6PvnOEwBVJ0q6RZBgKfhof0a3LmNk9ZuHllJ7Q+YxJcC h5+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748562020; x=1749166820; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=phkDMYd9+r063lx2wsvT2RvF4yzzenvwRrvfntVBbTY=; b=HB+qAvQ4tonLQ0p6NJLpNEf4slLydDOJBqvRrTVyUF1UAcAtxXvHsF/SAw/cGGVoJO 7zs/rKaY3LjZMu6mui4AvGemZMFQaXaj3bsoJMTbToThPg/fJeMvIUQeiMzLho3Q78Nu 0pniP5BOyL8EnjRHS7EF+eKygHafyV1p64Y1/ILvAmQ3ynSJ8F1mwBgJFDZ6Yx4oCOU8 t/Gv/F5v9dh+TVsxgElB95ksyrjFuK2OeNATGrT0GWJTWnfnGZCiYQRQqJaZEvm/b69g HN97voAFy++lynwTyQIlfw5NI0qP3wZ6AdU6dD+EFAPvFgp05tY+fZRhdaflTMY9Rd9d pvtg== X-Forwarded-Encrypted: i=1; AJvYcCW652gbc2mZhTWyTSA/+Eo8Nu13nHXiXQ5FyVtpqNTx8udD8sUkF4g2COSM2TulPnIXrQXi/9fHx9k/PD4=@vger.kernel.org X-Gm-Message-State: AOJu0Yw20uN/yxVqpUf1iUFiUz/lavcZBBBjsfn2xCQsJnoJDW20hbYt 9XGQOqKNl6xZZqNRzg76QOLoI/h+XLjWnjVHByXdAkeA/EzbzgnJ0ZSpVAAswrfGKbKLKcYI6ud r5TaExA== X-Google-Smtp-Source: AGHT+IFQOlSYGltmai4IibO2+vegdOPkobvy+HaORjla/oWfdPWJdtFoLn10L6mMJII6JYzD7yJABkE/Stg= X-Received: from pjtd7.prod.google.com ([2002:a17:90b:47:b0:311:ef56:7694]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90a:d448:b0:2fa:157e:c790 with SMTP id 98e67ed59e1d1-3124100ca00mr1764491a91.5.1748562020565; Thu, 29 May 2025 16:40:20 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 29 May 2025 16:39:47 -0700 In-Reply-To: <20250529234013.3826933-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250529234013.3826933-1-seanjc@google.com> X-Mailer: git-send-email 2.49.0.1204.g71687c7c1d-goog Message-ID: <20250529234013.3826933-3-seanjc@google.com> Subject: [PATCH 02/28] KVM: SVM: Tag MSR bitmap initialization helpers with __init From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Borislav Petkov , Xin Li , Chao Gao , Dapeng Mi Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Tag init_msrpm_offsets() and add_msr_offset() with __init, as they're used only during hardware setup to map potential passthrough MSRs to offsets in the bitmap. Signed-off-by: Sean Christopherson Reviewed-by: Chao Gao --- arch/x86/kvm/svm/svm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index bd75ff8e4f20..25165d57f1e5 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -945,7 +945,7 @@ static void svm_msr_filter_changed(struct kvm_vcpu *vcp= u) } } =20 -static int add_msr_offset(u32 offset) +static __init int add_msr_offset(u32 offset) { int i; =20 @@ -968,7 +968,7 @@ static int add_msr_offset(u32 offset) return -EIO; } =20 -static int init_msrpm_offsets(void) +static __init int init_msrpm_offsets(void) { int i; =20 --=20 2.49.0.1204.g71687c7c1d-goog From nobody Wed Feb 11 04:00:15 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F3D7C2580E7 for ; Thu, 29 May 2025 23:40:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562024; cv=none; b=TclfvHiOQkMWvBfnBBXlTiHI1Ypy6vKg3LoDiZzT0xl9SofP96+W40i20TGxZV3rMN30ugZwM/CuK/sN9A11Xu02yn8zDdkHy84ZtYOBYxCexFeW/ZyR7zcRhRzR+fc3+WxwHGreQzzOAlmG6XmU3kVOufIzSbNwJO8iAbMsDsc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562024; c=relaxed/simple; bh=eYS+Lck7J7NtnTgt+Xbb2Hm4K+2mmZvHByON8oXuZf8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=NXhp9z9zXzglLBI2l+CQapDcvZrnOu/49J/wYtFIUBvDAVS2aAjywRF3ammbnaOcjkPJs6qIKjzUVkATgQPfxDv9uvbXGOhEx2TwXIDdfEgj5nRdJBW5ZGeNiGxBRd5qZRHwSikGstoLnFmojevUshMWYwP16RMYfwVSKYzd+3Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=p0V2Wu2g; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="p0V2Wu2g" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-31220ecc573so1267715a91.3 for ; Thu, 29 May 2025 16:40:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748562022; x=1749166822; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=oNN/zWlAdCOTCYjL0/iu5zuT8BBhNAO0bA3PJaIztLA=; b=p0V2Wu2gmhKXTwroC33wQVDcq/mUMcFRoT2NjRbbJvbnc+NOFz2qBK6bIei96GL4HS EJue5L6pervUEBSl4upZWMLeDOMghhPzlBOrgXJPff2Aok21Cl3e6CchWAoQKPe/RLYU WwTuep6sodKSbogWnnwu3UzQB67noQhmDemXpCX69uBFI3/0ll+vmvUXEpyA3IKb6ZZT QmDDhYFQPdON4cahDev4lFRDDPyPaOm6F3tJRDp+MsIRmlt7e9i9mRtakPm1MmL4vGuw 20zLY5pC0zwqbnqRgse9KKspgmXy+Y0YEI6DMyxCAGd5/BbKVyZygEqW/eVfny8dIMrX GeJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748562022; x=1749166822; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=oNN/zWlAdCOTCYjL0/iu5zuT8BBhNAO0bA3PJaIztLA=; b=h6YVNBGvVeFlXio97n/1zz/ZvEIQCCP3kXE5aRJd+7q2+pbjtAe7Jr03B0iJja54d2 YFe4UDJq95IkDYHXkH87KjGd9O1f3jAelShQsbmOEE3JGCVeC9XH0Qt91QVEmqjIukT6 OVINS8lplvP4QpWT0wqC3/CxpYxQxE3ybu7lh/Z+M313aEVVmKM9x3BDz7soX46U9QRG j7S2NKMvnvFOBnlJwf/pnFf75nAPJiww6JFvZsgyEP5Fk1JVDM2sTR7KxVQYjVlClb4E gYngUaqGNsLCLN0gSqTYXEKp0cF5bFgq6hUp/VnyEPy3vOfBoZDZ72LkVV+qQ7JnQIBR C3nw== X-Forwarded-Encrypted: i=1; AJvYcCX2UAlf6S5skSkToiwzgu04zbuOHF3EBLV2f+x4FIpVYyqEfAXNaRVQv8pdx0WoNxClxeFlb8k0cd6HTC0=@vger.kernel.org X-Gm-Message-State: AOJu0YzBq01ED2RSSwVz/0OM6mS7VzAEvxcJ3wjL/UNAA/ML+5J279UW o2/jX8cmTSogi7Cp0anG7Sm7qis/UVVprZsvO12xzpGItcE/BxR3askF5PBAPvVv+xtWREIAnD/ dDIqzew== X-Google-Smtp-Source: AGHT+IH+PXciz+zBKCuObqiMXeINT6X3kbY5JJY5ZjXV3ituZw1+c952NsssBTZ6rQI8gtfDairM+EJRMXE= X-Received: from pjbcz5.prod.google.com ([2002:a17:90a:d445:b0:312:1dae:6bf0]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:2883:b0:311:e8cc:424a with SMTP id 98e67ed59e1d1-312415391b5mr2428524a91.14.1748562022221; Thu, 29 May 2025 16:40:22 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 29 May 2025 16:39:48 -0700 In-Reply-To: <20250529234013.3826933-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250529234013.3826933-1-seanjc@google.com> X-Mailer: git-send-email 2.49.0.1204.g71687c7c1d-goog Message-ID: <20250529234013.3826933-4-seanjc@google.com> Subject: [PATCH 03/28] KVM: SVM: Use ARRAY_SIZE() to iterate over direct_access_msrs From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Borislav Petkov , Xin Li , Chao Gao , Dapeng Mi Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Drop the unnecessary and dangerous value-terminated behavior of direct_access_msrs, and simply iterate over the actual size of the array. The use in svm_set_x2apic_msr_interception() is especially sketchy, as it relies on unused capacity being zero-initialized, and '0' being outside the range of x2APIC MSRs. To ensure the array and shadow_msr_intercept stay synchronized, simply assert that their sizes are identical (note the six 64-bit-only MSRs). Note, direct_access_msrs will soon be removed entirely; keeping the assert synchronized with the array isn't expected to be along-term maintenance burden. Signed-off-by: Sean Christopherson Reviewed-by: Chao Gao --- arch/x86/kvm/svm/svm.c | 18 +++++++++++------- arch/x86/kvm/svm/svm.h | 2 +- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 25165d57f1e5..36a99b87a47f 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -86,7 +86,7 @@ static DEFINE_PER_CPU(u64, current_tsc_ratio); static const struct svm_direct_access_msrs { u32 index; /* Index of the MSR */ bool always; /* True if intercept is initially cleared */ -} direct_access_msrs[MAX_DIRECT_ACCESS_MSRS] =3D { +} direct_access_msrs[] =3D { { .index =3D MSR_STAR, .always =3D true }, { .index =3D MSR_IA32_SYSENTER_CS, .always =3D true }, { .index =3D MSR_IA32_SYSENTER_EIP, .always =3D false }, @@ -144,9 +144,12 @@ static const struct svm_direct_access_msrs { { .index =3D X2APIC_MSR(APIC_TMICT), .always =3D false }, { .index =3D X2APIC_MSR(APIC_TMCCT), .always =3D false }, { .index =3D X2APIC_MSR(APIC_TDCR), .always =3D false }, - { .index =3D MSR_INVALID, .always =3D false }, }; =20 +static_assert(ARRAY_SIZE(direct_access_msrs) =3D=3D + MAX_DIRECT_ACCESS_MSRS - 6 * !IS_ENABLED(CONFIG_X86_64)); +#undef MAX_DIRECT_ACCESS_MSRS + /* * These 2 parameters are used to config the controls for Pause-Loop Exiti= ng: * pause_filter_count: On processors that support Pause filtering(indicated @@ -767,9 +770,10 @@ static int direct_access_msr_slot(u32 msr) { u32 i; =20 - for (i =3D 0; direct_access_msrs[i].index !=3D MSR_INVALID; i++) + for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) { if (direct_access_msrs[i].index =3D=3D msr) return i; + } =20 return -ENOENT; } @@ -891,7 +895,7 @@ void svm_vcpu_init_msrpm(struct kvm_vcpu *vcpu, u32 *ms= rpm) { int i; =20 - for (i =3D 0; direct_access_msrs[i].index !=3D MSR_INVALID; i++) { + for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) { if (!direct_access_msrs[i].always) continue; set_msr_interception(vcpu, msrpm, direct_access_msrs[i].index, 1, 1); @@ -908,7 +912,7 @@ void svm_set_x2apic_msr_interception(struct vcpu_svm *s= vm, bool intercept) if (!x2avic_enabled) return; =20 - for (i =3D 0; i < MAX_DIRECT_ACCESS_MSRS; i++) { + for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) { int index =3D direct_access_msrs[i].index; =20 if ((index < APIC_BASE_MSR) || @@ -936,7 +940,7 @@ static void svm_msr_filter_changed(struct kvm_vcpu *vcp= u) * will automatically get filtered through the MSR filter, so we are * back in sync after this. */ - for (i =3D 0; direct_access_msrs[i].index !=3D MSR_INVALID; i++) { + for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) { u32 msr =3D direct_access_msrs[i].index; u32 read =3D test_bit(i, svm->shadow_msr_intercept.read); u32 write =3D test_bit(i, svm->shadow_msr_intercept.write); @@ -974,7 +978,7 @@ static __init int init_msrpm_offsets(void) =20 memset(msrpm_offsets, 0xff, sizeof(msrpm_offsets)); =20 - for (i =3D 0; direct_access_msrs[i].index !=3D MSR_INVALID; i++) { + for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) { u32 offset; =20 offset =3D svm_msrpm_offset(direct_access_msrs[i].index); diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index e6f3c6a153a0..f1e466a10219 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -44,7 +44,7 @@ static inline struct page *__sme_pa_to_page(unsigned long= pa) #define IOPM_SIZE PAGE_SIZE * 3 #define MSRPM_SIZE PAGE_SIZE * 2 =20 -#define MAX_DIRECT_ACCESS_MSRS 48 +#define MAX_DIRECT_ACCESS_MSRS 47 #define MSRPM_OFFSETS 32 extern u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly; extern bool npt_enabled; --=20 2.49.0.1204.g71687c7c1d-goog From nobody Wed Feb 11 04:00:15 2026 Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8133625A340 for ; Thu, 29 May 2025 23:40:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562026; cv=none; b=rNzPXqQ5JyK1S2N4fcW5RX4mtaPphhY70RxlUss2VsZeJaunukdaEZ2w+34SGbPYS4YmzGMM7v2D5c4kL03xpRehnd2DnqdXX7l0hV23hNSyvaRlWwFqJkuSI2sHlu2JyeotUFZM30luRWgrPUEaDkjTPLNOomfUu/zzYZMGdUI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562026; c=relaxed/simple; bh=k7jNJZt/AtyTPL1+DIrj8UtvvKPsSZJUXY69DXeqraE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=YLuGsbjqXYsWshhkEW4uZ9LGwFX+0f6PBbmbuytd01isBevaMlWBZ9ehM7fdRht6uiFUv/XJ8C+eOLSnhXFfgbPNQ7rpfQmDUt9xO5pzOZm//zBDPolfujwUr4S/T/4fXDSS2Ad3lcaMwUMWTBBqN0xgGK54d+R9c/n/cb0Kq78= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=fxIsd4fI; arc=none smtp.client-ip=209.85.214.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="fxIsd4fI" Received: by mail-pl1-f201.google.com with SMTP id d9443c01a7336-234f1acc707so12864845ad.3 for ; Thu, 29 May 2025 16:40:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748562024; x=1749166824; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=WMfP54PH+sYYNtk0zM+/ioopKS2tbW7NgfbBWvLgye4=; b=fxIsd4fIvFldiAFTlCWf5Qdp26aLb4hHe+lEAI4wmB5JtICn7XcavQ/UPwi4PI1CY1 JDO0wgJO6MZzhKt/ej9MYYhshAp/x5izsjlc98aJwvxD7AdAVlbDYQTwENL37+kboFoN BI5HXKaaLck0bJ8dE0LFx3avywtby//kVLI8RykLrAkWmx80Ta2NQGQG3hsJfkTHsTIw fN6UFL7E0SKcTQYYHdixDL0nwpUBQjldPbRz4+RsPnXnnrw3hHNkea7zQQB8X2nLRODv TtlO+7+I+m3s+e181NniNVBRIN/LLti52DzglmJT4HAfPwGKMHwjeWnLCRPwYWxCz0tZ 8v3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748562024; x=1749166824; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=WMfP54PH+sYYNtk0zM+/ioopKS2tbW7NgfbBWvLgye4=; b=LeHLyvw++Thm82yyTJU8AyLb0UIFMPDLl4CdrCROL9/QaOIZVQMRhTjDeVp6g63Hhi 2Hkq/0fKLb7sa1k/0WLnlp4Q3tnfK/gf5BlkExeOwYyxyUayjY3mMO72YFRgClURsNJo Gsm1kpeWT7LG07DSyA0MA+TOwRLyP3KDaaAZ/+3UkmNjxjG1wW6SbnGZGtRZoSVBpvkG QJdKi08//aR2x2AwriR5ZFHI81FtE1fa8mVqPCotxTCyhx/w3ESJq7S2fs4k1lN5NbWH 50szvjKSfszCyCas57/tDBAW5NWNQFwpY8KLQkdF4DueIjiXl2lCS+csiBVn16TRFMal D/2w== X-Forwarded-Encrypted: i=1; AJvYcCWgCd8WAUS/CHUR3EdsAKRM+ZG+NsFK7uGuExV6p+5M4bNEn5SVjsm4LTx1rfAlSpcMBUKjLaL9eeF250U=@vger.kernel.org X-Gm-Message-State: AOJu0Yz67BdkLELkU/e53NZOOZ/p3K6mWdDIrMMMfno0D1UjJ15+/Oqr R1etIsJGXIJ3gnTNhmkNIIIe4CqL4vdJwSTfxkapIICqdpJd9rjnHGH8HSyBVtlY1O1IbGDhKqA 6eZs2dw== X-Google-Smtp-Source: AGHT+IFgYYDP/9VKzSLklTX8r9gsOueCtgPfXhvN33S9Y/cMn8S+nSOuO53xNOgK1nijujrnRdUCWQzDuDk= X-Received: from plbla14.prod.google.com ([2002:a17:902:fa0e:b0:234:4c97:1e84]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:902:d4c1:b0:234:8eeb:d82d with SMTP id d9443c01a7336-23528de8f60mr21131485ad.19.1748562023766; Thu, 29 May 2025 16:40:23 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 29 May 2025 16:39:49 -0700 In-Reply-To: <20250529234013.3826933-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250529234013.3826933-1-seanjc@google.com> X-Mailer: git-send-email 2.49.0.1204.g71687c7c1d-goog Message-ID: <20250529234013.3826933-5-seanjc@google.com> Subject: [PATCH 04/28] KVM: SVM: Kill the VM instead of the host if MSR interception is buggy From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Borislav Petkov , Xin Li , Chao Gao , Dapeng Mi Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" WARN and kill the VM instead of panicking the host if KVM attempts to set or query MSR interception for an unsupported MSR. Accessing the MSR interception bitmaps only meaningfully affects post-VMRUN behavior, and KVM_BUG_ON() is guaranteed to prevent the current vCPU from doing VMRUN, i.e. there is no need to panic the entire host. Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/svm.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 36a99b87a47f..d5d11cb0c987 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -827,7 +827,8 @@ static bool msr_write_intercepted(struct kvm_vcpu *vcpu= , u32 msr) bit_write =3D 2 * (msr & 0x0f) + 1; tmp =3D msrpm[offset]; =20 - BUG_ON(offset =3D=3D MSR_INVALID); + if (KVM_BUG_ON(offset =3D=3D MSR_INVALID, vcpu->kvm)) + return false; =20 return test_bit(bit_write, &tmp); } @@ -858,7 +859,8 @@ static void set_msr_interception_bitmap(struct kvm_vcpu= *vcpu, u32 *msrpm, bit_write =3D 2 * (msr & 0x0f) + 1; tmp =3D msrpm[offset]; =20 - BUG_ON(offset =3D=3D MSR_INVALID); + if (KVM_BUG_ON(offset =3D=3D MSR_INVALID, vcpu->kvm)) + return; =20 read ? clear_bit(bit_read, &tmp) : set_bit(bit_read, &tmp); write ? clear_bit(bit_write, &tmp) : set_bit(bit_write, &tmp); --=20 2.49.0.1204.g71687c7c1d-goog From nobody Wed Feb 11 04:00:15 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 342DE25C708 for ; Thu, 29 May 2025 23:40:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562027; cv=none; b=KfjA3fmth9NrI6ctrg50kqYgX/IgTieSHrMsyG7c5mKIyP1jUNxX4vUts6JDfmcY4Hjb1rA4YDeEOT38dpOUwMbyGTg49U54OXRDjErh1rRRA7hWuoZNVbf+eKAo5Wv2YuCRGA+UcqVUhiSxL/SEmj9OBkiqDOP9hwhl0E6xWWU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562027; c=relaxed/simple; bh=R9kmG10AvZPVWXlViRQh79Glnff5btnA7FS3RQ7ftyM=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=eOwnWEZgWjVGCTN1zdhszyerrcZp1jHinlp2IzAbo55Ls3sfm9Vsi2/JvP2KDbvmfj+C8o4aAdowHts+LK3WGCSk116gzxQUeIauoFetQyUhCiRrHm+/z8iJWVuDe+LPG2PuFNF2Lw6GlVLBIxfvsX9p5w3BRU01N3zqUr05JRk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Qrt1n8kB; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Qrt1n8kB" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-312436c2224so447805a91.0 for ; Thu, 29 May 2025 16:40:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748562025; x=1749166825; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=k8a4gJL7fJcV15lMkFBdSF9xzzqc6lN6bgj7noYkucY=; b=Qrt1n8kBBl/wivaOQ4RN22O4e3AIHQOHJEHKiYbYW7gw8wUxgrqsdoCtnboaO30Fly Z0QD643P4YQmaRhep8Di+DbRWmeWFJIZKDaMpeRB723aXHU2B8UakVPuoGi8RL5++UjH Xxsvf5NJNoYwdTvDBVTj/Vt074hANl6hxKLrCZ4taUCweWs9WXNGvQ4ZEnegp0anaKpD lKbaaNYIGhtwJPEAlooup9r4sfFEZ0G8R6GX+u2azGS0JVGy8+D8YQYjo++AL4IECO+Z dnTzxdHC7OD36Nw4Xo2zuf+UioS1yses/YZG4J6Z7ZbaK2XA661xrbuLKiRL54i5b6li i6JQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748562025; x=1749166825; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=k8a4gJL7fJcV15lMkFBdSF9xzzqc6lN6bgj7noYkucY=; b=HRwlYHw2LV9JVQCIBTDgN1SaVocB24gmmmg7a3XLBcnkeJu1207uMBl63iwfA9m98A I4QW5OezDZPRLaGa2jaD6YjCrEJIgJwjkXxtqNzieXwugSnbMabp0Bz1C9l5IG2aWH5Z +9jaflOizLEk6F+cSJzLPkjLMynopwHhNjIawrvJhcL1a2ndZuryfErUNZqvuntJk4b3 vrxQ8GoE7F9abW7XL9ASUrvDIl/IZE3hvlNrntUiGOAA+YFeoQji+VnULbpSvwWvKzyz +zohescopGMspWNKENkZTBQMsCUkSL30TZHxoxzHttyZ+94c//7lMioRgKGMTHtQgvsi 6zlQ== X-Forwarded-Encrypted: i=1; AJvYcCXLDBqy+cs2eltWBysn4D0P7/sEZqzdjgtsWD92JNgh7HjkxqeCAeTyzrd4VYqmAyKnsmj0bUeVTfMYETE=@vger.kernel.org X-Gm-Message-State: AOJu0Yz2VPyOWamLZGDtbByWpoMuF9jpGh6wl54qtvtVi7+GUmm5U40S uvHRaOi6JWXJH+3eA4dmxRBYW0bhBvBXRP6ti9Qvp7OjTUiA1H6Y4QWizF1wr0IM4LuU35s+EAK NU9QQAg== X-Google-Smtp-Source: AGHT+IFj6cpdwvMfiw9kPdC2HGBBg9A8aQ6NLpVwCunBULWlARIElrxcMVdLA9b7L/QecHTLXJCqJ/sf5QA= X-Received: from pjbsv6.prod.google.com ([2002:a17:90b:5386:b0:2fc:3022:36b8]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:1dc4:b0:311:afaa:5e25 with SMTP id 98e67ed59e1d1-31241865ecdmr2041979a91.24.1748562025571; Thu, 29 May 2025 16:40:25 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 29 May 2025 16:39:50 -0700 In-Reply-To: <20250529234013.3826933-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250529234013.3826933-1-seanjc@google.com> X-Mailer: git-send-email 2.49.0.1204.g71687c7c1d-goog Message-ID: <20250529234013.3826933-6-seanjc@google.com> Subject: [PATCH 05/28] KVM: x86: Use non-atomic bit ops to manipulate "shadow" MSR intercepts From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Borislav Petkov , Xin Li , Chao Gao , Dapeng Mi Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Manipulate the MSR bitmaps using non-atomic bit ops APIs (two underscores), as the bitmaps are per-vCPU and are only ever accessed while vcpu->mutex is held. Signed-off-by: Sean Christopherson Reviewed-by: Dapeng Mi --- arch/x86/kvm/svm/svm.c | 12 ++++++------ arch/x86/kvm/vmx/vmx.c | 8 ++++---- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index d5d11cb0c987..b55a60e79a73 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -789,14 +789,14 @@ static void set_shadow_msr_intercept(struct kvm_vcpu = *vcpu, u32 msr, int read, =20 /* Set the shadow bitmaps to the desired intercept states */ if (read) - set_bit(slot, svm->shadow_msr_intercept.read); + __set_bit(slot, svm->shadow_msr_intercept.read); else - clear_bit(slot, svm->shadow_msr_intercept.read); + __clear_bit(slot, svm->shadow_msr_intercept.read); =20 if (write) - set_bit(slot, svm->shadow_msr_intercept.write); + __set_bit(slot, svm->shadow_msr_intercept.write); else - clear_bit(slot, svm->shadow_msr_intercept.write); + __clear_bit(slot, svm->shadow_msr_intercept.write); } =20 static bool valid_msr_intercept(u32 index) @@ -862,8 +862,8 @@ static void set_msr_interception_bitmap(struct kvm_vcpu= *vcpu, u32 *msrpm, if (KVM_BUG_ON(offset =3D=3D MSR_INVALID, vcpu->kvm)) return; =20 - read ? clear_bit(bit_read, &tmp) : set_bit(bit_read, &tmp); - write ? clear_bit(bit_write, &tmp) : set_bit(bit_write, &tmp); + read ? __clear_bit(bit_read, &tmp) : __set_bit(bit_read, &tmp); + write ? __clear_bit(bit_write, &tmp) : __set_bit(bit_write, &tmp); =20 msrpm[offset] =3D tmp; =20 diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 9ff00ae9f05a..8f7fe04a1998 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -4029,9 +4029,9 @@ void vmx_disable_intercept_for_msr(struct kvm_vcpu *v= cpu, u32 msr, int type) idx =3D vmx_get_passthrough_msr_slot(msr); if (idx >=3D 0) { if (type & MSR_TYPE_R) - clear_bit(idx, vmx->shadow_msr_intercept.read); + __clear_bit(idx, vmx->shadow_msr_intercept.read); if (type & MSR_TYPE_W) - clear_bit(idx, vmx->shadow_msr_intercept.write); + __clear_bit(idx, vmx->shadow_msr_intercept.write); } =20 if ((type & MSR_TYPE_R) && @@ -4071,9 +4071,9 @@ void vmx_enable_intercept_for_msr(struct kvm_vcpu *vc= pu, u32 msr, int type) idx =3D vmx_get_passthrough_msr_slot(msr); if (idx >=3D 0) { if (type & MSR_TYPE_R) - set_bit(idx, vmx->shadow_msr_intercept.read); + __set_bit(idx, vmx->shadow_msr_intercept.read); if (type & MSR_TYPE_W) - set_bit(idx, vmx->shadow_msr_intercept.write); + __set_bit(idx, vmx->shadow_msr_intercept.write); } =20 if (type & MSR_TYPE_R) --=20 2.49.0.1204.g71687c7c1d-goog From nobody Wed Feb 11 04:00:15 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B5EC825CC57 for ; Thu, 29 May 2025 23:40:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562029; cv=none; b=Nt/6N8nt3XlfadHLlFJNNq/vOXqyyyU3aUZ9nOJSX2uFHobnt8SlFUUWXa9fWVatyt7yPeY+m1WT+TgU2XMg/Ph8Nb/6YE6Ewnp0LaZtHnNLnFB6ev4/bmWMH8XpwoYWNV8/aE4qX7Zc52LEgx/EKG8nse4e/lum350KHEjQnio= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562029; c=relaxed/simple; bh=+qYBmtWfUwDirUdRQAtfld3p05w+5yq6poVdVjXZPpQ=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=LD8jJABG2ejMzcAkE7nP/fWMVd59OMpu5QTS5mHPqjEw2XONLCojSk+T/rYncyW2YTOyaX21dxASaorDmWONYSg8APd3bio+WiY8XQpYZWQUpYjFG6E69orwINQFEXQRcPA51bIPU9rFgNg9UyFSWSKPaPgF/JqA7jW3/uK2y2g= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=m2Z8NOBk; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="m2Z8NOBk" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-31215238683so1189535a91.2 for ; Thu, 29 May 2025 16:40:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748562027; x=1749166827; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=+l3DllnxgLclFv27C4flOMaDND8WKfWHnpQV8Q7v+0Y=; b=m2Z8NOBkSoE4QZIZRRrR/ZUemRuKQLhgXPWD7pg06NOOJvXtkltuPnOPSce+e4W11j EAv1bc1Rko1UO1O5t4GzSa1Cv/1rp2EAQ8i/ZP2MrZ4BMnxuUdu/lSfzz/zHp5H3Vfjz 372IbsSa0eoQf4AZBh6w2dCBAhnaJaPPRWvfbFiDy6vPMQrkxn6QGXJasjmLj22N0XX9 eQEDmqLWoSQ4g5ohLOVYO87yx0QVio5v0onO/d5k2f8Mmxurr4lmPLRLcTNJgRmOyZvC R8ExGSWcS7+ewkPqsdi6eNNsrU4Lg7HPpWl2vfrdKRXhQhi71XpCg2IYlri/GdevksGQ iZlw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748562027; x=1749166827; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=+l3DllnxgLclFv27C4flOMaDND8WKfWHnpQV8Q7v+0Y=; b=quEeSkrBWNZUJ23pkk/xl/21Qr1CFrUSYzeXseh5u+XWzE7EqfGKwFcmu03MCcQ8Fg 9MCvty513Xkri6jR0TicfUwl0u7PRKvm1dchl1sG6LFQOtqxScQIszFcqDljJKD4yjBB uU5hGVrhDJP2Rx9ccPm6DOMsAixDpfym5/XxgnlZX8w39yvXidZS7OVhFpDLFdvHqkCS pxzWRb1NtVJmatb+bADTeZAHjzGfWdzeIOe4AVxgjvok9ObEfmEZ+pVP5rHa6TwEFvYo wmzaP1gFzZP9JT7yZAHKOQwp5a+N39cyzfHJO5z4sxmfwXZtsEVRF+WOdOu8+buX6EHp q3eg== X-Forwarded-Encrypted: i=1; AJvYcCXHMlpAw5Gvrec2T52Zl+WRFR7k8WDxN6EKr9BIxPdqxahWYRVZ3cx/rf+vEfEt/NnfY8ZjHL6aOOzkGvM=@vger.kernel.org X-Gm-Message-State: AOJu0Yxcf/bhx4MMCTjxsTKUz6YbjmvaLOfUgi1FJt1cSETPxHocw6fR W9FdssZQei9NMbxHqWQZ0fsV8U9p93ZxCI/t2+T/hWcYyAhodky+CfJfzhiR5z5/SjPF31o3gYM Dd4KT1A== X-Google-Smtp-Source: AGHT+IE8hRF9MNbz9si+cVnX3Cbcas1of5dIl9L4ynwiHwvAcsCN757reK5T37MulNWh2rqCZMWj6dnG4vI= X-Received: from pjbee14.prod.google.com ([2002:a17:90a:fc4e:b0:2e0:915d:d594]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:1c08:b0:311:baa0:89be with SMTP id 98e67ed59e1d1-31241e9c313mr1520350a91.34.1748562027004; Thu, 29 May 2025 16:40:27 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 29 May 2025 16:39:51 -0700 In-Reply-To: <20250529234013.3826933-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250529234013.3826933-1-seanjc@google.com> X-Mailer: git-send-email 2.49.0.1204.g71687c7c1d-goog Message-ID: <20250529234013.3826933-7-seanjc@google.com> Subject: [PATCH 06/28] KVM: SVM: Massage name and param of helper that merges vmcb01 and vmcb12 MSRPMs From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Borislav Petkov , Xin Li , Chao Gao , Dapeng Mi Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Renam nested_svm_vmrun_msrpm() to nested_svm_merge_msrpm() to better capture its role, and opportunistically feed it @vcpu instead of @svm, as grabbing "svm" only to turn around and grab svm->vcpu is rather silly. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/nested.c | 15 +++++++-------- arch/x86/kvm/svm/svm.c | 2 +- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 8427a48b8b7a..89a77f0f1cc8 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -189,8 +189,9 @@ void recalc_intercepts(struct vcpu_svm *svm) * is optimized in that it only merges the parts where KVM MSR permission = bitmap * may contain zero bits. */ -static bool nested_svm_vmrun_msrpm(struct vcpu_svm *svm) +static bool nested_svm_merge_msrpm(struct kvm_vcpu *vcpu) { + struct vcpu_svm *svm =3D to_svm(vcpu); int i; =20 /* @@ -205,7 +206,7 @@ static bool nested_svm_vmrun_msrpm(struct vcpu_svm *svm) if (!svm->nested.force_msr_bitmap_recalc) { struct hv_vmcb_enlightenments *hve =3D &svm->nested.ctl.hv_enlightenment= s; =20 - if (kvm_hv_hypercall_enabled(&svm->vcpu) && + if (kvm_hv_hypercall_enabled(vcpu) && hve->hv_enlightenments_control.msr_bitmap && (svm->nested.ctl.clean & BIT(HV_VMCB_NESTED_ENLIGHTENMENTS))) goto set_msrpm_base_pa; @@ -230,7 +231,7 @@ static bool nested_svm_vmrun_msrpm(struct vcpu_svm *svm) =20 offset =3D svm->nested.ctl.msrpm_base_pa + (p * 4); =20 - if (kvm_vcpu_read_guest(&svm->vcpu, offset, &value, 4)) + if (kvm_vcpu_read_guest(vcpu, offset, &value, 4)) return false; =20 svm->nested.msrpm[p] =3D svm->msrpm[p] | value; @@ -937,7 +938,7 @@ int nested_svm_vmrun(struct kvm_vcpu *vcpu) if (enter_svm_guest_mode(vcpu, vmcb12_gpa, vmcb12, true)) goto out_exit_err; =20 - if (nested_svm_vmrun_msrpm(svm)) + if (nested_svm_merge_msrpm(vcpu)) goto out; =20 out_exit_err: @@ -1819,13 +1820,11 @@ static int svm_set_nested_state(struct kvm_vcpu *vc= pu, =20 static bool svm_get_nested_state_pages(struct kvm_vcpu *vcpu) { - struct vcpu_svm *svm =3D to_svm(vcpu); - if (WARN_ON(!is_guest_mode(vcpu))) return true; =20 if (!vcpu->arch.pdptrs_from_userspace && - !nested_npt_enabled(svm) && is_pae_paging(vcpu)) + !nested_npt_enabled(to_svm(vcpu)) && is_pae_paging(vcpu)) /* * Reload the guest's PDPTRs since after a migration * the guest CR3 might be restored prior to setting the nested @@ -1834,7 +1833,7 @@ static bool svm_get_nested_state_pages(struct kvm_vcp= u *vcpu) if (CC(!load_pdptrs(vcpu, vcpu->arch.cr3))) return false; =20 - if (!nested_svm_vmrun_msrpm(svm)) { + if (!nested_svm_merge_msrpm(vcpu)) { vcpu->run->exit_reason =3D KVM_EXIT_INTERNAL_ERROR; vcpu->run->internal.suberror =3D KVM_INTERNAL_ERROR_EMULATION; diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index b55a60e79a73..2085259644b6 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -3134,7 +3134,7 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct = msr_data *msr) * * For nested: * The handling of the MSR bitmap for L2 guests is done in - * nested_svm_vmrun_msrpm. + * nested_svm_merge_msrpm(). * We update the L1 MSR bit as well since it will end up * touching the MSR anyway now. */ --=20 2.49.0.1204.g71687c7c1d-goog From nobody Wed Feb 11 04:00:15 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 02ADE25D1F7 for ; Thu, 29 May 2025 23:40:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562030; cv=none; b=Wsn3AnkU+KJoudgD/Fkox1OQV4Au1SObmWOocGnjh7SIIIUIR0yN5w8xhsfuiJAXqOM50rn646uJ7wQgNJ9BEA9/YosEekhB/RW6M5aL2mEZeE02fyr3foooXRi4Wqi0z7QmHrV4w58U+6aM90GCSfDHxtc6rBnQsRwcLCKcDqs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562030; c=relaxed/simple; bh=FcU6zezhDWsB4bYilzt+T+RoNMzHFPiB4olAYBJ5o5E=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=ACioYKiXaKjhZxZj67ioDfTh+l2GRQC2rA/t0GHywhTItmQ8l6moAihNpTPAL9zwsUozC6BAoQqvZHNJK8e1rNXEJC8B5voYyzh9Vse1LlZIj+WwlR4JYrgreUiFBpYaxEaZ9jmHy3Z8T2NQll0CA/U2XvUaylQlSW3+oJBUqBQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=il77Mx0x; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="il77Mx0x" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-3121cffd7e8so1124406a91.0 for ; Thu, 29 May 2025 16:40:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748562028; x=1749166828; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=ZJVBhij4nqSGUMDZ+MUMEs9XKTobhDecpAV03Z2OeR8=; b=il77Mx0xHLVD/ShpwhPcoT77qAFikaB16drNn0ar47OGY7BT+jtfXVbU4l32kMi1po TmnAMjLqZwiIdkDPmxZUEWALPAkc2sCqh1q58g2pGQ0FMVI9M+w6QPJWaDqGh3GKa8Rz WfjmBcK62hcmbVGSqvssAL5xGm2vCztt0fb8uCXu7eO6Bw10Kp1oT/fFpnA+odRy2m2x PYrw8w6chszVyIiRlXRaajvVhFdLK4S4PV8A1iauGyMhIsG6wQA30/rpntvo0JsAI/Tx cZZzizdKALbqCj6LISgD3cQGq23Xjaktgg0UcXNQCSMVBoQguYOIJlBy81S9ntRFelFh 3zuQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748562028; x=1749166828; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ZJVBhij4nqSGUMDZ+MUMEs9XKTobhDecpAV03Z2OeR8=; b=g9ACswNpamkmbj2IycQFlxCKUDE4ztuC6wI9+tQ33XFy0lOFC+VMkgvCS/Pp4sZffU EwjW3LrtKi5YQKz39M8xXezKBvT/SUh4Z1hg47dm0ZZ6PIDFwG85xnxZCPS5jh5MDGCe 1GM/ew+1cIf4EW0r7AQkOJjoG4tkzhUviVWeRSB62NPzLUC8fqXLM1vt0QN/QRXaN9sx XUFwxHQdb+yQYXMNWCx1TVrTS+rXIgMucQNJ5yNodvDVrjZD1arkHRV2qFbBMumBRaqK hGV2zhKvj6BxzISOihHH6UvpjuXCv5y1/IvNw8FZxsJm4KLj6tiL9jLsuZq7T+yrkE42 L+gw== X-Forwarded-Encrypted: i=1; AJvYcCVmsr7B3VRtPgBGaG1eFd1Ue8vP1/lQum59qMO9KxA4pR2Wl6VogvrzMMeqpyFc9RuKJ3jSs6I1NJT7Rfw=@vger.kernel.org X-Gm-Message-State: AOJu0YzZOPOlZYYMNynfk2ve6vjOK7oecC8dzevXn75fy+w1lUCQtxqC L9r7GMMbq5NezDGtAJKTaDs3cDiarZt4uxt33mit39GrFRau1dibkoC6PA2NRxxADj03WMHMMrD b3NTmrg== X-Google-Smtp-Source: AGHT+IE9c4b7JE+2PcDfKfSpRgvjcYbRntt3fGnPxkVYR6N79d2o7XuqET/clBBK6IBD4TrdAYyLsiphQsg= X-Received: from pjbsw15.prod.google.com ([2002:a17:90b:2c8f:b0:2fc:c98:ea47]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:2cc6:b0:311:be51:bde8 with SMTP id 98e67ed59e1d1-3124173be09mr1833578a91.20.1748562028593; Thu, 29 May 2025 16:40:28 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 29 May 2025 16:39:52 -0700 In-Reply-To: <20250529234013.3826933-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250529234013.3826933-1-seanjc@google.com> X-Mailer: git-send-email 2.49.0.1204.g71687c7c1d-goog Message-ID: <20250529234013.3826933-8-seanjc@google.com> Subject: [PATCH 07/28] KVM: SVM: Clean up macros related to architectural MSRPM definitions From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Borislav Petkov , Xin Li , Chao Gao , Dapeng Mi Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Move SVM's MSR Permissions Map macros to svm.h in antipication of adding helpers that are available to SVM code, and opportunistically replace a variety of open-coded literals with (hopefully) informative macros. Opportunistically open code ARRAY_SIZE(msrpm_ranges) instead of wrapping it as NUM_MSR_MAPS, which is an ambiguous name even if it were qualified with "SVM_MSRPM". No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/svm.c | 18 +++++++++--------- arch/x86/kvm/svm/svm.h | 17 ++++++++++++++++- 2 files changed, 25 insertions(+), 10 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 2085259644b6..1c70293400bc 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -266,24 +266,24 @@ static DEFINE_MUTEX(vmcb_dump_mutex); */ static int tsc_aux_uret_slot __read_mostly =3D -1; =20 -static const u32 msrpm_ranges[] =3D {0, 0xc0000000, 0xc0010000}; - -#define NUM_MSR_MAPS ARRAY_SIZE(msrpm_ranges) -#define MSRS_RANGE_SIZE 2048 -#define MSRS_IN_RANGE (MSRS_RANGE_SIZE * 8 / 2) +static const u32 msrpm_ranges[] =3D { + SVM_MSRPM_RANGE_0_BASE_MSR, + SVM_MSRPM_RANGE_1_BASE_MSR, + SVM_MSRPM_RANGE_2_BASE_MSR +}; =20 u32 svm_msrpm_offset(u32 msr) { u32 offset; int i; =20 - for (i =3D 0; i < NUM_MSR_MAPS; i++) { + for (i =3D 0; i < ARRAY_SIZE(msrpm_ranges); i++) { if (msr < msrpm_ranges[i] || - msr >=3D msrpm_ranges[i] + MSRS_IN_RANGE) + msr >=3D msrpm_ranges[i] + SVM_MSRS_PER_RANGE) continue; =20 - offset =3D (msr - msrpm_ranges[i]) / 4; /* 4 msrs per u8 */ - offset +=3D (i * MSRS_RANGE_SIZE); /* add range offset */ + offset =3D (msr - msrpm_ranges[i]) / SVM_MSRS_PER_BYTE; + offset +=3D (i * SVM_MSRPM_BYTES_PER_RANGE); /* add range offset */ =20 /* Now we have the u8 offset - but need the u32 offset */ return offset / 4; diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index f1e466a10219..909b9af6b3c1 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -613,11 +613,26 @@ static inline void svm_vmgexit_no_action(struct vcpu_= svm *svm, u64 data) svm_vmgexit_set_return_code(svm, GHCB_HV_RESP_NO_ACTION, data); } =20 -/* svm.c */ +/* + * The MSRPM is 8KiB in size, divided into four 2KiB ranges (the fourth ra= nge + * is reserved). Each MSR within a range is covered by two bits, one each= for + * read (bit 0) and write (bit 1), where a bit value of '1' means intercep= ted. + */ +#define SVM_MSRPM_BYTES_PER_RANGE 2048 +#define SVM_BITS_PER_MSR 2 +#define SVM_MSRS_PER_BYTE (BITS_PER_BYTE / SVM_BITS_PER_MSR) +#define SVM_MSRS_PER_RANGE (SVM_MSRPM_BYTES_PER_RANGE * SVM_MSRS_PER_BYTE) +static_assert(SVM_MSRS_PER_RANGE =3D=3D 8192); + +#define SVM_MSRPM_RANGE_0_BASE_MSR 0 +#define SVM_MSRPM_RANGE_1_BASE_MSR 0xc0000000 +#define SVM_MSRPM_RANGE_2_BASE_MSR 0xc0010000 + #define MSR_INVALID 0xffffffffU =20 #define DEBUGCTL_RESERVED_BITS (~DEBUGCTLMSR_LBR) =20 +/* svm.c */ extern bool dump_invalid_vmcb; =20 u32 svm_msrpm_offset(u32 msr); --=20 2.49.0.1204.g71687c7c1d-goog From nobody Wed Feb 11 04:00:15 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ABCFF25D558 for ; Thu, 29 May 2025 23:40:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562032; cv=none; b=SEySDHGsuGnjxjp+1moY109S2bsIoGpe31UBTNur6d5vnN/kRaIpFWspRXkpWASoT06XpzdARMa4n9HHxdiLyImgUGkx+bP4mV7OTLOacHawcil/sL0wPWd7sDMwM8AGVVictIJjirLefsoYaj4khe/sk3Mbdc8POvJOjuF/r8g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562032; c=relaxed/simple; bh=CZQUzcUodrOJcCl34tZfdycjNX0vOg9GOFdxG/R2Lu4=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=soEjw4KHONTShnLY657+8sGyhHSF2tm/EuGLu8bJincK+hQ5XjsjvoVMfg3rmckzxP9TdBOIZLOU/0bqvY/bHMNSfwYJeKeuQTEeWyMNmS6Lm733bBtxPzoejPS3k2keH+inoFwFmSjY44qdSREp15nz6edqf/guVzR8K6Mab8I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=gB3vfWW9; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="gB3vfWW9" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-311cc665661so1328585a91.2 for ; Thu, 29 May 2025 16:40:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748562030; x=1749166830; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=roVsqny12kLSO8K5pNSxGFwPWa1vbDEGw9mZJH1mvBE=; b=gB3vfWW9TC6987lZYmG6RA6ANeUL4tmCjMSUXZulTIhuEA8eVGC25j1k6wULVu5hcW txu64QUIG3XMIjJ36P5WJSvKN6BFz0yGh7rSVJGLsknJzs3i3Ib0ulII8qiuVb+LT5IS bMN1XGR9E1E/zJCcv2A6fq8sqdapScJuzXfH6ykavHIhAHubNe06YeEt8/ITmP+6bpZg dMThaxcWuwYjFF+1oZBW00THmC35x/UuftwgPrGZpB7N8UYhrQwI9oxHVVfUMpS3gmIx E1gAZvTS4aPBtRgfaFcDWydteBgTjayugksHb16jdkwZlrlnxVc+wkNreg7v5yJVs+1w nXcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748562030; x=1749166830; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=roVsqny12kLSO8K5pNSxGFwPWa1vbDEGw9mZJH1mvBE=; b=WnFIXQwCMzi/ruGoi1YVb+hDdlXpAn1cv5GJR9FiLJo9iyhyGlXxDT0p7UJzTnz0DX dTB+WbgSXv4H/7JF8wNaMujx0FKf1dIP6jBkNJ2lqxCpFDS0EgnIBJPqUSqaNoh9Pp2j Y5FP10bAkeSrgHdR9pTR09l94vBceBAbrItwKx01cSv6XXjOUaPSzMiwd455I4n6vJS4 m5ewCdHQLpB7c6bGPhp9rmMdaoC+6zWqFiaZmSEsX8FminQmCip4Nav9WUXAbzH/K19+ rzXt9ZR3hQD52flUdjpN7N3x+msYpftwbf7JnACIm5TNezHGIUYMwZ+eDkMXptSUZ20S 7aiQ== X-Forwarded-Encrypted: i=1; AJvYcCUjn0zHx3xOdut2M0FTaMdTN2+FYOUW0b8+r+EtshNstVz05hCN8cuOFxjs3h13EoJZg5QQvpWHrFk/TPk=@vger.kernel.org X-Gm-Message-State: AOJu0YyLzCEktpMILeRUV7b4Ghrtn4jSn4da/ILcaFoRH9Alh6zgGGbE lX2QLp0jkKdVpwBceouRZqQsuKl6i4hxi6i65rQj6OreQrI8hsxHbDsyIlqF508Vyq3rGBHonn8 1qdkP0A== X-Google-Smtp-Source: AGHT+IHw0Q1cB0c2rxsbdffWQZxibrTpjac52FFvxOlEejicYYcYrgWG25Kr2IKDVURCZYJCIQnozj9yj04= X-Received: from pjbnw2.prod.google.com ([2002:a17:90b:2542:b0:2f9:dc36:b11]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90a:e7cc:b0:311:a314:c2dc with SMTP id 98e67ed59e1d1-31241637a87mr2114979a91.14.1748562030009; Thu, 29 May 2025 16:40:30 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 29 May 2025 16:39:53 -0700 In-Reply-To: <20250529234013.3826933-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250529234013.3826933-1-seanjc@google.com> X-Mailer: git-send-email 2.49.0.1204.g71687c7c1d-goog Message-ID: <20250529234013.3826933-9-seanjc@google.com> Subject: [PATCH 08/28] KVM: nSVM: Use dedicated array of MSRPM offsets to merge L0 and L1 bitmaps From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Borislav Petkov , Xin Li , Chao Gao , Dapeng Mi Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Use a dedicated array of MSRPM offsets to merge L0 and L1 bitmaps, i.e. to merge KVM's vmcb01 bitmap with L1's vmcb12 bitmap. This will eventually allow for the removal of direct_access_msrs, as the only path where tracking the offsets is truly justified is the merge for nested SVM, where merging in chunks is an easy way to batch uaccess reads/writes. Opportunistically omit the x2APIC MSRs from the merge-specific array instead of filtering them out at runtime. Note, disabling interception of XSS, EFER, PAT, GHCB, and TSC_AUX is mutually exclusive with nested virtualization, as KVM passes through the MSRs only for SEV-ES guests, and KVM doesn't support nested virtualization for SEV+ guests. Defer removing those MSRs to a future cleanup in order to make this refactoring as benign as possible. Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/nested.c | 72 +++++++++++++++++++++++++++++++++------ arch/x86/kvm/svm/svm.c | 4 +++ arch/x86/kvm/svm/svm.h | 2 ++ 3 files changed, 67 insertions(+), 11 deletions(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 89a77f0f1cc8..e53020939e60 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -184,6 +184,64 @@ void recalc_intercepts(struct vcpu_svm *svm) } } =20 +static int nested_svm_msrpm_merge_offsets[9] __ro_after_init; +static int nested_svm_nr_msrpm_merge_offsets __ro_after_init; + +int __init nested_svm_init_msrpm_merge_offsets(void) +{ + const u32 merge_msrs[] =3D { + MSR_STAR, + MSR_IA32_SYSENTER_CS, + MSR_IA32_SYSENTER_EIP, + MSR_IA32_SYSENTER_ESP, + #ifdef CONFIG_X86_64 + MSR_GS_BASE, + MSR_FS_BASE, + MSR_KERNEL_GS_BASE, + MSR_LSTAR, + MSR_CSTAR, + MSR_SYSCALL_MASK, + #endif + MSR_IA32_SPEC_CTRL, + MSR_IA32_PRED_CMD, + MSR_IA32_FLUSH_CMD, + MSR_IA32_LASTBRANCHFROMIP, + MSR_IA32_LASTBRANCHTOIP, + MSR_IA32_LASTINTFROMIP, + MSR_IA32_LASTINTTOIP, + + MSR_IA32_XSS, + MSR_EFER, + MSR_IA32_CR_PAT, + MSR_AMD64_SEV_ES_GHCB, + MSR_TSC_AUX, + }; + int i, j; + + for (i =3D 0; i < ARRAY_SIZE(merge_msrs); i++) { + u32 offset =3D svm_msrpm_offset(merge_msrs[i]); + + if (WARN_ON(offset =3D=3D MSR_INVALID)) + return -EIO; + + for (j =3D 0; j < nested_svm_nr_msrpm_merge_offsets; j++) { + if (nested_svm_msrpm_merge_offsets[j] =3D=3D offset) + break; + } + + if (j < nested_svm_nr_msrpm_merge_offsets) + continue; + + if (WARN_ON(j >=3D ARRAY_SIZE(nested_svm_msrpm_merge_offsets))) + return -EIO; + + nested_svm_msrpm_merge_offsets[j] =3D offset; + nested_svm_nr_msrpm_merge_offsets++; + } + + return 0; +} + /* * Merge L0's (KVM) and L1's (Nested VMCB) MSR permission bitmaps. The fun= ction * is optimized in that it only merges the parts where KVM MSR permission = bitmap @@ -216,19 +274,11 @@ static bool nested_svm_merge_msrpm(struct kvm_vcpu *v= cpu) if (!(vmcb12_is_intercept(&svm->nested.ctl, INTERCEPT_MSR_PROT))) return true; =20 - for (i =3D 0; i < MSRPM_OFFSETS; i++) { - u32 value, p; + for (i =3D 0; i < nested_svm_nr_msrpm_merge_offsets; i++) { + const int p =3D nested_svm_msrpm_merge_offsets[i]; + u32 value; u64 offset; =20 - if (msrpm_offsets[i] =3D=3D 0xffffffff) - break; - - p =3D msrpm_offsets[i]; - - /* x2apic msrs are intercepted always for the nested guest */ - if (is_x2apic_msrpm_offset(p)) - continue; - offset =3D svm->nested.ctl.msrpm_base_pa + (p * 4); =20 if (kvm_vcpu_read_guest(vcpu, offset, &value, 4)) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 1c70293400bc..84dd1f220986 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -5689,6 +5689,10 @@ static int __init svm_init(void) if (!kvm_is_svm_supported()) return -EOPNOTSUPP; =20 + r =3D nested_svm_init_msrpm_merge_offsets(); + if (r) + return r; + r =3D kvm_x86_vendor_init(&svm_init_ops); if (r) return r; diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 909b9af6b3c1..0a8041d70994 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -686,6 +686,8 @@ static inline bool nested_exit_on_nmi(struct vcpu_svm *= svm) return vmcb12_is_intercept(&svm->nested.ctl, INTERCEPT_NMI); } =20 +int __init nested_svm_init_msrpm_merge_offsets(void); + int enter_svm_guest_mode(struct kvm_vcpu *vcpu, u64 vmcb_gpa, struct vmcb *vmcb12, bool from_vmrun); void svm_leave_nested(struct kvm_vcpu *vcpu); --=20 2.49.0.1204.g71687c7c1d-goog From nobody Wed Feb 11 04:00:15 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 354EA25DAFF for ; Thu, 29 May 2025 23:40:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562033; cv=none; b=r4t6u8FXTxg65+b+688VApEQYDiWyWnZqTbIAQtSC90tb6bHeBcqIw1oAtqMwbb+IdJiK1xyrjpUW84iDoHQ0sCjEhnj4h/1vKmMaWl0rmfPwRgHKpVaPAG7h19TgiKkscXnQt9Fso+I8iLWjoL2nVBzH7NNsa1TMasV5iBloaM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562033; c=relaxed/simple; bh=w9qcOUDxn2o93ZPOZkLqGaThFl9+MbTm+hKWzsw1Eq4=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Hux5vO3QBiuIkPax7YRuoydDY6hLkD3E/yHN6SMcAs7dAnHh5sK/WtBwjiLwOguR9fTIUxyMXAE90nHg3xHOHf9X2zHTf+imf0t19trQI5d2vkeZILxSLDJRQbng5L/f72laZX9z/22WzE+sQyd5EkS0+Ds6IwzM9tvdGgWr3Ms= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Yv4LIl8E; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Yv4LIl8E" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-310a0668968so1332587a91.0 for ; Thu, 29 May 2025 16:40:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748562032; x=1749166832; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=Fiko08bOlN0blrG6cYr3wwhV1uIlBmvi7ORMBzT1TNE=; b=Yv4LIl8Esi5lV7uJnrbmI9hRjCQdVekTVzbYa8w66x9ZVWRhgj33X11d0VDJoA0K3x S68TbhxZ5OVmsQDFeBfaEhXP+6gnX8ysC2oYf5iNmyTZ8KrcCY+ufcbH0Box74jawBvp REq8oKtXwfFEnu36QhUHWsOmZmGIYPJB5pIYHecJXV/FXPQS7iHwXmRh/m9WZ9uUGDyZ zJ1I98pynapt9hfZgF3HR/pnIIyskWdq0mhjO3dTOnqD1fI1pGtiRdq4j+MG3Uk9fF/q ErMYCEw/v7rXXJGilIQUO2RImbYuL8P69F5/YsH2GAxnG3rUnuW6Tc3811wIuEMuN3q/ c56w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748562032; x=1749166832; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Fiko08bOlN0blrG6cYr3wwhV1uIlBmvi7ORMBzT1TNE=; b=v5BLawV9qeeOobtWt+jPHeYXQBW8Nysr/H81moNAJRTBmhRUtxQ5lZsDq1gyttPs6B CjuOD1SFEXgwFIHssbaNWSWzZbF0jmNGk2VXiDDVrlQBBp4+4lgbcnriFKw6CbfTq0Z+ vqp4dQ333nsZiumKlntDEsAvX68dJet/OfeVLEOD5vuMM740ZY4wByI1pGm7diP2C8wR l6rcYU4bO1ep6UyMtcznf3Uw6OhHntUciXLRpjdNRaDOV0WAV8nlmoAnAAdtEDbZ4QHa b4ntXzPpOX6a8HXGJuxpE009n6WqqwEeKYfiFq7YIyanvIr7qrXJoU/JM6EkWszDEekZ TCvQ== X-Forwarded-Encrypted: i=1; AJvYcCWx4K2hJf7PvDDP1FhjT0hSLFKsAAPl9nqtzLM+EFoHlwrRsXVYGFnmsN9qvwXQdCbYx2+Z38yTt3gnD4s=@vger.kernel.org X-Gm-Message-State: AOJu0YwiMk4B3Xu0EC7/1uQOpC7KB2u2HEULf2zB9njD5/PBpLiG1eF5 pTGKECTSljhG76QKoalIh6LY5BzAv3gO+GR5urnWQ++0XMX6ELMT0Ndgjd1w/XUyp/cYq9h/aqS Y2GjBpQ== X-Google-Smtp-Source: AGHT+IHv/UAQWGvMZg18IQGBREHAo4oLtmBMn3/lYMeAJT0+j2xg4O6aGjuI4OGKjSokpDwr/hXAwRIvxjY= X-Received: from pjbsg13.prod.google.com ([2002:a17:90b:520d:b0:2fe:800f:23a]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:1c01:b0:311:be51:bdf8 with SMTP id 98e67ed59e1d1-3124100c9eamr1909211a91.3.1748562031789; Thu, 29 May 2025 16:40:31 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 29 May 2025 16:39:54 -0700 In-Reply-To: <20250529234013.3826933-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250529234013.3826933-1-seanjc@google.com> X-Mailer: git-send-email 2.49.0.1204.g71687c7c1d-goog Message-ID: <20250529234013.3826933-10-seanjc@google.com> Subject: [PATCH 09/28] KVM: nSVM: Omit SEV-ES specific passthrough MSRs from L0+L1 bitmap merge From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Borislav Petkov , Xin Li , Chao Gao , Dapeng Mi Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Don't merge bitmaps on nested VMRUN for MSRs that KVM passes through only for SEV-ES guests. KVM doesn't support nested virtualization for SEV-ES, and likely never will. Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/nested.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index e53020939e60..e4a079ea4b27 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -184,7 +184,7 @@ void recalc_intercepts(struct vcpu_svm *svm) } } =20 -static int nested_svm_msrpm_merge_offsets[9] __ro_after_init; +static int nested_svm_msrpm_merge_offsets[6] __ro_after_init; static int nested_svm_nr_msrpm_merge_offsets __ro_after_init; =20 int __init nested_svm_init_msrpm_merge_offsets(void) @@ -209,12 +209,6 @@ int __init nested_svm_init_msrpm_merge_offsets(void) MSR_IA32_LASTBRANCHTOIP, MSR_IA32_LASTINTFROMIP, MSR_IA32_LASTINTTOIP, - - MSR_IA32_XSS, - MSR_EFER, - MSR_IA32_CR_PAT, - MSR_AMD64_SEV_ES_GHCB, - MSR_TSC_AUX, }; int i, j; =20 --=20 2.49.0.1204.g71687c7c1d-goog From nobody Wed Feb 11 04:00:15 2026 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CFD9325E803 for ; Thu, 29 May 2025 23:40:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562035; cv=none; b=WlJyu+RdnW2dmk5vLsKAxg3tz7jM0CLmEmYNropD7mZHNGBCqMA7rLj5XJHpGvpd7GgERIZPyRnmbiGlvQWxN0jwAs+6G16aeFa1Y7vy//AB3+C09TAiQrK3A+k1kdpZ7BZ2aQYxH5X72C8pKkS7Sju76FeW5Iz5OdIVY6nfdSY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562035; c=relaxed/simple; bh=BWfL4tsu0Ue0bwKAhcS2JArWqbNe3po1NVgATc5DF6A=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=diIrV7BIQ3lI0itjky9Iq/7Wfd6DtvPz5fZw7PcE8nbhEFUgUtdVsbLy0nOvu/V16e/BHTDE8JLRElQ/8v4uZVZtBXPjW4JHcMxTOK6amzGOJ9DZx6h5zWyBwaJeKkPqkLmZx5bZhxJkRvNlpda/bp3ENWPJSLWCgvtiLBg5SgE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=gy9o9MlP; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="gy9o9MlP" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-2323bd7f873so15306115ad.1 for ; Thu, 29 May 2025 16:40:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748562033; x=1749166833; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=YmWF5C6j3CuE2Z2v8U23p4Q7VC6VQiNVx49P6Fm7FXQ=; b=gy9o9MlPmittny4p6xPpPG2ZzJbEeRCGDLsSkdOXznnB8hzj8pXEbxem5s1sb2cA4q JUqdb+ndu5aI+7djJU1Os4CMH+FO8vYg+wOPyN3oHgWR0qksC7QxxGaE3FCX0JPsqXda W5nj24ZzKCfN2lYzMZPW53af3nTLrYvmvjbut9d1jabT4WkU2ALNCKGBECjRXRURLSz3 SpMjR5/VgxPpY+izXddVm0WO44fmyohrfnsihM6/eKGGvsLoraQWe2uO4sjNOfxaR0h9 cnfu+bIIjT+lKlZFXTZJo1+hCg3OPEycEssSMXa4WwvRP5lnNb0ivAAY7VOPO2g6ToOQ Kh8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748562033; x=1749166833; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=YmWF5C6j3CuE2Z2v8U23p4Q7VC6VQiNVx49P6Fm7FXQ=; b=cgNHHI/at/X0LUjblf4oiKcoS/daimulcS7vO/F5BctY4OpRAiRStkEu1Ptkr0tfpn ScXFzA0Ce4HL14ks5AjhfqkI077lIUf/9CBiH7iCG1mqiCHZs9q3Cug1XuL4u/osvNmi k5+3qRCEpnwAbbAPlAxV+5V5zjZIfupmTVn3uUDg3T4oqZDCB11IsQfn+jv3x8TfncXP XBGxdZnevBkVJ25jU3jqmXgxrBgMxrhwh/xhoPTz1ohlBFqgO5ojgCc89ljw4+taSym4 xaEokwgW4nMY3l2fJdw3W1F4ibq7dHGn+wQ1oaVObsJqiTbmZ1IsFOXom/Q5Vw9YY4DO ZDeA== X-Forwarded-Encrypted: i=1; AJvYcCVwN+9VR5hEKUfj0pnDcpuoJAMPDOd20l1D/ajGN/O2rm8RgAQ1hgzrNqrit0jN5SI+B4/bB2r7ElM86wE=@vger.kernel.org X-Gm-Message-State: AOJu0YzcxbJRZxbm2BPRiHh3Kf9AQlT259UwuP7ApzVVbqlTPOL+jqno 2fgYdXyzwk/NeXB5oy8jifAR7FLQtBh2ftkHvvsv2VGAAeefogqKA7TECPGhbxNZtgOwlNZfs5f qqzvfTA== X-Google-Smtp-Source: AGHT+IHyqXC/zsW+WKpmiYGX/mbfd8mZzWFpVVHt6P3gRVbvWbZ6b+oe1WcgOSzZ5m8tYyf03unfVSEKCcY= X-Received: from pgbdm14.prod.google.com ([2002:a05:6a02:d8e:b0:b2c:4f8e:b169]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:902:f78e:b0:234:c8f6:1b03 with SMTP id d9443c01a7336-23529b45c61mr19508525ad.47.1748562033405; Thu, 29 May 2025 16:40:33 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 29 May 2025 16:39:55 -0700 In-Reply-To: <20250529234013.3826933-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250529234013.3826933-1-seanjc@google.com> X-Mailer: git-send-email 2.49.0.1204.g71687c7c1d-goog Message-ID: <20250529234013.3826933-11-seanjc@google.com> Subject: [PATCH 10/28] KVM: nSVM: Don't initialize vmcb02 MSRPM with vmcb01's "always passthrough" From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Borislav Petkov , Xin Li , Chao Gao , Dapeng Mi Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Don't initialize vmcb02's MSRPM with KVM's set of "always passthrough" MSRs, as KVM always needs to consult L1's intercepts, i.e. needs to merge vmcb01 with vmcb12 and write the result to vmcb02. This will eventually allow for the removal of svm_vcpu_init_msrpm(). Note, the bitmaps are truly initialized by svm_vcpu_alloc_msrpm() (default to intercepting all MSRs), e.g. if there is a bug lurking elsewhere, the worst case scenario from dropping the call to svm_vcpu_init_msrpm() should be that KVM would fail to passthrough MSRs to L2. Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/nested.c | 1 - arch/x86/kvm/svm/svm.c | 5 +++-- arch/x86/kvm/svm/svm.h | 1 - 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index e4a079ea4b27..0026d2adb809 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -1275,7 +1275,6 @@ int svm_allocate_nested(struct vcpu_svm *svm) svm->nested.msrpm =3D svm_vcpu_alloc_msrpm(); if (!svm->nested.msrpm) goto err_free_vmcb02; - svm_vcpu_init_msrpm(&svm->vcpu, svm->nested.msrpm); =20 svm->nested.initialized =3D true; return 0; diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 84dd1f220986..d97711bdbfc9 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -893,8 +893,9 @@ u32 *svm_vcpu_alloc_msrpm(void) return msrpm; } =20 -void svm_vcpu_init_msrpm(struct kvm_vcpu *vcpu, u32 *msrpm) +static void svm_vcpu_init_msrpm(struct kvm_vcpu *vcpu) { + u32 *msrpm =3D to_svm(vcpu)->msrpm; int i; =20 for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) { @@ -1403,7 +1404,7 @@ static void __svm_vcpu_reset(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm =3D to_svm(vcpu); =20 - svm_vcpu_init_msrpm(vcpu, svm->msrpm); + svm_vcpu_init_msrpm(vcpu); =20 svm_init_osvw(vcpu); =20 diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 0a8041d70994..47a36a9a7fe5 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -637,7 +637,6 @@ extern bool dump_invalid_vmcb; =20 u32 svm_msrpm_offset(u32 msr); u32 *svm_vcpu_alloc_msrpm(void); -void svm_vcpu_init_msrpm(struct kvm_vcpu *vcpu, u32 *msrpm); void svm_vcpu_free_msrpm(u32 *msrpm); void svm_copy_lbrs(struct vmcb *to_vmcb, struct vmcb *from_vmcb); void svm_enable_lbrv(struct kvm_vcpu *vcpu); --=20 2.49.0.1204.g71687c7c1d-goog From nobody Wed Feb 11 04:00:15 2026 Received: from mail-pg1-f201.google.com (mail-pg1-f201.google.com [209.85.215.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B195A25F78A for ; Thu, 29 May 2025 23:40:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562037; cv=none; b=Sme1QVagvYRx1tI1DLaMCXcQh6nevSzhIVmHmdxuRjRuNPhMwkkaYip4tX1d/RmVM9BokR3IIA8AZf/d1IISRSFurHOzuMaBCPkBqfpgB97MGSab9TCdDib52Ubg38pMqY1v1oSYmJaQ0fUVbMTJknuxCmUiAFmKvpb0Mxv/fsc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562037; c=relaxed/simple; bh=f/wMtMq9/qFZgaQDGeY3gfCebyaJeJqlly2GqDjC49M=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=tDrjQ5sGhYgZT4HuyHImbqZaQ1ciMCDFzifuFIsuHLqXfSoS4zsXI5YNGh84ezEXxVLOBbT0/jCp7Aq4jbHvQDECe4w1MZFD+0DeH5AQk7mpxixDZRee5Emudc9cGiqN/Vb6Cu9bbdB1CfWDFenhfXfXVNvgpCUHuC1iXnKcS6M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=tzFEL99i; arc=none smtp.client-ip=209.85.215.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="tzFEL99i" Received: by mail-pg1-f201.google.com with SMTP id 41be03b00d2f7-b26e0fee541so987193a12.1 for ; Thu, 29 May 2025 16:40:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748562035; x=1749166835; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=DgmzrcqPi/+ObwfNCcpwV/4+Tj3W+pwfcdwRavqA9es=; b=tzFEL99iR7hqHT/J7NFiwQ0bnrJDepqHUJJ6BWKCHEyGTLv7wmKkq5P8tXjhECWwEV eOCxRtwGINuRpGbrb/SX0NpVIaG8ngBjvR/SfJ7CH2ZLnMcAufq8ws2XeohCKf3+pghA c4VnKwT8YW3Ouq70sw+WPCv9V6YKW5E4SP5y/5/Dt3WpDffK3ZQsoKhTSJKJ6JugEg+L R/4Ck/dwUMXQ5gOx1wNRsiKwEdMzZEzwXOXpe8F59/ETNG8UbEFRRzjx6a/0dUlwoD/Z Tjx/mju3TmgRWOn5JmVUq0qswdVcZpt79nNKYxcECn4TdqVv1t64PipBFoMLOh8jUrVJ RqSQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748562035; x=1749166835; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=DgmzrcqPi/+ObwfNCcpwV/4+Tj3W+pwfcdwRavqA9es=; b=Yu/twKQ5CChnZfQsugw5kQw3CeIIDssvy+6dP/zDwt2yC0j/74cCzl5lNI35OzcxY5 SkVut1n9+od5VKn3YwpubbyeaCwH2BVo+b4SDHxK9miAZSkqqmU0oc3KceTSE7mccVuC wOV7WCnKY6zh6+Ksm9TiYljg+M+gJyal5J/TJ7IwCe2Cn5C4JkY2bbXBIVNmdLAWGon5 6vezxSCCxKvt6r2bBmPZM+++YpDru6Qn9smgyKH/lXeB9wGpxBnjJ+xiW+G98C/EkCMz MyON/2BF98VsjounAaECoKrSGItbLA6a5vaABnTGccCjQYHBUWCvbyTDvNnq24X+RqEI pNrg== X-Forwarded-Encrypted: i=1; AJvYcCV2BaRJmtu+XElBZk/CQxLRlWKOpVMXukJJOTe/ySyo7fqkMF9sxS7pyCVUp1mnaIGdczuT/m24uKEmb1I=@vger.kernel.org X-Gm-Message-State: AOJu0YxAgbfdNZ4uqGJiGfIFMgStKoEVKMO6r4inn7P3sKW6TLU61p/M 8+44M5Go8qFrrH4DQndJYj43qyjlqlrwUEOXpcxkIqo9hyS7NP3NWIPVJdNM/FAeb+JHsme906E mf/Uaqw== X-Google-Smtp-Source: AGHT+IEGoGqTFlgBAxp0OiVZzye1WjZwmg2sJ3WCHTGH1fBGGVEDOhHGqOLLyoh99i5qsX1y08VNc4toLuw= X-Received: from pgot2.prod.google.com ([2002:a63:b242:0:b0:af2:4edb:7793]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a21:110:b0:21a:d503:f47c with SMTP id adf61e73a8af0-21ae00b15c1mr203741637.28.1748562034978; Thu, 29 May 2025 16:40:34 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 29 May 2025 16:39:56 -0700 In-Reply-To: <20250529234013.3826933-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250529234013.3826933-1-seanjc@google.com> X-Mailer: git-send-email 2.49.0.1204.g71687c7c1d-goog Message-ID: <20250529234013.3826933-12-seanjc@google.com> Subject: [PATCH 11/28] KVM: SVM: Add helpers for accessing MSR bitmap that don't rely on offsets From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Borislav Petkov , Xin Li , Chao Gao , Dapeng Mi Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add macro-built helpers for testing, setting, and clearing MSRPM entries without relying on precomputed offsets. This sets the stage for eventually removing general KVM use of precomputed offsets, which are quite confusing and rather inefficient for the vast majority of KVM's usage. Outside of merging L0 and L1 bitmaps for nested SVM, using u32-indexed offsets and accesses is at best unnecessary, and at worst introduces extra operations to retrieve the individual bit from within the offset u32 value. And simply calling them "offsets" is very confusing, as the "unit" of the offset isn't immediately obvious. Use the new helpers in set_msr_interception_bitmap() and msr_write_intercepted() to verify the math and operations, but keep the existing offset-based logic set_msr_interception_bitmap() to sanity check the "clear" and "set" operations. Manipulating MSR interceptions isn't a hot path and no kernel release is ever expected to contain this specific version of set_msr_interception_bitmap() (it will be removed entirely in the near future). Add compile-time asserts to verify the bit number calculations, and also to provide a simple demonstration of the layout (SVM and VMX use the same concept of a bitmap, but with different layouts). Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/svm.c | 30 ++++++++++++++-------------- arch/x86/kvm/svm/svm.h | 44 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+), 16 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index d97711bdbfc9..76d074440bcc 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -806,11 +806,6 @@ static bool valid_msr_intercept(u32 index) =20 static bool msr_write_intercepted(struct kvm_vcpu *vcpu, u32 msr) { - u8 bit_write; - unsigned long tmp; - u32 offset; - u32 *msrpm; - /* * For non-nested case: * If the L01 MSR bitmap does not intercept the MSR, then we need to @@ -820,17 +815,10 @@ static bool msr_write_intercepted(struct kvm_vcpu *vc= pu, u32 msr) * If the L02 MSR bitmap does not intercept the MSR, then we need to * save it. */ - msrpm =3D is_guest_mode(vcpu) ? to_svm(vcpu)->nested.msrpm: - to_svm(vcpu)->msrpm; + void *msrpm =3D is_guest_mode(vcpu) ? to_svm(vcpu)->nested.msrpm: + to_svm(vcpu)->msrpm; =20 - offset =3D svm_msrpm_offset(msr); - bit_write =3D 2 * (msr & 0x0f) + 1; - tmp =3D msrpm[offset]; - - if (KVM_BUG_ON(offset =3D=3D MSR_INVALID, vcpu->kvm)) - return false; - - return test_bit(bit_write, &tmp); + return svm_test_msr_bitmap_write(msrpm, msr); } =20 static void set_msr_interception_bitmap(struct kvm_vcpu *vcpu, u32 *msrpm, @@ -865,7 +853,17 @@ static void set_msr_interception_bitmap(struct kvm_vcp= u *vcpu, u32 *msrpm, read ? __clear_bit(bit_read, &tmp) : __set_bit(bit_read, &tmp); write ? __clear_bit(bit_write, &tmp) : __set_bit(bit_write, &tmp); =20 - msrpm[offset] =3D tmp; + if (read) + svm_clear_msr_bitmap_read((void *)msrpm, msr); + else + svm_set_msr_bitmap_read((void *)msrpm, msr); + + if (write) + svm_clear_msr_bitmap_write((void *)msrpm, msr); + else + svm_set_msr_bitmap_write((void *)msrpm, msr); + + WARN_ON_ONCE(msrpm[offset] !=3D (u32)tmp); =20 svm_hv_vmcb_dirty_nested_enlightenments(vcpu); svm->nested.force_msr_bitmap_recalc =3D true; diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 47a36a9a7fe5..e432cd7a7889 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -628,6 +628,50 @@ static_assert(SVM_MSRS_PER_RANGE =3D=3D 8192); #define SVM_MSRPM_RANGE_1_BASE_MSR 0xc0000000 #define SVM_MSRPM_RANGE_2_BASE_MSR 0xc0010000 =20 +#define SVM_MSRPM_FIRST_MSR(range_nr) \ + (SVM_MSRPM_RANGE_## range_nr ##_BASE_MSR) +#define SVM_MSRPM_LAST_MSR(range_nr) \ + (SVM_MSRPM_RANGE_## range_nr ##_BASE_MSR + SVM_MSRS_PER_RANGE - 1) + +#define SVM_MSRPM_BIT_NR(range_nr, msr) \ + (range_nr * SVM_MSRPM_BYTES_PER_RANGE * BITS_PER_BYTE + \ + (msr - SVM_MSRPM_RANGE_## range_nr ##_BASE_MSR) * SVM_BITS_PER_MSR) + +#define SVM_MSRPM_SANITY_CHECK_BITS(range_nr) \ +static_assert(SVM_MSRPM_BIT_NR(range_nr, SVM_MSRPM_FIRST_MSR(range_nr) + 1= ) =3D=3D \ + range_nr * 2048 * 8 + 2); \ +static_assert(SVM_MSRPM_BIT_NR(range_nr, SVM_MSRPM_FIRST_MSR(range_nr) + 7= ) =3D=3D \ + range_nr * 2048 * 8 + 14); + +SVM_MSRPM_SANITY_CHECK_BITS(0); +SVM_MSRPM_SANITY_CHECK_BITS(1); +SVM_MSRPM_SANITY_CHECK_BITS(2); + +#define SVM_BUILD_MSR_BITMAP_CASE(bitmap, range_nr, msr, bitop, bit_rw) \ + case SVM_MSRPM_FIRST_MSR(range_nr) ... SVM_MSRPM_LAST_MSR(range_nr): \ + return bitop##_bit(SVM_MSRPM_BIT_NR(range_nr, msr) + bit_rw, bitmap); + +#define __BUILD_SVM_MSR_BITMAP_HELPER(rtype, action, bitop, access, bit_rw= ) \ +static inline rtype svm_##action##_msr_bitmap_##access(unsigned long *bitm= ap, \ + u32 msr) \ +{ \ + switch (msr) { \ + SVM_BUILD_MSR_BITMAP_CASE(bitmap, 0, msr, bitop, bit_rw) \ + SVM_BUILD_MSR_BITMAP_CASE(bitmap, 1, msr, bitop, bit_rw) \ + SVM_BUILD_MSR_BITMAP_CASE(bitmap, 2, msr, bitop, bit_rw) \ + default: \ + return (rtype)true; \ + } \ + \ +} +#define BUILD_SVM_MSR_BITMAP_HELPERS(ret_type, action, bitop) \ + __BUILD_SVM_MSR_BITMAP_HELPER(ret_type, action, bitop, read, 0) \ + __BUILD_SVM_MSR_BITMAP_HELPER(ret_type, action, bitop, write, 1) + +BUILD_SVM_MSR_BITMAP_HELPERS(bool, test, test) +BUILD_SVM_MSR_BITMAP_HELPERS(void, clear, __clear) +BUILD_SVM_MSR_BITMAP_HELPERS(void, set, __set) + #define MSR_INVALID 0xffffffffU =20 #define DEBUGCTL_RESERVED_BITS (~DEBUGCTLMSR_LBR) --=20 2.49.0.1204.g71687c7c1d-goog From nobody Wed Feb 11 04:00:15 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 413CC25F98C for ; Thu, 29 May 2025 23:40:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562039; cv=none; b=rWhKozTev9gciPpbWohr//8CFVM2w4YdJqJMyj/aJHfQsME+tP1SnqF3g9qSlohBzmvfk6dw4krm7UoFDma7cYs7yEz6cgoDo5QD/Zy3FO22OG0XDCpG7GD/mj6JZaybtrk4oUIDrVdnuZqEW8GVzDSf75K78NMivibmpFuxc+0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562039; c=relaxed/simple; bh=94/cIo0ZaNeNMrTuBNRj2fEw9iK5U5ZqG1f99RggVRw=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=i7NNZpOXAfWF+WozFIaQs+NEu/xeKSqTXIuJOF/wDFyA/0/CX6PshV2JNoRYoLnFJr/FDSNfb/cUf/af/z4GR51GBRFxhhD1KiQDfQRqGUs2zoY6WUJ5/cbvOHZcUO7YHT/z8al/tCMdol8T7X8XhZVcC0JlVbJCBf6h1OUAeN4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=kQRuEkwy; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="kQRuEkwy" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-3113a29e1fdso1936009a91.3 for ; Thu, 29 May 2025 16:40:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748562036; x=1749166836; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=1alTOvB6/OgwjfECeMNZmm+TY5Agjn31jw7ghlo20NU=; b=kQRuEkwyH7KMJpDmm77rF55FhFr3jHkxF/d7BkiRoJimEqPKCMXfyUkBRtay5TFdn4 Nml4SJC6cEuzOSiuOhTv4VyFdvxrKk0DlYebIK3n7wLOrM5a2lojNpi0CuaF2cWwbDyz 0ygCi310gWPcgAqN5zWD/tysAdi4P97Lw7YCKWpcyE2IpuiyRowpE+2gdrjZHzys88lF m5uhGbpzvjoKp0hX9Va2yEibVo3Jh3mHFd9jXwm4WkcLHepkQWNBF8EArlIqItCVGVf5 LG22T0xALDSShOZj3Z/fdimR6lVckV9fjP8cr+fb44OLcivhYvVjGb5O7XGkOZ54793i I0Pw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748562036; x=1749166836; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=1alTOvB6/OgwjfECeMNZmm+TY5Agjn31jw7ghlo20NU=; b=jDMhlHdsnLr+hFYPhjErX9zJWPfUYCcTN7ERV9VlKF4pcOuzQrx6cFkqjM0PHPpfSW bUBbj6wV6yOlZQ5wpOLuJoKbuOtOOT1iki3GSpiEHwJwpIOqW9X2omgKsTwkFjYWPRdF 3u+20yROwm+3pqkFh0XnCyUZdxRi1jHaqrqCWhjhoSKIQbJDE2pujI8Lp+F2igmzdQDD zAhRRRtKzqMEAAqXr09KwvTq3dQ6qmd95ZqEQHtLGGEkEidaHOcCRtgUIxGucQ4lejrK /g2NF8kxC3pZ3nnBGf8TS4CeRFoYIcT32guGdtq8wrNenQ1+bPZGjxkf3htLuxFGlRr7 fBBA== X-Forwarded-Encrypted: i=1; AJvYcCWCnEVE5VO2pr+92DVy/WGCHcCEzJuNz/ntsufLW3fGx1khK+W6Iv/eEvCMMimyhCfSAffOCn/ShjUGm6Y=@vger.kernel.org X-Gm-Message-State: AOJu0Yx/Htr4h2nWWXOKaF7j8OYmpfBUGVe/DZN6ccxPxDYShqz2HB24 9oA/Rvecg/zjw/KRjkaxJ9F/MDEFmGxqxWHKQJTdtS6mAUbV+HOabKyjdkwJR0L4k30Wxhpln51 Ah2HqQw== X-Google-Smtp-Source: AGHT+IFtU7P7UEpwBoLNgYVBS/XLCpMgv6DLTf4/K+/UW1m+eAyE3ysz+wZwzzGG0pE7inrk9oz0oNkkmdU= X-Received: from pjtq15.prod.google.com ([2002:a17:90a:c10f:b0:311:e9bb:f8d4]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:3ec1:b0:311:b07f:1b86 with SMTP id 98e67ed59e1d1-31241e725cfmr1858664a91.29.1748562036544; Thu, 29 May 2025 16:40:36 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 29 May 2025 16:39:57 -0700 In-Reply-To: <20250529234013.3826933-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250529234013.3826933-1-seanjc@google.com> X-Mailer: git-send-email 2.49.0.1204.g71687c7c1d-goog Message-ID: <20250529234013.3826933-13-seanjc@google.com> Subject: [PATCH 12/28] KVM: SVM: Implement and adopt VMX style MSR intercepts APIs From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Borislav Petkov , Xin Li , Chao Gao , Dapeng Mi Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add and use SVM MSR interception APIs (in most paths) to match VMX's APIs and nomenclature. Specifically, add SVM variants of: vmx_disable_intercept_for_msr(vcpu, msr, type) vmx_enable_intercept_for_msr(vcpu, msr, type) vmx_set_intercept_for_msr(vcpu, msr, type, intercept) to eventually replace SVM's single helper: set_msr_interception(vcpu, msrpm, msr, allow_read, allow_write) which is awkward to use (in all cases, KVM either applies the same logic for both reads and writes, or intercepts one of read or write), and is unintuitive due to using '0' to indicate interception should be *set*. Keep the guts of the old API for the moment to avoid churning the MSR filter code, as that mess will be overhauled in the near future. Leave behind a temporary comment to call out that the shadow bitmaps have inverted polarity relative to the bitmaps consumed by hardware. No functional change intended. Signed-off-by: Sean Christopherson Reviewed-by: Chao Gao --- arch/x86/kvm/svm/sev.c | 18 ++++---- arch/x86/kvm/svm/svm.c | 100 ++++++++++++++++++++++++++++++----------- arch/x86/kvm/svm/svm.h | 12 +++++ 3 files changed, 93 insertions(+), 37 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 978a0088a3f1..bb0ec029b3d4 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -4415,12 +4415,10 @@ static void sev_es_vcpu_after_set_cpuid(struct vcpu= _svm *svm) { struct kvm_vcpu *vcpu =3D &svm->vcpu; =20 - if (boot_cpu_has(X86_FEATURE_V_TSC_AUX)) { - bool v_tsc_aux =3D guest_cpu_cap_has(vcpu, X86_FEATURE_RDTSCP) || - guest_cpu_cap_has(vcpu, X86_FEATURE_RDPID); - - set_msr_interception(vcpu, svm->msrpm, MSR_TSC_AUX, v_tsc_aux, v_tsc_aux= ); - } + if (boot_cpu_has(X86_FEATURE_V_TSC_AUX)) + svm_set_intercept_for_msr(vcpu, MSR_TSC_AUX, MSR_TYPE_RW, + !guest_cpu_cap_has(vcpu, X86_FEATURE_RDTSCP) && + !guest_cpu_cap_has(vcpu, X86_FEATURE_RDPID)); =20 /* * For SEV-ES, accesses to MSR_IA32_XSS should not be intercepted if @@ -4436,9 +4434,9 @@ static void sev_es_vcpu_after_set_cpuid(struct vcpu_s= vm *svm) */ if (guest_cpu_cap_has(vcpu, X86_FEATURE_XSAVES) && guest_cpuid_has(vcpu, X86_FEATURE_XSAVES)) - set_msr_interception(vcpu, svm->msrpm, MSR_IA32_XSS, 1, 1); + svm_disable_intercept_for_msr(vcpu, MSR_IA32_XSS, MSR_TYPE_RW); else - set_msr_interception(vcpu, svm->msrpm, MSR_IA32_XSS, 0, 0); + svm_enable_intercept_for_msr(vcpu, MSR_IA32_XSS, MSR_TYPE_RW); } =20 void sev_vcpu_after_set_cpuid(struct vcpu_svm *svm) @@ -4515,8 +4513,8 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm) svm_clr_intercept(svm, INTERCEPT_XSETBV); =20 /* Clear intercepts on selected MSRs */ - set_msr_interception(vcpu, svm->msrpm, MSR_EFER, 1, 1); - set_msr_interception(vcpu, svm->msrpm, MSR_IA32_CR_PAT, 1, 1); + svm_disable_intercept_for_msr(vcpu, MSR_EFER, MSR_TYPE_RW); + svm_disable_intercept_for_msr(vcpu, MSR_IA32_CR_PAT, MSR_TYPE_RW); } =20 void sev_init_vmcb(struct vcpu_svm *svm) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 76d074440bcc..56460413eca6 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -869,11 +869,57 @@ static void set_msr_interception_bitmap(struct kvm_vc= pu *vcpu, u32 *msrpm, svm->nested.force_msr_bitmap_recalc =3D true; } =20 -void set_msr_interception(struct kvm_vcpu *vcpu, u32 *msrpm, u32 msr, - int read, int write) +void svm_disable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int typ= e) { - set_shadow_msr_intercept(vcpu, msr, read, write); - set_msr_interception_bitmap(vcpu, msrpm, msr, read, write); + struct vcpu_svm *svm =3D to_svm(vcpu); + void *msrpm =3D svm->msrpm; + + /* Note, the shadow intercept bitmaps have inverted polarity. */ + set_shadow_msr_intercept(vcpu, msr, type & MSR_TYPE_R, type & MSR_TYPE_W); + + /* + * Don't disabled interception for the MSR if userspace wants to + * handle it. + */ + if ((type & MSR_TYPE_R) && + !kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_READ)) { + svm_set_msr_bitmap_read(msrpm, msr); + type &=3D ~MSR_TYPE_R; + } + + if ((type & MSR_TYPE_W) && + !kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_WRITE)) { + svm_set_msr_bitmap_write(msrpm, msr); + type &=3D ~MSR_TYPE_W; + } + + if (type & MSR_TYPE_R) + svm_clear_msr_bitmap_read(msrpm, msr); + + if (type & MSR_TYPE_W) + svm_clear_msr_bitmap_write(msrpm, msr); + + svm_hv_vmcb_dirty_nested_enlightenments(vcpu); + svm->nested.force_msr_bitmap_recalc =3D true; +} + +void svm_enable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type) +{ + struct vcpu_svm *svm =3D to_svm(vcpu); + void *msrpm =3D svm->msrpm; + + + set_shadow_msr_intercept(vcpu, msr, + !(type & MSR_TYPE_R), !(type & MSR_TYPE_W)); + + if (type & MSR_TYPE_R) + svm_set_msr_bitmap_read(msrpm, msr); + + if (type & MSR_TYPE_W) + svm_set_msr_bitmap_write(msrpm, msr); + + svm_hv_vmcb_dirty_nested_enlightenments(vcpu); + svm->nested.force_msr_bitmap_recalc =3D true; } =20 u32 *svm_vcpu_alloc_msrpm(void) @@ -893,13 +939,13 @@ u32 *svm_vcpu_alloc_msrpm(void) =20 static void svm_vcpu_init_msrpm(struct kvm_vcpu *vcpu) { - u32 *msrpm =3D to_svm(vcpu)->msrpm; int i; =20 for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) { if (!direct_access_msrs[i].always) continue; - set_msr_interception(vcpu, msrpm, direct_access_msrs[i].index, 1, 1); + svm_disable_intercept_for_msr(vcpu, direct_access_msrs[i].index, + MSR_TYPE_RW); } } =20 @@ -919,8 +965,8 @@ void svm_set_x2apic_msr_interception(struct vcpu_svm *s= vm, bool intercept) if ((index < APIC_BASE_MSR) || (index > APIC_BASE_MSR + 0xff)) continue; - set_msr_interception(&svm->vcpu, svm->msrpm, index, - !intercept, !intercept); + + svm_set_intercept_for_msr(&svm->vcpu, index, MSR_TYPE_RW, intercept); } =20 svm->x2avic_msrs_intercepted =3D intercept; @@ -1008,13 +1054,13 @@ void svm_enable_lbrv(struct kvm_vcpu *vcpu) struct vcpu_svm *svm =3D to_svm(vcpu); =20 svm->vmcb->control.virt_ext |=3D LBR_CTL_ENABLE_MASK; - set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTBRANCHFROMIP, 1, 1); - set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTBRANCHTOIP, 1, 1); - set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTINTFROMIP, 1, 1); - set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTINTTOIP, 1, 1); + svm_disable_intercept_for_msr(vcpu, MSR_IA32_LASTBRANCHFROMIP, MSR_TYPE_R= W); + svm_disable_intercept_for_msr(vcpu, MSR_IA32_LASTBRANCHTOIP, MSR_TYPE_RW); + svm_disable_intercept_for_msr(vcpu, MSR_IA32_LASTINTFROMIP, MSR_TYPE_RW); + svm_disable_intercept_for_msr(vcpu, MSR_IA32_LASTINTTOIP, MSR_TYPE_RW); =20 if (sev_es_guest(vcpu->kvm)) - set_msr_interception(vcpu, svm->msrpm, MSR_IA32_DEBUGCTLMSR, 1, 1); + svm_disable_intercept_for_msr(vcpu, MSR_IA32_DEBUGCTLMSR, MSR_TYPE_RW); =20 /* Move the LBR msrs to the vmcb02 so that the guest can see them. */ if (is_guest_mode(vcpu)) @@ -1028,10 +1074,10 @@ static void svm_disable_lbrv(struct kvm_vcpu *vcpu) KVM_BUG_ON(sev_es_guest(vcpu->kvm), vcpu->kvm); =20 svm->vmcb->control.virt_ext &=3D ~LBR_CTL_ENABLE_MASK; - set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTBRANCHFROMIP, 0, 0); - set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTBRANCHTOIP, 0, 0); - set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTINTFROMIP, 0, 0); - set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTINTTOIP, 0, 0); + svm_enable_intercept_for_msr(vcpu, MSR_IA32_LASTBRANCHFROMIP, MSR_TYPE_RW= ); + svm_enable_intercept_for_msr(vcpu, MSR_IA32_LASTBRANCHTOIP, MSR_TYPE_RW); + svm_enable_intercept_for_msr(vcpu, MSR_IA32_LASTINTFROMIP, MSR_TYPE_RW); + svm_enable_intercept_for_msr(vcpu, MSR_IA32_LASTINTTOIP, MSR_TYPE_RW); =20 /* * Move the LBR msrs back to the vmcb01 to avoid copying them @@ -1223,8 +1269,8 @@ static inline void init_vmcb_after_set_cpuid(struct k= vm_vcpu *vcpu) svm_set_intercept(svm, INTERCEPT_VMSAVE); svm->vmcb->control.virt_ext &=3D ~VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK; =20 - set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_EIP, 0, 0); - set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_ESP, 0, 0); + svm_enable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_EIP, MSR_TYPE_RW); + svm_enable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_ESP, MSR_TYPE_RW); } else { /* * If hardware supports Virtual VMLOAD VMSAVE then enable it @@ -1236,8 +1282,8 @@ static inline void init_vmcb_after_set_cpuid(struct k= vm_vcpu *vcpu) svm->vmcb->control.virt_ext |=3D VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK; } /* No need to intercept these MSRs */ - set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_EIP, 1, 1); - set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_ESP, 1, 1); + svm_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_EIP, MSR_TYPE_RW); + svm_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_ESP, MSR_TYPE_RW); } } =20 @@ -1370,7 +1416,7 @@ static void init_vmcb(struct kvm_vcpu *vcpu) * of MSR_IA32_SPEC_CTRL. */ if (boot_cpu_has(X86_FEATURE_V_SPEC_CTRL)) - set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SPEC_CTRL, 1, 1); + svm_disable_intercept_for_msr(vcpu, MSR_IA32_SPEC_CTRL, MSR_TYPE_RW); =20 if (kvm_vcpu_apicv_active(vcpu)) avic_init_vmcb(svm, vmcb); @@ -3137,7 +3183,7 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct = msr_data *msr) * We update the L1 MSR bit as well since it will end up * touching the MSR anyway now. */ - set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SPEC_CTRL, 1, 1); + svm_disable_intercept_for_msr(vcpu, MSR_IA32_SPEC_CTRL, MSR_TYPE_RW); break; case MSR_AMD64_VIRT_SPEC_CTRL: if (!msr->host_initiated && @@ -4641,12 +4687,12 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcp= u *vcpu) svm_recalc_instruction_intercepts(vcpu, svm); =20 if (boot_cpu_has(X86_FEATURE_IBPB)) - set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PRED_CMD, 0, - !!guest_has_pred_cmd_msr(vcpu)); + svm_set_intercept_for_msr(vcpu, MSR_IA32_PRED_CMD, MSR_TYPE_W, + !guest_has_pred_cmd_msr(vcpu)); =20 if (boot_cpu_has(X86_FEATURE_FLUSH_L1D)) - set_msr_interception(vcpu, svm->msrpm, MSR_IA32_FLUSH_CMD, 0, - !!guest_cpu_cap_has(vcpu, X86_FEATURE_FLUSH_L1D)); + svm_set_intercept_for_msr(vcpu, MSR_IA32_FLUSH_CMD, MSR_TYPE_W, + !guest_cpu_cap_has(vcpu, X86_FEATURE_FLUSH_L1D)); =20 if (sev_guest(vcpu->kvm)) sev_vcpu_after_set_cpuid(svm); diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index e432cd7a7889..32bb1e536dce 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -701,6 +701,18 @@ void svm_set_x2apic_msr_interception(struct vcpu_svm *= svm, bool disable); void svm_complete_interrupt_delivery(struct kvm_vcpu *vcpu, int delivery_m= ode, int trig_mode, int vec); =20 +void svm_enable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type= ); +void svm_disable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int typ= e); + +static inline void svm_set_intercept_for_msr(struct kvm_vcpu *vcpu, u32 ms= r, + int type, bool enable_intercept) +{ + if (enable_intercept) + svm_enable_intercept_for_msr(vcpu, msr, type); + else + svm_disable_intercept_for_msr(vcpu, msr, type); +} + /* nested.c */ =20 #define NESTED_EXIT_HOST 0 /* Exit handled on host level */ --=20 2.49.0.1204.g71687c7c1d-goog From nobody Wed Feb 11 04:00:15 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C398B2609DD for ; Thu, 29 May 2025 23:40:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562040; cv=none; b=FwNhi0fc/S8QuFLFe31xiitjOxqRB9FPBaSNIDfaGx7dCcZ5X9494NBnFuRdXF/EAPyuIIZPIY3bz+PsjZvUvqyjKV82b1cI4MpA9dd+lHWPYs5tp/iKw3FXUPcT+ndAIyWRQug/NRNov+dW3iZ5ROLdth/W+eS7qXI6ZMSvI14= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562040; c=relaxed/simple; bh=GnxNGrGbjnfL5nA3UyIl/gBsvF/K8aMVtAMHDs16GgU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=mlTnPPSxyw3Y4nRQkSa7pv+7gbeRWuVZ7lR9b2dwpC6+ZRpoyHUTjkJpG+KhlzNomRWMACGcQX5KjPqkr5RcqfluibBuelQB4ixct1uD+sYyqU8EVknsjwFtrgHoC9E0BI533bjcHpzyVtzLkf7JEsSj+EsSTPzhp8Xaogyq3Ag= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=ueCChZQ5; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ueCChZQ5" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-311f4f2e6baso1368841a91.0 for ; Thu, 29 May 2025 16:40:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748562038; x=1749166838; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=/IhIB5gor13aAWenha6wShIUxZiCYleN55IHZ/J9+eU=; b=ueCChZQ5Z3aJx1AO2l9tNGdzGiUPOXO0eFuTCDWakpwPkWePdLMYevEoXa9IhfMo8k HzdpJsJNd25Vr07MkufzRgJHRcjfscc8CIY8BebAKBts1E/Eon/ImiNrqDy21/PmovcE eRQFw6cgtqSTGiYp7b1DMokc+SmoogCdIpFxf+9SlJV5/88v8Nt9mLjJLOzut+LVNjYZ +WcbtQQ9LY1KxlNPW0ErL0eBJ0XpwIL/4n796CC+ip/CkNLpbU2BE/hXureq6Z4fc1W9 3GhlOuu3O7uOm/AS4EL1eybrLDqdZmRDdUVjYE4Myfi1omT2jLf+XdL4U/aiaPZqV+0a lx7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748562038; x=1749166838; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/IhIB5gor13aAWenha6wShIUxZiCYleN55IHZ/J9+eU=; b=achzaw8GsnyPcJv6xodpwSQcsgQkcErHpkAApZXFTZ7kxm6K3IWSRF5+eYmHd95wvb TVMkle6RwxDCjLt/2etGDgqTIvYA6GjSk9A+XGAAfyh7VVFNisRN8OMvK5fIKtON2L2A EC5lYOwyggY52ri2KM+62SMfXe1EU5bG7O8L4AHIIyhBeXexnetnmKAX3ZPWOoZFJlXi zEeUOAWP5qS6+r3ZZVqnN6s0g5rPbA6y6YfUxohNn53CvoqZG+Tw6wq2G/Kr+KtI/GhH 98PaLeUbro92THxplYxwNn+QKANkilPc0X2V8ART2LOtkW5LQagVdLmudlmWBhIVNFHT XShA== X-Forwarded-Encrypted: i=1; AJvYcCWFDBVcHIJiIjH3Y0EYhmOMzAjRDOstFxQbOslWsWQN4pO7LnaTR1x+5NPBtnTqjIXhNYvZweq7Ym1pNYE=@vger.kernel.org X-Gm-Message-State: AOJu0YyFpZjTtDJuPg7a497XgyVXvDOKVk36FciWaVCEYkdC1oxZYIsJ o15lS3lFXx0/b5OMNOgkeXzfvMSOVaIq7D/TEVaNUvK2R13RcnCmuu7TM3Q3G+2JI5i0+/n5HMd qU7rRBQ== X-Google-Smtp-Source: AGHT+IFYE6QZgxnJog3zqb9GuS0hWNogIixhuCyNKqy3IlWubD5Z1+DlZeWI/osjf7l+9JqPdaBV7JgdcbU= X-Received: from pjbsz6.prod.google.com ([2002:a17:90b:2d46:b0:310:f76d:7b8d]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:3809:b0:312:18e:d930 with SMTP id 98e67ed59e1d1-3124173be5fmr1682635a91.19.1748562038082; Thu, 29 May 2025 16:40:38 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 29 May 2025 16:39:58 -0700 In-Reply-To: <20250529234013.3826933-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250529234013.3826933-1-seanjc@google.com> X-Mailer: git-send-email 2.49.0.1204.g71687c7c1d-goog Message-ID: <20250529234013.3826933-14-seanjc@google.com> Subject: [PATCH 13/28] KVM: SVM: Pass through GHCB MSR if and only if VM is an SEV-ES guest From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Borislav Petkov , Xin Li , Chao Gao , Dapeng Mi Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Disable interception of the GHCB MSR if and only if the VM is an SEV-ES guest. While the exact behavior is completely undocumented in the APM, common sense and testing on SEV-ES capable CPUs says that accesses to the GHCB from non-SEV-ES guests will #GP. I.e. from the guest's perspective, no functional change intended. Fixes: 376c6d285017 ("KVM: SVM: Provide support for SEV-ES vCPU creation/lo= ading") Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/sev.c | 3 ++- arch/x86/kvm/svm/svm.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index bb0ec029b3d4..694d38a2327c 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -4512,7 +4512,8 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm) /* Can't intercept XSETBV, HV can't modify XCR0 directly */ svm_clr_intercept(svm, INTERCEPT_XSETBV); =20 - /* Clear intercepts on selected MSRs */ + /* Clear intercepts on MSRs that are context switched by hardware. */ + svm_disable_intercept_for_msr(vcpu, MSR_AMD64_SEV_ES_GHCB, MSR_TYPE_RW); svm_disable_intercept_for_msr(vcpu, MSR_EFER, MSR_TYPE_RW); svm_disable_intercept_for_msr(vcpu, MSR_IA32_CR_PAT, MSR_TYPE_RW); } diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 56460413eca6..fa1a1b9b2d59 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -110,7 +110,7 @@ static const struct svm_direct_access_msrs { { .index =3D MSR_IA32_XSS, .always =3D false }, { .index =3D MSR_EFER, .always =3D false }, { .index =3D MSR_IA32_CR_PAT, .always =3D false }, - { .index =3D MSR_AMD64_SEV_ES_GHCB, .always =3D true }, + { .index =3D MSR_AMD64_SEV_ES_GHCB, .always =3D false }, { .index =3D MSR_TSC_AUX, .always =3D false }, { .index =3D X2APIC_MSR(APIC_ID), .always =3D false }, { .index =3D X2APIC_MSR(APIC_LVR), .always =3D false }, --=20 2.49.0.1204.g71687c7c1d-goog From nobody Wed Feb 11 04:00:15 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7F85A2620C6 for ; Thu, 29 May 2025 23:40:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562042; cv=none; b=SFV0WapnCSksyzzA24AXLk0w2r/IzAdFmdDCqaM6g7Efg+PxdFE4Wy8KW+aWYo+SqvTLEoteseJzeddrD6dQ9wB7zmc/S0GQmnUwmkurK7WQjL19phIocyVtwk4523q7AFr6BlRWKjPzxx9ruw8qnTEAn7C5s7k7smMIWYFFz1I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562042; c=relaxed/simple; bh=LtoXGWoOg0euriPSpqBJEc/HKAJCOXoqsaNVe3ZZUzM=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Q80NOZ+UXMcTBmahXILnjc7WdQ3UZ8wTDKjBnyx/Uj0sX9R21/qOuaulu0qq9v3UbemWiTwqOorLQgFeUV1nchGxW0/xPdo3YE+txuxVyiThNRsX5XW+H8n4i8Vq8SXO79piEIe2gKfyx2s/DpTzDWE4+KmraGZprx1iO+EdOpw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Irs/4Ssp; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Irs/4Ssp" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-311ae2b6647so1194408a91.0 for ; Thu, 29 May 2025 16:40:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748562040; x=1749166840; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=vI2VktldV9nwipf7c9FUAsc3yJgqz1fVa0a4NeQnFPc=; b=Irs/4Ssp2PXwEm1VZ/8hdeaMDMVpyBRd26LrQnFcw7YNMUaCNISZoBSmAGxuQK63hW xiNXFix580+LHJNiQVw/vDNgutqm319EDEtME8xNmpgyQ6K4brOVPoJU+S7pcD+j5oF6 b4KBqsXZvdhcC08fiGey518vsknspOZwYHdizOQLYh+FeR5WiGz7xUOoD5tUuMzDH9rT aSv8qddRi6xJzm4tJUraB9lurvdPdRP2K49DFwJw2XbY3swdzP+dguGkLLaG1qiN8iNR K/hvijpFprvdPKGhjwEYX8Wj9DIGoeyPpXdnO8pyH1B1ZdbH/eP+uXF4s/TO8W01scXZ jSJQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748562040; x=1749166840; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=vI2VktldV9nwipf7c9FUAsc3yJgqz1fVa0a4NeQnFPc=; b=iIPwKV+EICBrmtmCFFfa+YTSzBnCFJByyIPDubzEZi/X5nf9snbILjuc+PkGKNYRTK NQhIrwndQqL8zUgE8RMH8VnhskRP7y54Ax5+kDNJ4It4C3avEgoVyu9iHOKBW+B+XR4S NJs4DsXeAwoBfS/0GA50eZTo1eE1HzYlmxUvDVDwbenKtP9ENd7AmqNPGfkZnykmSJNb F5BZy36Gzz/xWLe2tjBWNNEaRWQNxlD1cMwXForcwD9KqxhriUY1+D8gM1Tnf3qzBkig TIeVhvAdHuJ3QMIKfKsps3nBW6ebF4dgrjqc6t5VGaI7lVAffi+24kuwlSOKVaeL5Yi6 bZ9w== X-Forwarded-Encrypted: i=1; AJvYcCV2VFU/DJmB/3lHHxEC+Rms/kzBUevceIBE/A5Kc45tkikFCyvconPkhwZ4izCOAWeNuvkg+OQD0Q+XBfg=@vger.kernel.org X-Gm-Message-State: AOJu0YyRj6j/S3DjwH/rhMMpipa8ZqfrkAxWsFoX2RllSdFv9oLi/jN/ mWCBvW00DyPg1OVzHYVmjG5H6Psq292Y4rEJBCRPuw+Mm1YrlES2F0kSFQ1dKWxsLz3claT/rR7 jL1UJcw== X-Google-Smtp-Source: AGHT+IGYwQG/wCJYbsKMwKB1JDdZvJY7G6hzP9daC/TdbPIwUg0z2A1D3/ywkC+Gt35LCiCmAerUgczkUHU= X-Received: from pjbcz13.prod.google.com ([2002:a17:90a:d44d:b0:30a:31eb:ec8e]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:41:b0:312:26d9:d5bc with SMTP id 98e67ed59e1d1-31241639c78mr2181320a91.15.1748562039701; Thu, 29 May 2025 16:40:39 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 29 May 2025 16:39:59 -0700 In-Reply-To: <20250529234013.3826933-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250529234013.3826933-1-seanjc@google.com> X-Mailer: git-send-email 2.49.0.1204.g71687c7c1d-goog Message-ID: <20250529234013.3826933-15-seanjc@google.com> Subject: [PATCH 14/28] KVM: SVM: Drop "always" flag from list of possible passthrough MSRs From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Borislav Petkov , Xin Li , Chao Gao , Dapeng Mi Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Drop the "always" flag from the array of possible passthrough MSRs, and instead manually initialize the permissions for the handful of MSRs that KVM passes through by default. In addition to cutting down on boilerplate copy+paste code and eliminating a misleading flag (the MSRs aren't always passed through, e.g. thanks to MSR filters), this will allow for removing the direct_access_msrs array entirely. Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/svm.c | 124 ++++++++++++++++++++--------------------- 1 file changed, 62 insertions(+), 62 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index fa1a1b9b2d59..e0fedd23e150 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -83,51 +83,48 @@ static DEFINE_PER_CPU(u64, current_tsc_ratio); =20 #define X2APIC_MSR(x) (APIC_BASE_MSR + (x >> 4)) =20 -static const struct svm_direct_access_msrs { - u32 index; /* Index of the MSR */ - bool always; /* True if intercept is initially cleared */ -} direct_access_msrs[] =3D { - { .index =3D MSR_STAR, .always =3D true }, - { .index =3D MSR_IA32_SYSENTER_CS, .always =3D true }, - { .index =3D MSR_IA32_SYSENTER_EIP, .always =3D false }, - { .index =3D MSR_IA32_SYSENTER_ESP, .always =3D false }, +static const u32 direct_access_msrs[] =3D { + MSR_STAR, + MSR_IA32_SYSENTER_CS, + MSR_IA32_SYSENTER_EIP, + MSR_IA32_SYSENTER_ESP, #ifdef CONFIG_X86_64 - { .index =3D MSR_GS_BASE, .always =3D true }, - { .index =3D MSR_FS_BASE, .always =3D true }, - { .index =3D MSR_KERNEL_GS_BASE, .always =3D true }, - { .index =3D MSR_LSTAR, .always =3D true }, - { .index =3D MSR_CSTAR, .always =3D true }, - { .index =3D MSR_SYSCALL_MASK, .always =3D true }, + MSR_GS_BASE, + MSR_FS_BASE, + MSR_KERNEL_GS_BASE, + MSR_LSTAR, + MSR_CSTAR, + MSR_SYSCALL_MASK, #endif - { .index =3D MSR_IA32_SPEC_CTRL, .always =3D false }, - { .index =3D MSR_IA32_PRED_CMD, .always =3D false }, - { .index =3D MSR_IA32_FLUSH_CMD, .always =3D false }, - { .index =3D MSR_IA32_DEBUGCTLMSR, .always =3D false }, - { .index =3D MSR_IA32_LASTBRANCHFROMIP, .always =3D false }, - { .index =3D MSR_IA32_LASTBRANCHTOIP, .always =3D false }, - { .index =3D MSR_IA32_LASTINTFROMIP, .always =3D false }, - { .index =3D MSR_IA32_LASTINTTOIP, .always =3D false }, - { .index =3D MSR_IA32_XSS, .always =3D false }, - { .index =3D MSR_EFER, .always =3D false }, - { .index =3D MSR_IA32_CR_PAT, .always =3D false }, - { .index =3D MSR_AMD64_SEV_ES_GHCB, .always =3D false }, - { .index =3D MSR_TSC_AUX, .always =3D false }, - { .index =3D X2APIC_MSR(APIC_ID), .always =3D false }, - { .index =3D X2APIC_MSR(APIC_LVR), .always =3D false }, - { .index =3D X2APIC_MSR(APIC_TASKPRI), .always =3D false }, - { .index =3D X2APIC_MSR(APIC_ARBPRI), .always =3D false }, - { .index =3D X2APIC_MSR(APIC_PROCPRI), .always =3D false }, - { .index =3D X2APIC_MSR(APIC_EOI), .always =3D false }, - { .index =3D X2APIC_MSR(APIC_RRR), .always =3D false }, - { .index =3D X2APIC_MSR(APIC_LDR), .always =3D false }, - { .index =3D X2APIC_MSR(APIC_DFR), .always =3D false }, - { .index =3D X2APIC_MSR(APIC_SPIV), .always =3D false }, - { .index =3D X2APIC_MSR(APIC_ISR), .always =3D false }, - { .index =3D X2APIC_MSR(APIC_TMR), .always =3D false }, - { .index =3D X2APIC_MSR(APIC_IRR), .always =3D false }, - { .index =3D X2APIC_MSR(APIC_ESR), .always =3D false }, - { .index =3D X2APIC_MSR(APIC_ICR), .always =3D false }, - { .index =3D X2APIC_MSR(APIC_ICR2), .always =3D false }, + MSR_IA32_SPEC_CTRL, + MSR_IA32_PRED_CMD, + MSR_IA32_FLUSH_CMD, + MSR_IA32_DEBUGCTLMSR, + MSR_IA32_LASTBRANCHFROMIP, + MSR_IA32_LASTBRANCHTOIP, + MSR_IA32_LASTINTFROMIP, + MSR_IA32_LASTINTTOIP, + MSR_IA32_XSS, + MSR_EFER, + MSR_IA32_CR_PAT, + MSR_AMD64_SEV_ES_GHCB, + MSR_TSC_AUX, + X2APIC_MSR(APIC_ID), + X2APIC_MSR(APIC_LVR), + X2APIC_MSR(APIC_TASKPRI), + X2APIC_MSR(APIC_ARBPRI), + X2APIC_MSR(APIC_PROCPRI), + X2APIC_MSR(APIC_EOI), + X2APIC_MSR(APIC_RRR), + X2APIC_MSR(APIC_LDR), + X2APIC_MSR(APIC_DFR), + X2APIC_MSR(APIC_SPIV), + X2APIC_MSR(APIC_ISR), + X2APIC_MSR(APIC_TMR), + X2APIC_MSR(APIC_IRR), + X2APIC_MSR(APIC_ESR), + X2APIC_MSR(APIC_ICR), + X2APIC_MSR(APIC_ICR2), =20 /* * Note: @@ -136,14 +133,14 @@ static const struct svm_direct_access_msrs { * the AVIC hardware would generate GP fault. Therefore, always * intercept the MSR 0x832, and do not setup direct_access_msr. */ - { .index =3D X2APIC_MSR(APIC_LVTTHMR), .always =3D false }, - { .index =3D X2APIC_MSR(APIC_LVTPC), .always =3D false }, - { .index =3D X2APIC_MSR(APIC_LVT0), .always =3D false }, - { .index =3D X2APIC_MSR(APIC_LVT1), .always =3D false }, - { .index =3D X2APIC_MSR(APIC_LVTERR), .always =3D false }, - { .index =3D X2APIC_MSR(APIC_TMICT), .always =3D false }, - { .index =3D X2APIC_MSR(APIC_TMCCT), .always =3D false }, - { .index =3D X2APIC_MSR(APIC_TDCR), .always =3D false }, + X2APIC_MSR(APIC_LVTTHMR), + X2APIC_MSR(APIC_LVTPC), + X2APIC_MSR(APIC_LVT0), + X2APIC_MSR(APIC_LVT1), + X2APIC_MSR(APIC_LVTERR), + X2APIC_MSR(APIC_TMICT), + X2APIC_MSR(APIC_TMCCT), + X2APIC_MSR(APIC_TDCR), }; =20 static_assert(ARRAY_SIZE(direct_access_msrs) =3D=3D @@ -771,7 +768,7 @@ static int direct_access_msr_slot(u32 msr) u32 i; =20 for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) { - if (direct_access_msrs[i].index =3D=3D msr) + if (direct_access_msrs[i] =3D=3D msr) return i; } =20 @@ -939,14 +936,17 @@ u32 *svm_vcpu_alloc_msrpm(void) =20 static void svm_vcpu_init_msrpm(struct kvm_vcpu *vcpu) { - int i; + svm_disable_intercept_for_msr(vcpu, MSR_STAR, MSR_TYPE_RW); + svm_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_CS, MSR_TYPE_RW); =20 - for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) { - if (!direct_access_msrs[i].always) - continue; - svm_disable_intercept_for_msr(vcpu, direct_access_msrs[i].index, - MSR_TYPE_RW); - } +#ifdef CONFIG_X86_64 + svm_disable_intercept_for_msr(vcpu, MSR_GS_BASE, MSR_TYPE_RW); + svm_disable_intercept_for_msr(vcpu, MSR_FS_BASE, MSR_TYPE_RW); + svm_disable_intercept_for_msr(vcpu, MSR_KERNEL_GS_BASE, MSR_TYPE_RW); + svm_disable_intercept_for_msr(vcpu, MSR_LSTAR, MSR_TYPE_RW); + svm_disable_intercept_for_msr(vcpu, MSR_CSTAR, MSR_TYPE_RW); + svm_disable_intercept_for_msr(vcpu, MSR_SYSCALL_MASK, MSR_TYPE_RW); +#endif } =20 void svm_set_x2apic_msr_interception(struct vcpu_svm *svm, bool intercept) @@ -960,7 +960,7 @@ void svm_set_x2apic_msr_interception(struct vcpu_svm *s= vm, bool intercept) return; =20 for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) { - int index =3D direct_access_msrs[i].index; + int index =3D direct_access_msrs[i]; =20 if ((index < APIC_BASE_MSR) || (index > APIC_BASE_MSR + 0xff)) @@ -988,7 +988,7 @@ static void svm_msr_filter_changed(struct kvm_vcpu *vcp= u) * back in sync after this. */ for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) { - u32 msr =3D direct_access_msrs[i].index; + u32 msr =3D direct_access_msrs[i]; u32 read =3D test_bit(i, svm->shadow_msr_intercept.read); u32 write =3D test_bit(i, svm->shadow_msr_intercept.write); =20 @@ -1028,7 +1028,7 @@ static __init int init_msrpm_offsets(void) for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) { u32 offset; =20 - offset =3D svm_msrpm_offset(direct_access_msrs[i].index); + offset =3D svm_msrpm_offset(direct_access_msrs[i]); if (WARN_ON(offset =3D=3D MSR_INVALID)) return -EIO; =20 --=20 2.49.0.1204.g71687c7c1d-goog From nobody Wed Feb 11 04:00:15 2026 Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com [209.85.210.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2E415263C8A for ; Thu, 29 May 2025 23:40:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562043; cv=none; b=lzJoO5gqSmJo2AmPbnp1WlBa8JoJC3TRGUCLXe81D0noaBMp3hDNmKoevK5E74+IC7a9WuoYB3Xlm14HOY9RRiJU2M8pSLdegn7W5C8JrjZeqw9ZnHkxHX4HYwgqQnM58JclzSUiyFEolZs6T2XbOxVIyP3T61qJPU1HuExl/mU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562043; c=relaxed/simple; bh=XxjnhMgnSS8MQbWGc8B+Q7XSqvDBAbS+uigF7Petd18=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=eovDdPP4e6OWNXtI650tVI2I6AAJStfEuVDQrfES2ShjHhujQvi5/7s05R8CxR6YGXBi1Yvk6dR9GYorKAczJJTfZ3GgBots5Rbg7ejZy6XD7h0UhEftSrrbfQ3kGqfvWG+j3FtUl2MQaCH/I8L+xIQo1kPIcwF0qtUd70hzdvo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=mByjQctO; arc=none smtp.client-ip=209.85.210.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="mByjQctO" Received: by mail-pf1-f202.google.com with SMTP id d2e1a72fcca58-7370e73f690so1540868b3a.3 for ; Thu, 29 May 2025 16:40:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748562041; x=1749166841; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=WHl6TJ6f1E56pNqwyH1ONtdj4EIup5/gmNdjp5O50Ac=; b=mByjQctOC/t8TEcit3+J4CBkmd6ZLro4MidFVp6aN1fzxFqnP/19qm+vQBajUa/RGy ic/2dgtk30akbZswOHzS7skvTIQmh3VaQL/OH7bGER5iNWzMVsn7QsEyAntu4lL4ZJBf N7M6XXga5bllXdY65CrXll7k1549kbMIIbiWM97WNpBzVW9vnjuzLCI8g/XQfgvOQWFn HkP8rUSpDfwXZ5qKFmwOGwZaKAmvvtvj7CVubVlfaO+q1i9xdk6NjO7OORE8boobWD2U atB0/I6dUTIkHMByygD15DYmDwUGOCq4t3KO4j5EoCadFL2K7RgweqLjw1MMNzk/kf1H uJKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748562041; x=1749166841; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=WHl6TJ6f1E56pNqwyH1ONtdj4EIup5/gmNdjp5O50Ac=; b=fOwBOrJuvvBsWJaW6ry+M4PX1xUsIMOKlod0CdDLX5hAxDxa8bQmRt71qv4+N4jjwB xIW5e6kDHrPg5iy/yua70n4rDtthZice/LkPWL05ecMerD3cumrRrXSXZA/SDqunTkrC LrM6+6rIaVb5KDhij+Lt+tCCmuobZFlrBFkJs3Dn76+O6yKFyTxSvDr0YCtt7b1lzlRU xhs04ZWU+Tbd40oD5CgoPXwAYOioXRSP/Um5g+xWdNszR9L6ZMauYIYxc4AM5/wNBHer CCPUHhoBwsbPr7AhSOur0PYdB3EfFjBiqildtuVngBCpvBouyNWrHUrbaXdauBNef9+s 4gGA== X-Forwarded-Encrypted: i=1; AJvYcCUnChBIPqt13u9K+aCVCmkxoLPyUrLFr06PT/vUJggQPsX6HSRx9A4sKe4o5500hqmXcoeM5JuQEshhMEk=@vger.kernel.org X-Gm-Message-State: AOJu0YwaCJBkUY5sGP741oa+pqs8EVhZRHhhZZiV9QSHbXp6NBeCEu2k E5NKM7aKldewMpjCIOfZSX2ZQSm36YCNVZDYQIAovKZucF56GEvcDiGMCjGrq4zCxM/JV3jyDDT +5oTp0Q== X-Google-Smtp-Source: AGHT+IHRWO6MapXktW8B7uJsbKRj0LjR8P1yoOH3s/GZFnhMx1juW493WtoXgMf6rX7uXjXLX55mcJfIKjI= X-Received: from pfbha17.prod.google.com ([2002:a05:6a00:8511:b0:747:bd1e:eebe]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a00:b49:b0:736:6043:69f9 with SMTP id d2e1a72fcca58-747bd9e6d31mr1808508b3a.19.1748562041461; Thu, 29 May 2025 16:40:41 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 29 May 2025 16:40:00 -0700 In-Reply-To: <20250529234013.3826933-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250529234013.3826933-1-seanjc@google.com> X-Mailer: git-send-email 2.49.0.1204.g71687c7c1d-goog Message-ID: <20250529234013.3826933-16-seanjc@google.com> Subject: [PATCH 15/28] KVM: x86: Move definition of X2APIC_MSR() to lapic.h From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Borislav Petkov , Xin Li , Chao Gao , Dapeng Mi Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Dedup the definition of X2APIC_MSR and put it in the local APIC code where it belongs. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/lapic.h | 2 ++ arch/x86/kvm/svm/svm.c | 2 -- arch/x86/kvm/vmx/vmx.h | 2 -- 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h index 4ce30db65828..4518b4e0552f 100644 --- a/arch/x86/kvm/lapic.h +++ b/arch/x86/kvm/lapic.h @@ -21,6 +21,8 @@ #define APIC_BROADCAST 0xFF #define X2APIC_BROADCAST 0xFFFFFFFFul =20 +#define X2APIC_MSR(r) (APIC_BASE_MSR + ((r) >> 4)) + enum lapic_mode { LAPIC_MODE_DISABLED =3D 0, LAPIC_MODE_INVALID =3D X2APIC_ENABLE, diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index e0fedd23e150..c01eda772997 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -81,8 +81,6 @@ static uint64_t osvw_len =3D 4, osvw_status; =20 static DEFINE_PER_CPU(u64, current_tsc_ratio); =20 -#define X2APIC_MSR(x) (APIC_BASE_MSR + (x >> 4)) - static const u32 direct_access_msrs[] =3D { MSR_STAR, MSR_IA32_SYSENTER_CS, diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h index b5758c33c60f..0afe97e3478f 100644 --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -19,8 +19,6 @@ #include "../mmu.h" #include "common.h" =20 -#define X2APIC_MSR(r) (APIC_BASE_MSR + ((r) >> 4)) - #ifdef CONFIG_X86_64 #define MAX_NR_USER_RETURN_MSRS 7 #else --=20 2.49.0.1204.g71687c7c1d-goog From nobody Wed Feb 11 04:00:15 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D039B257458 for ; Thu, 29 May 2025 23:40:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562046; cv=none; b=gHDB52nTaPIEpDxFBa5/pJxcBqlLJUGE/PhlW6JHUbsJqt6K5QLgXdP8BnqtdJAZGXrEfxyWwgsyiYYu9ZSyKXt3+g6gX5gyAQJlfs5b5RARdYESrhbh/ktMSnWH3Kqid5T/c3NLchMdfwgp/gF3wp48d8p1InLa4DderRU8BNI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562046; c=relaxed/simple; bh=O33BtJNOo80xVaZDEE/DRx/daeadMKrBBE6HwgKd7Y4=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=H3exo3QdEhdR33YAn7PQFJJmxSfUv33azOerE9y33F5oU6SrxvEveSpVDSH6b7voIWhgU0N8DzN+4LhRnbtOk6plapLk/VgjcsyAwgHptUjGBADsqDHUCwaPHlQei3hsuXrVDun41AU/O6jZWVbB4OV5F20UtD7eaSKbS9iIwqI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=B8KWrJKD; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="B8KWrJKD" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-311cc665661so1328658a91.2 for ; Thu, 29 May 2025 16:40:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748562043; x=1749166843; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=UOOPmHMr37cYJ1G3oxjtvw78EW21ZQaVCkdI2FrCdR8=; b=B8KWrJKDaiR0wSDGeTyC48VMvzPetIX8/1uf67t/tZKXmSSAt7HiQxLOVgMG2uAPRe Ka9Yk3bxWLZnjVyZdjMEAsDw/exQBlvz4ELGC0KDCeyUuDMKquZu9ve7wt1WnXDKtcPS ijwNEVOLmCxQe3TnazH2fPeh4mfEhGD5SW1nhg7iZRw1HZqPCtT1SMCg5ZQg34IyWTXq rv/GD+3OoOzWt1xbIV6S/+f0RU7lQTznG7xZO/c+gksLBPaMSMrSM0DOn9weFuy3lyaG f8B8D8RMwnhOROIS6cZvyPA5vQZ7fwkUNqMUp0lpc/EZ5l+JWNpZaf2feyBTpm+xhNel bYGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748562043; x=1749166843; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=UOOPmHMr37cYJ1G3oxjtvw78EW21ZQaVCkdI2FrCdR8=; b=MgFblUrDPxxvfTIjjC+k3wr9wpQ6mD/iyuky/wgzxSeMig5VBhv+UzFvEMCu9YaFjq +PTA0A+b238QaluPrIFqObYfcBbo1yVweDi2O+N/sa9GjTkyfeD7/vzl8QdwbYTXWu2U MREgGWFBpQgDpPDkKrjYe9LbpuYtb6dTcEJssSkdKNSDCoRXWEiugHV/VlKnvUzzO3JE 1PUmv2Nz0xcuAGQ1MLQN0nHBBkc5Jj8wbCPqHjPlAhuNlXwiiS93uLDe/E9rIVJwiBBS hTn33Ze4+wX6rwlHtwm9xkLfKLI4zLsEGdkXWv+OWKwA3Q44UFukD1/a1ogG+zLdLK1T JKjg== X-Forwarded-Encrypted: i=1; AJvYcCV8NJnRvVd4xI+2qKbypzX2i0r+zClKpRtiNUKjl6dNd4IYJGPn/uYtdsl2Y8SxooNIAL/ccQ2jXH63LLk=@vger.kernel.org X-Gm-Message-State: AOJu0YxXZdu+bDdZmKRsQpYJoOCDQDlwNLKtPQJXIaEcrusbsTNb8sGN n+4XPG+tamGeSFkbySDYr0AMxpV3jo4F6IDCnnz2lq3gQKDAiiS6/1NLQwNYn6MbFDR4jkYQh1R yfpZi/A== X-Google-Smtp-Source: AGHT+IHAoGdZFc0J3ioTPcFg41l5KnD1coCisy9YuSWfjfod9//GKc+7T2F6M9sPTz4jvRjH5Y9sezH6q/w= X-Received: from pjbsj2.prod.google.com ([2002:a17:90b:2d82:b0:308:6685:55e6]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:1e09:b0:312:25dd:1c86 with SMTP id 98e67ed59e1d1-31241639de9mr2105681a91.18.1748562043106; Thu, 29 May 2025 16:40:43 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 29 May 2025 16:40:01 -0700 In-Reply-To: <20250529234013.3826933-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250529234013.3826933-1-seanjc@google.com> X-Mailer: git-send-email 2.49.0.1204.g71687c7c1d-goog Message-ID: <20250529234013.3826933-17-seanjc@google.com> Subject: [PATCH 16/28] KVM: VMX: Manually recalc all MSR intercepts on userspace MSR filter change From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Borislav Petkov , Xin Li , Chao Gao , Dapeng Mi Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" On a userspace MSR filter change, recalculate all MSR intercepts using the filter-agnostic logic instead of maintaining a "shadow copy" of KVM's desired intercepts. The shadow bitmaps add yet another point of failure, are confusing (e.g. what does "handled specially" mean!?!?), an eyesore, and a maintenance burden. Given that KVM *must* be able to recalculate the correct intercepts at any given time, and that MSR filter updates are not hot paths, there is zero benefit to maintaining the shadow bitmaps. Link: https://lore.kernel.org/all/aCdPbZiYmtni4Bjs@google.com Link: https://lore.kernel.org/all/20241126180253.GAZ0YNTdXH1UGeqsu6@fat_cra= te.local Cc: Borislav Petkov Cc: Xin Li Cc: Chao Gao Cc: Dapeng Mi Signed-off-by: Sean Christopherson Reviewed-by: Chao Gao Reviewed-by: Dapeng Mi Reviewed-by: Xin Li (Intel) --- arch/x86/kvm/vmx/vmx.c | 184 +++++++++++------------------------------ arch/x86/kvm/vmx/vmx.h | 7 -- 2 files changed, 47 insertions(+), 144 deletions(-) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 8f7fe04a1998..6ffa2b2b85ce 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -166,31 +166,6 @@ module_param(allow_smaller_maxphyaddr, bool, S_IRUGO); RTIT_STATUS_ERROR | RTIT_STATUS_STOPPED | \ RTIT_STATUS_BYTECNT)) =20 -/* - * List of MSRs that can be directly passed to the guest. - * In addition to these x2apic, PT and LBR MSRs are handled specially. - */ -static u32 vmx_possible_passthrough_msrs[MAX_POSSIBLE_PASSTHROUGH_MSRS] = =3D { - MSR_IA32_SPEC_CTRL, - MSR_IA32_PRED_CMD, - MSR_IA32_FLUSH_CMD, - MSR_IA32_TSC, -#ifdef CONFIG_X86_64 - MSR_FS_BASE, - MSR_GS_BASE, - MSR_KERNEL_GS_BASE, - MSR_IA32_XFD, - MSR_IA32_XFD_ERR, -#endif - MSR_IA32_SYSENTER_CS, - MSR_IA32_SYSENTER_ESP, - MSR_IA32_SYSENTER_EIP, - MSR_CORE_C1_RES, - MSR_CORE_C3_RESIDENCY, - MSR_CORE_C6_RESIDENCY, - MSR_CORE_C7_RESIDENCY, -}; - /* * These 2 parameters are used to config the controls for Pause-Loop Exiti= ng: * ple_gap: upper bound on the amount of time between two successive @@ -672,40 +647,6 @@ static inline bool cpu_need_virtualize_apic_accesses(s= truct kvm_vcpu *vcpu) return flexpriority_enabled && lapic_in_kernel(vcpu); } =20 -static int vmx_get_passthrough_msr_slot(u32 msr) -{ - int i; - - switch (msr) { - case 0x800 ... 0x8ff: - /* x2APIC MSRs. These are handled in vmx_update_msr_bitmap_x2apic() */ - return -ENOENT; - case MSR_IA32_RTIT_STATUS: - case MSR_IA32_RTIT_OUTPUT_BASE: - case MSR_IA32_RTIT_OUTPUT_MASK: - case MSR_IA32_RTIT_CR3_MATCH: - case MSR_IA32_RTIT_ADDR0_A ... MSR_IA32_RTIT_ADDR3_B: - /* PT MSRs. These are handled in pt_update_intercept_for_msr() */ - case MSR_LBR_SELECT: - case MSR_LBR_TOS: - case MSR_LBR_INFO_0 ... MSR_LBR_INFO_0 + 31: - case MSR_LBR_NHM_FROM ... MSR_LBR_NHM_FROM + 31: - case MSR_LBR_NHM_TO ... MSR_LBR_NHM_TO + 31: - case MSR_LBR_CORE_FROM ... MSR_LBR_CORE_FROM + 8: - case MSR_LBR_CORE_TO ... MSR_LBR_CORE_TO + 8: - /* LBR MSRs. These are handled in vmx_update_intercept_for_lbr_msrs() */ - return -ENOENT; - } - - for (i =3D 0; i < ARRAY_SIZE(vmx_possible_passthrough_msrs); i++) { - if (vmx_possible_passthrough_msrs[i] =3D=3D msr) - return i; - } - - WARN(1, "Invalid MSR %x, please adapt vmx_possible_passthrough_msrs[]", m= sr); - return -ENOENT; -} - struct vmx_uret_msr *vmx_find_uret_msr(struct vcpu_vmx *vmx, u32 msr) { int i; @@ -4015,25 +3956,12 @@ void vmx_disable_intercept_for_msr(struct kvm_vcpu = *vcpu, u32 msr, int type) { struct vcpu_vmx *vmx =3D to_vmx(vcpu); unsigned long *msr_bitmap =3D vmx->vmcs01.msr_bitmap; - int idx; =20 if (!cpu_has_vmx_msr_bitmap()) return; =20 vmx_msr_bitmap_l01_changed(vmx); =20 - /* - * Mark the desired intercept state in shadow bitmap, this is needed - * for resync when the MSR filters change. - */ - idx =3D vmx_get_passthrough_msr_slot(msr); - if (idx >=3D 0) { - if (type & MSR_TYPE_R) - __clear_bit(idx, vmx->shadow_msr_intercept.read); - if (type & MSR_TYPE_W) - __clear_bit(idx, vmx->shadow_msr_intercept.write); - } - if ((type & MSR_TYPE_R) && !kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_READ)) { vmx_set_msr_bitmap_read(msr_bitmap, msr); @@ -4057,25 +3985,12 @@ void vmx_enable_intercept_for_msr(struct kvm_vcpu *= vcpu, u32 msr, int type) { struct vcpu_vmx *vmx =3D to_vmx(vcpu); unsigned long *msr_bitmap =3D vmx->vmcs01.msr_bitmap; - int idx; =20 if (!cpu_has_vmx_msr_bitmap()) return; =20 vmx_msr_bitmap_l01_changed(vmx); =20 - /* - * Mark the desired intercept state in shadow bitmap, this is needed - * for resync when the MSR filter changes. - */ - idx =3D vmx_get_passthrough_msr_slot(msr); - if (idx >=3D 0) { - if (type & MSR_TYPE_R) - __set_bit(idx, vmx->shadow_msr_intercept.read); - if (type & MSR_TYPE_W) - __set_bit(idx, vmx->shadow_msr_intercept.write); - } - if (type & MSR_TYPE_R) vmx_set_msr_bitmap_read(msr_bitmap, msr); =20 @@ -4159,35 +4074,59 @@ void pt_update_intercept_for_msr(struct kvm_vcpu *v= cpu) } } =20 -void vmx_msr_filter_changed(struct kvm_vcpu *vcpu) +static void vmx_recalc_msr_intercepts(struct kvm_vcpu *vcpu) { - struct vcpu_vmx *vmx =3D to_vmx(vcpu); - u32 i; - if (!cpu_has_vmx_msr_bitmap()) return; =20 - /* - * Redo intercept permissions for MSRs that KVM is passing through to - * the guest. Disabling interception will check the new MSR filter and - * ensure that KVM enables interception if usersepace wants to filter - * the MSR. MSRs that KVM is already intercepting don't need to be - * refreshed since KVM is going to intercept them regardless of what - * userspace wants. - */ - for (i =3D 0; i < ARRAY_SIZE(vmx_possible_passthrough_msrs); i++) { - u32 msr =3D vmx_possible_passthrough_msrs[i]; - - if (!test_bit(i, vmx->shadow_msr_intercept.read)) - vmx_disable_intercept_for_msr(vcpu, msr, MSR_TYPE_R); - - if (!test_bit(i, vmx->shadow_msr_intercept.write)) - vmx_disable_intercept_for_msr(vcpu, msr, MSR_TYPE_W); + vmx_disable_intercept_for_msr(vcpu, MSR_IA32_TSC, MSR_TYPE_R); +#ifdef CONFIG_X86_64 + vmx_disable_intercept_for_msr(vcpu, MSR_FS_BASE, MSR_TYPE_RW); + vmx_disable_intercept_for_msr(vcpu, MSR_GS_BASE, MSR_TYPE_RW); + vmx_disable_intercept_for_msr(vcpu, MSR_KERNEL_GS_BASE, MSR_TYPE_RW); +#endif + vmx_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_CS, MSR_TYPE_RW); + vmx_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_ESP, MSR_TYPE_RW); + vmx_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_EIP, MSR_TYPE_RW); + if (kvm_cstate_in_guest(vcpu->kvm)) { + vmx_disable_intercept_for_msr(vcpu, MSR_CORE_C1_RES, MSR_TYPE_R); + vmx_disable_intercept_for_msr(vcpu, MSR_CORE_C3_RESIDENCY, MSR_TYPE_R); + vmx_disable_intercept_for_msr(vcpu, MSR_CORE_C6_RESIDENCY, MSR_TYPE_R); + vmx_disable_intercept_for_msr(vcpu, MSR_CORE_C7_RESIDENCY, MSR_TYPE_R); } =20 /* PT MSRs can be passed through iff PT is exposed to the guest. */ if (vmx_pt_mode_is_host_guest()) pt_update_intercept_for_msr(vcpu); + + if (vcpu->arch.xfd_no_write_intercept) + vmx_disable_intercept_for_msr(vcpu, MSR_IA32_XFD, MSR_TYPE_RW); + + + vmx_set_intercept_for_msr(vcpu, MSR_IA32_SPEC_CTRL, MSR_TYPE_RW, + !to_vmx(vcpu)->spec_ctrl); + + if (kvm_cpu_cap_has(X86_FEATURE_XFD)) + vmx_set_intercept_for_msr(vcpu, MSR_IA32_XFD_ERR, MSR_TYPE_R, + !guest_cpu_cap_has(vcpu, X86_FEATURE_XFD)); + + if (boot_cpu_has(X86_FEATURE_IBPB)) + vmx_set_intercept_for_msr(vcpu, MSR_IA32_PRED_CMD, MSR_TYPE_W, + !guest_has_pred_cmd_msr(vcpu)); + + if (boot_cpu_has(X86_FEATURE_FLUSH_L1D)) + vmx_set_intercept_for_msr(vcpu, MSR_IA32_FLUSH_CMD, MSR_TYPE_W, + !guest_cpu_cap_has(vcpu, X86_FEATURE_FLUSH_L1D)); + + /* + * x2APIC and LBR MSR intercepts are modified on-demand and cannot be + * filtered by userspace. + */ +} + +void vmx_msr_filter_changed(struct kvm_vcpu *vcpu) +{ + vmx_recalc_msr_intercepts(vcpu); } =20 static int vmx_deliver_nested_posted_interrupt(struct kvm_vcpu *vcpu, @@ -7537,26 +7476,6 @@ int vmx_vcpu_create(struct kvm_vcpu *vcpu) evmcs->hv_enlightenments_control.msr_bitmap =3D 1; } =20 - /* The MSR bitmap starts with all ones */ - bitmap_fill(vmx->shadow_msr_intercept.read, MAX_POSSIBLE_PASSTHROUGH_MSRS= ); - bitmap_fill(vmx->shadow_msr_intercept.write, MAX_POSSIBLE_PASSTHROUGH_MSR= S); - - vmx_disable_intercept_for_msr(vcpu, MSR_IA32_TSC, MSR_TYPE_R); -#ifdef CONFIG_X86_64 - vmx_disable_intercept_for_msr(vcpu, MSR_FS_BASE, MSR_TYPE_RW); - vmx_disable_intercept_for_msr(vcpu, MSR_GS_BASE, MSR_TYPE_RW); - vmx_disable_intercept_for_msr(vcpu, MSR_KERNEL_GS_BASE, MSR_TYPE_RW); -#endif - vmx_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_CS, MSR_TYPE_RW); - vmx_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_ESP, MSR_TYPE_RW); - vmx_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_EIP, MSR_TYPE_RW); - if (kvm_cstate_in_guest(vcpu->kvm)) { - vmx_disable_intercept_for_msr(vcpu, MSR_CORE_C1_RES, MSR_TYPE_R); - vmx_disable_intercept_for_msr(vcpu, MSR_CORE_C3_RESIDENCY, MSR_TYPE_R); - vmx_disable_intercept_for_msr(vcpu, MSR_CORE_C6_RESIDENCY, MSR_TYPE_R); - vmx_disable_intercept_for_msr(vcpu, MSR_CORE_C7_RESIDENCY, MSR_TYPE_R); - } - vmx->loaded_vmcs =3D &vmx->vmcs01; =20 if (cpu_need_virtualize_apic_accesses(vcpu)) { @@ -7842,18 +7761,6 @@ void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) } } =20 - if (kvm_cpu_cap_has(X86_FEATURE_XFD)) - vmx_set_intercept_for_msr(vcpu, MSR_IA32_XFD_ERR, MSR_TYPE_R, - !guest_cpu_cap_has(vcpu, X86_FEATURE_XFD)); - - if (boot_cpu_has(X86_FEATURE_IBPB)) - vmx_set_intercept_for_msr(vcpu, MSR_IA32_PRED_CMD, MSR_TYPE_W, - !guest_has_pred_cmd_msr(vcpu)); - - if (boot_cpu_has(X86_FEATURE_FLUSH_L1D)) - vmx_set_intercept_for_msr(vcpu, MSR_IA32_FLUSH_CMD, MSR_TYPE_W, - !guest_cpu_cap_has(vcpu, X86_FEATURE_FLUSH_L1D)); - set_cr4_guest_host_mask(vmx); =20 vmx_write_encls_bitmap(vcpu, NULL); @@ -7869,6 +7776,9 @@ void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) vmx->msr_ia32_feature_control_valid_bits &=3D ~FEAT_CTL_SGX_LC_ENABLED; =20 + /* Recalc MSR interception to account for feature changes. */ + vmx_recalc_msr_intercepts(vcpu); + /* Refresh #PF interception to account for MAXPHYADDR changes. */ vmx_update_exception_bitmap(vcpu); } diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h index 0afe97e3478f..a26fe3d9e1d2 100644 --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -294,13 +294,6 @@ struct vcpu_vmx { struct pt_desc pt_desc; struct lbr_desc lbr_desc; =20 - /* Save desired MSR intercept (read: pass-through) state */ -#define MAX_POSSIBLE_PASSTHROUGH_MSRS 16 - struct { - DECLARE_BITMAP(read, MAX_POSSIBLE_PASSTHROUGH_MSRS); - DECLARE_BITMAP(write, MAX_POSSIBLE_PASSTHROUGH_MSRS); - } shadow_msr_intercept; - /* ve_info must be page aligned. */ struct vmx_ve_information *ve_info; }; --=20 2.49.0.1204.g71687c7c1d-goog From nobody Wed Feb 11 04:00:15 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 44BFD26563C for ; Thu, 29 May 2025 23:40:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562047; cv=none; b=PcGKP2diYY8Z0Wl99YvUf6cLOGkGQA3vsPsE8r1u9bpGhQ8aVA7Es5r45ksBaleDN7jEngh+MdXsFOC7QN1EA3SfEjh2cEoT3ucGnPRk9u4xhRhNWfxhq00oc/3UvLb6tAZWp8Es6xv+uibamDYKX/TH/ipzQ0Uo+GbfJDYjIeE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562047; c=relaxed/simple; bh=l+bL02aU50EoI4h1YgPPVT/B8gun1WMmPfYxA+pHVO8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=I12JTIz9vub/wsiPujwOLBtl1dUuQRuYsI4bPpzTZDsMvj3Bbk690A+djRCS/rRmqSfkJzVq/tAz8e47FA3FaPWSFBoFyFcRQ+5+SGSoBFseVOWvFHxU7zphqlI3CmtBe1XB/hnqaFjdtOO7qCOr7dibYSY+9I8vlL5yGbOu1ww= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Xiaz/YaR; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Xiaz/YaR" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-311e7d05931so1358544a91.1 for ; Thu, 29 May 2025 16:40:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748562045; x=1749166845; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=0MKMXjzifl+Y0iOoy/Oi+CiJXlYxImLK0MhEMw2cEd4=; b=Xiaz/YaRtn+XdnOv/+lkWifoP8SvCJC4eggqMbMXPd8Fs8yuNKgy4CJRrQFOG8IZMD MbJ7icPf2p8OVYY/bf9d2+UsWZDdJqxXjkW63vg83jV/lr4pJLgQP5x9caSRsYY36n5Z l7CugQX6FOLpMRihaTiGLgO/ECJf/FU9uKPanFt5RuQxZWujFQVdUKfyycDnjPOgLL04 efdORC6kniNHhzFcDWyrvUO5m0RCx7amjADdcIK5AJiiSLQ9CGhioE2TRi7g25XdTwjS SwXfMoHH5QFyWvn7h1IwP2MKrsbMtH6d6Ic3sXmj/DJuub1d0OYzzWIGwKz4ySugGe5V Jp7g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748562045; x=1749166845; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=0MKMXjzifl+Y0iOoy/Oi+CiJXlYxImLK0MhEMw2cEd4=; b=i6AYUqrp7gKp2pkliAUI7Jrju1rg5puuhoNPc10xyodkfM479/zKIrsPmvkOA6HNsf hu7GAWSAcrV8aNoyOR3NQq1/uvzMeS5C9G3p07vUNiEFUK7l3VhiyTW/4UVic9Rni35L ujtoVAXy60nS/naC0B/VCKDhgExwle6Cbwhhhe1lLtQRdCM+H2IzQDb3HK28SC8SDsUG PTkfutndQ3jcrwoqan8bT9uV1Z66pA+8TQSftww/aL8hiOJGwYlo+ld9EQoreZM2lcBw GyAwdHGN2e3Ir52lVrdpiDCE/yYXIDs0awW2ZzR4Ci1x5zifuifE25M2yDwdyWJmQdtH neEg== X-Forwarded-Encrypted: i=1; AJvYcCX74XP4DfMojn1ABvrYoabZZ6a2BwQqv4eEWlm09yZfxKBGJBGmqPJ4DcFmDc8t8ixO7wwi82OYQ46KRGw=@vger.kernel.org X-Gm-Message-State: AOJu0Yw+CnkxlP1vXACmB9B9nNJ029Th5chFn+CZKkw8JYuETX2L2iFl cn6BdbXSkZRVNsk4JcmqZ5PMtXTJgzY5q9PtFO/YqHpLLne24aWmHSMKVRgi/FZ7NikBlmoUOnR vEVjnYQ== X-Google-Smtp-Source: AGHT+IG//Yn4AMtGisp550xuhCbxFGP4qZhdOUv975mhuo37yy0hIIVaEbhoy9qK/k4ZRN5e22pRDlIRZjc= X-Received: from pjm12.prod.google.com ([2002:a17:90b:2fcc:b0:311:4bc2:3093]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:4a03:b0:311:b413:f5e1 with SMTP id 98e67ed59e1d1-31241e86b02mr1734982a91.32.1748562044848; Thu, 29 May 2025 16:40:44 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 29 May 2025 16:40:02 -0700 In-Reply-To: <20250529234013.3826933-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250529234013.3826933-1-seanjc@google.com> X-Mailer: git-send-email 2.49.0.1204.g71687c7c1d-goog Message-ID: <20250529234013.3826933-18-seanjc@google.com> Subject: [PATCH 17/28] KVM: SVM: Manually recalc all MSR intercepts on userspace MSR filter change From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Borislav Petkov , Xin Li , Chao Gao , Dapeng Mi Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" On a userspace MSR filter change, recalculate all MSR intercepts using the filter-agnostic logic instead of maintaining a "shadow copy" of KVM's desired intercepts. The shadow bitmaps add yet another point of failure, are confusing (e.g. what does "handled specially" mean!?!?), an eyesore, and a maintenance burden. Given that KVM *must* be able to recalculate the correct intercepts at any given time, and that MSR filter updates are not hot paths, there is zero benefit to maintaining the shadow bitmaps. Link: https://lore.kernel.org/all/aCdPbZiYmtni4Bjs@google.com Link: https://lore.kernel.org/all/20241126180253.GAZ0YNTdXH1UGeqsu6@fat_cra= te.local Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/sev.c | 16 +- arch/x86/kvm/svm/svm.c | 371 +++++++++++------------------------------ arch/x86/kvm/svm/svm.h | 7 +- 3 files changed, 105 insertions(+), 289 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 694d38a2327c..800ece58b84c 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -4411,9 +4411,12 @@ int sev_es_string_io(struct vcpu_svm *svm, int size,= unsigned int port, int in) count, in); } =20 -static void sev_es_vcpu_after_set_cpuid(struct vcpu_svm *svm) +void sev_es_recalc_msr_intercepts(struct kvm_vcpu *vcpu) { - struct kvm_vcpu *vcpu =3D &svm->vcpu; + /* Clear intercepts on MSRs that are context switched by hardware. */ + svm_disable_intercept_for_msr(vcpu, MSR_AMD64_SEV_ES_GHCB, MSR_TYPE_RW); + svm_disable_intercept_for_msr(vcpu, MSR_EFER, MSR_TYPE_RW); + svm_disable_intercept_for_msr(vcpu, MSR_IA32_CR_PAT, MSR_TYPE_RW); =20 if (boot_cpu_has(X86_FEATURE_V_TSC_AUX)) svm_set_intercept_for_msr(vcpu, MSR_TSC_AUX, MSR_TYPE_RW, @@ -4448,16 +4451,12 @@ void sev_vcpu_after_set_cpuid(struct vcpu_svm *svm) best =3D kvm_find_cpuid_entry(vcpu, 0x8000001F); if (best) vcpu->arch.reserved_gpa_bits &=3D ~(1UL << (best->ebx & 0x3f)); - - if (sev_es_guest(svm->vcpu.kvm)) - sev_es_vcpu_after_set_cpuid(svm); } =20 static void sev_es_init_vmcb(struct vcpu_svm *svm) { struct kvm_sev_info *sev =3D to_kvm_sev_info(svm->vcpu.kvm); struct vmcb *vmcb =3D svm->vmcb01.ptr; - struct kvm_vcpu *vcpu =3D &svm->vcpu; =20 svm->vmcb->control.nested_ctl |=3D SVM_NESTED_CTL_SEV_ES_ENABLE; =20 @@ -4511,11 +4510,6 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm) =20 /* Can't intercept XSETBV, HV can't modify XCR0 directly */ svm_clr_intercept(svm, INTERCEPT_XSETBV); - - /* Clear intercepts on MSRs that are context switched by hardware. */ - svm_disable_intercept_for_msr(vcpu, MSR_AMD64_SEV_ES_GHCB, MSR_TYPE_RW); - svm_disable_intercept_for_msr(vcpu, MSR_EFER, MSR_TYPE_RW); - svm_disable_intercept_for_msr(vcpu, MSR_IA32_CR_PAT, MSR_TYPE_RW); } =20 void sev_init_vmcb(struct vcpu_svm *svm) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index c01eda772997..685d9fd4a4e1 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -71,8 +71,6 @@ MODULE_DEVICE_TABLE(x86cpu, svm_cpu_id); =20 static bool erratum_383_found __read_mostly; =20 -u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly; - /* * Set osvw_len to higher value when updated Revision Guides * are published and we know what the new status bits are @@ -81,70 +79,6 @@ static uint64_t osvw_len =3D 4, osvw_status; =20 static DEFINE_PER_CPU(u64, current_tsc_ratio); =20 -static const u32 direct_access_msrs[] =3D { - MSR_STAR, - MSR_IA32_SYSENTER_CS, - MSR_IA32_SYSENTER_EIP, - MSR_IA32_SYSENTER_ESP, -#ifdef CONFIG_X86_64 - MSR_GS_BASE, - MSR_FS_BASE, - MSR_KERNEL_GS_BASE, - MSR_LSTAR, - MSR_CSTAR, - MSR_SYSCALL_MASK, -#endif - MSR_IA32_SPEC_CTRL, - MSR_IA32_PRED_CMD, - MSR_IA32_FLUSH_CMD, - MSR_IA32_DEBUGCTLMSR, - MSR_IA32_LASTBRANCHFROMIP, - MSR_IA32_LASTBRANCHTOIP, - MSR_IA32_LASTINTFROMIP, - MSR_IA32_LASTINTTOIP, - MSR_IA32_XSS, - MSR_EFER, - MSR_IA32_CR_PAT, - MSR_AMD64_SEV_ES_GHCB, - MSR_TSC_AUX, - X2APIC_MSR(APIC_ID), - X2APIC_MSR(APIC_LVR), - X2APIC_MSR(APIC_TASKPRI), - X2APIC_MSR(APIC_ARBPRI), - X2APIC_MSR(APIC_PROCPRI), - X2APIC_MSR(APIC_EOI), - X2APIC_MSR(APIC_RRR), - X2APIC_MSR(APIC_LDR), - X2APIC_MSR(APIC_DFR), - X2APIC_MSR(APIC_SPIV), - X2APIC_MSR(APIC_ISR), - X2APIC_MSR(APIC_TMR), - X2APIC_MSR(APIC_IRR), - X2APIC_MSR(APIC_ESR), - X2APIC_MSR(APIC_ICR), - X2APIC_MSR(APIC_ICR2), - - /* - * Note: - * AMD does not virtualize APIC TSC-deadline timer mode, but it is - * emulated by KVM. When setting APIC LVTT (0x832) register bit 18, - * the AVIC hardware would generate GP fault. Therefore, always - * intercept the MSR 0x832, and do not setup direct_access_msr. - */ - X2APIC_MSR(APIC_LVTTHMR), - X2APIC_MSR(APIC_LVTPC), - X2APIC_MSR(APIC_LVT0), - X2APIC_MSR(APIC_LVT1), - X2APIC_MSR(APIC_LVTERR), - X2APIC_MSR(APIC_TMICT), - X2APIC_MSR(APIC_TMCCT), - X2APIC_MSR(APIC_TDCR), -}; - -static_assert(ARRAY_SIZE(direct_access_msrs) =3D=3D - MAX_DIRECT_ACCESS_MSRS - 6 * !IS_ENABLED(CONFIG_X86_64)); -#undef MAX_DIRECT_ACCESS_MSRS - /* * These 2 parameters are used to config the controls for Pause-Loop Exiti= ng: * pause_filter_count: On processors that support Pause filtering(indicated @@ -761,44 +695,6 @@ static void clr_dr_intercepts(struct vcpu_svm *svm) recalc_intercepts(svm); } =20 -static int direct_access_msr_slot(u32 msr) -{ - u32 i; - - for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) { - if (direct_access_msrs[i] =3D=3D msr) - return i; - } - - return -ENOENT; -} - -static void set_shadow_msr_intercept(struct kvm_vcpu *vcpu, u32 msr, int r= ead, - int write) -{ - struct vcpu_svm *svm =3D to_svm(vcpu); - int slot =3D direct_access_msr_slot(msr); - - if (slot =3D=3D -ENOENT) - return; - - /* Set the shadow bitmaps to the desired intercept states */ - if (read) - __set_bit(slot, svm->shadow_msr_intercept.read); - else - __clear_bit(slot, svm->shadow_msr_intercept.read); - - if (write) - __set_bit(slot, svm->shadow_msr_intercept.write); - else - __clear_bit(slot, svm->shadow_msr_intercept.write); -} - -static bool valid_msr_intercept(u32 index) -{ - return direct_access_msr_slot(index) !=3D -ENOENT; -} - static bool msr_write_intercepted(struct kvm_vcpu *vcpu, u32 msr) { /* @@ -816,62 +712,11 @@ static bool msr_write_intercepted(struct kvm_vcpu *vc= pu, u32 msr) return svm_test_msr_bitmap_write(msrpm, msr); } =20 -static void set_msr_interception_bitmap(struct kvm_vcpu *vcpu, u32 *msrpm, - u32 msr, int read, int write) -{ - struct vcpu_svm *svm =3D to_svm(vcpu); - u8 bit_read, bit_write; - unsigned long tmp; - u32 offset; - - /* - * If this warning triggers extend the direct_access_msrs list at the - * beginning of the file - */ - WARN_ON(!valid_msr_intercept(msr)); - - /* Enforce non allowed MSRs to trap */ - if (read && !kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_READ)) - read =3D 0; - - if (write && !kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_WRITE)) - write =3D 0; - - offset =3D svm_msrpm_offset(msr); - bit_read =3D 2 * (msr & 0x0f); - bit_write =3D 2 * (msr & 0x0f) + 1; - tmp =3D msrpm[offset]; - - if (KVM_BUG_ON(offset =3D=3D MSR_INVALID, vcpu->kvm)) - return; - - read ? __clear_bit(bit_read, &tmp) : __set_bit(bit_read, &tmp); - write ? __clear_bit(bit_write, &tmp) : __set_bit(bit_write, &tmp); - - if (read) - svm_clear_msr_bitmap_read((void *)msrpm, msr); - else - svm_set_msr_bitmap_read((void *)msrpm, msr); - - if (write) - svm_clear_msr_bitmap_write((void *)msrpm, msr); - else - svm_set_msr_bitmap_write((void *)msrpm, msr); - - WARN_ON_ONCE(msrpm[offset] !=3D (u32)tmp); - - svm_hv_vmcb_dirty_nested_enlightenments(vcpu); - svm->nested.force_msr_bitmap_recalc =3D true; -} - void svm_disable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int typ= e) { struct vcpu_svm *svm =3D to_svm(vcpu); void *msrpm =3D svm->msrpm; =20 - /* Note, the shadow intercept bitmaps have inverted polarity. */ - set_shadow_msr_intercept(vcpu, msr, type & MSR_TYPE_R, type & MSR_TYPE_W); - /* * Don't disabled interception for the MSR if userspace wants to * handle it. @@ -903,10 +748,6 @@ void svm_enable_intercept_for_msr(struct kvm_vcpu *vcp= u, u32 msr, int type) struct vcpu_svm *svm =3D to_svm(vcpu); void *msrpm =3D svm->msrpm; =20 - - set_shadow_msr_intercept(vcpu, msr, - !(type & MSR_TYPE_R), !(type & MSR_TYPE_W)); - if (type & MSR_TYPE_R) svm_set_msr_bitmap_read(msrpm, msr); =20 @@ -932,6 +773,20 @@ u32 *svm_vcpu_alloc_msrpm(void) return msrpm; } =20 +static void svm_recalc_lbr_msr_intercepts(struct kvm_vcpu *vcpu) +{ + bool intercept =3D !(to_svm(vcpu)->vmcb->control.virt_ext & LBR_CTL_ENABL= E_MASK); + + svm_set_intercept_for_msr(vcpu, MSR_IA32_LASTBRANCHFROMIP, MSR_TYPE_RW, i= ntercept); + svm_set_intercept_for_msr(vcpu, MSR_IA32_LASTBRANCHTOIP, MSR_TYPE_RW, int= ercept); + svm_set_intercept_for_msr(vcpu, MSR_IA32_LASTINTFROMIP, MSR_TYPE_RW, inte= rcept); + svm_set_intercept_for_msr(vcpu, MSR_IA32_LASTINTTOIP, MSR_TYPE_RW, interc= ept); + + if (sev_es_guest(vcpu->kvm)) + svm_set_intercept_for_msr(vcpu, MSR_IA32_DEBUGCTLMSR, MSR_TYPE_RW, inter= cept); + +} + static void svm_vcpu_init_msrpm(struct kvm_vcpu *vcpu) { svm_disable_intercept_for_msr(vcpu, MSR_STAR, MSR_TYPE_RW); @@ -949,6 +804,38 @@ static void svm_vcpu_init_msrpm(struct kvm_vcpu *vcpu) =20 void svm_set_x2apic_msr_interception(struct vcpu_svm *svm, bool intercept) { + static const u32 x2avic_passthrough_msrs[] =3D { + X2APIC_MSR(APIC_ID), + X2APIC_MSR(APIC_LVR), + X2APIC_MSR(APIC_TASKPRI), + X2APIC_MSR(APIC_ARBPRI), + X2APIC_MSR(APIC_PROCPRI), + X2APIC_MSR(APIC_EOI), + X2APIC_MSR(APIC_RRR), + X2APIC_MSR(APIC_LDR), + X2APIC_MSR(APIC_DFR), + X2APIC_MSR(APIC_SPIV), + X2APIC_MSR(APIC_ISR), + X2APIC_MSR(APIC_TMR), + X2APIC_MSR(APIC_IRR), + X2APIC_MSR(APIC_ESR), + X2APIC_MSR(APIC_ICR), + X2APIC_MSR(APIC_ICR2), + + /* + * Note! Always intercept LVTT, as TSC-deadline timer mode + * isn't virtualized by hardware, and the CPU will generate a + * #GP instead of a #VMEXIT. + */ + X2APIC_MSR(APIC_LVTTHMR), + X2APIC_MSR(APIC_LVTPC), + X2APIC_MSR(APIC_LVT0), + X2APIC_MSR(APIC_LVT1), + X2APIC_MSR(APIC_LVTERR), + X2APIC_MSR(APIC_TMICT), + X2APIC_MSR(APIC_TMCCT), + X2APIC_MSR(APIC_TDCR), + }; int i; =20 if (intercept =3D=3D svm->x2avic_msrs_intercepted) @@ -957,15 +844,9 @@ void svm_set_x2apic_msr_interception(struct vcpu_svm *= svm, bool intercept) if (!x2avic_enabled) return; =20 - for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) { - int index =3D direct_access_msrs[i]; - - if ((index < APIC_BASE_MSR) || - (index > APIC_BASE_MSR + 0xff)) - continue; - - svm_set_intercept_for_msr(&svm->vcpu, index, MSR_TYPE_RW, intercept); - } + for (i =3D 0; i < ARRAY_SIZE(x2avic_passthrough_msrs); i++) + svm_set_intercept_for_msr(&svm->vcpu, x2avic_passthrough_msrs[i], + MSR_TYPE_RW, intercept); =20 svm->x2avic_msrs_intercepted =3D intercept; } @@ -975,65 +856,53 @@ void svm_vcpu_free_msrpm(u32 *msrpm) __free_pages(virt_to_page(msrpm), get_order(MSRPM_SIZE)); } =20 +static void svm_recalc_msr_intercepts(struct kvm_vcpu *vcpu) +{ + struct vcpu_svm *svm =3D to_svm(vcpu); + + svm_vcpu_init_msrpm(vcpu); + + if (lbrv) + svm_recalc_lbr_msr_intercepts(vcpu); + + if (boot_cpu_has(X86_FEATURE_IBPB)) + svm_set_intercept_for_msr(vcpu, MSR_IA32_PRED_CMD, MSR_TYPE_W, + !guest_has_pred_cmd_msr(vcpu)); + + if (boot_cpu_has(X86_FEATURE_FLUSH_L1D)) + svm_set_intercept_for_msr(vcpu, MSR_IA32_FLUSH_CMD, MSR_TYPE_W, + !guest_cpu_cap_has(vcpu, X86_FEATURE_FLUSH_L1D)); + + /* + * Unconditionally disable interception of SPEC_CTRL if V_SPEC_CTRL is + * supported, i.e. if VMRUN/#VMEXIT context switch MSR_IA32_SPEC_CTRL. + */ + if (boot_cpu_has(X86_FEATURE_V_SPEC_CTRL)) + svm_disable_intercept_for_msr(vcpu, MSR_IA32_SPEC_CTRL, MSR_TYPE_RW); + else + svm_set_intercept_for_msr(vcpu, MSR_IA32_SPEC_CTRL, MSR_TYPE_RW, !svm->s= pec_ctrl); + + /* + * Intercept SYSENTER_EIP and SYSENTER_ESP when emulating an Intel CPU, + * as AMD hardware only store 32 bits, whereas Intel CPUs track 64 bits. + */ + svm_set_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_EIP, MSR_TYPE_RW, + guest_cpuid_is_intel_compatible(vcpu)); + svm_set_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_ESP, MSR_TYPE_RW, + guest_cpuid_is_intel_compatible(vcpu)); + + if (sev_es_guest(vcpu->kvm)) + sev_es_recalc_msr_intercepts(vcpu); + + /* + * x2APIC intercepts are modified on-demand and cannot be filtered by + * userspace. + */ +} + static void svm_msr_filter_changed(struct kvm_vcpu *vcpu) { - struct vcpu_svm *svm =3D to_svm(vcpu); - u32 i; - - /* - * Set intercept permissions for all direct access MSRs again. They - * will automatically get filtered through the MSR filter, so we are - * back in sync after this. - */ - for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) { - u32 msr =3D direct_access_msrs[i]; - u32 read =3D test_bit(i, svm->shadow_msr_intercept.read); - u32 write =3D test_bit(i, svm->shadow_msr_intercept.write); - - set_msr_interception_bitmap(vcpu, svm->msrpm, msr, read, write); - } -} - -static __init int add_msr_offset(u32 offset) -{ - int i; - - for (i =3D 0; i < MSRPM_OFFSETS; ++i) { - - /* Offset already in list? */ - if (msrpm_offsets[i] =3D=3D offset) - return 0; - - /* Slot used by another offset? */ - if (msrpm_offsets[i] !=3D MSR_INVALID) - continue; - - /* Add offset to list */ - msrpm_offsets[i] =3D offset; - - return 0; - } - - return -EIO; -} - -static __init int init_msrpm_offsets(void) -{ - int i; - - memset(msrpm_offsets, 0xff, sizeof(msrpm_offsets)); - - for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) { - u32 offset; - - offset =3D svm_msrpm_offset(direct_access_msrs[i]); - if (WARN_ON(offset =3D=3D MSR_INVALID)) - return -EIO; - - if (WARN_ON_ONCE(add_msr_offset(offset))) - return -EIO; - } - return 0; + svm_recalc_msr_intercepts(vcpu); } =20 void svm_copy_lbrs(struct vmcb *to_vmcb, struct vmcb *from_vmcb) @@ -1052,13 +921,7 @@ void svm_enable_lbrv(struct kvm_vcpu *vcpu) struct vcpu_svm *svm =3D to_svm(vcpu); =20 svm->vmcb->control.virt_ext |=3D LBR_CTL_ENABLE_MASK; - svm_disable_intercept_for_msr(vcpu, MSR_IA32_LASTBRANCHFROMIP, MSR_TYPE_R= W); - svm_disable_intercept_for_msr(vcpu, MSR_IA32_LASTBRANCHTOIP, MSR_TYPE_RW); - svm_disable_intercept_for_msr(vcpu, MSR_IA32_LASTINTFROMIP, MSR_TYPE_RW); - svm_disable_intercept_for_msr(vcpu, MSR_IA32_LASTINTTOIP, MSR_TYPE_RW); - - if (sev_es_guest(vcpu->kvm)) - svm_disable_intercept_for_msr(vcpu, MSR_IA32_DEBUGCTLMSR, MSR_TYPE_RW); + svm_recalc_lbr_msr_intercepts(vcpu); =20 /* Move the LBR msrs to the vmcb02 so that the guest can see them. */ if (is_guest_mode(vcpu)) @@ -1072,10 +935,7 @@ static void svm_disable_lbrv(struct kvm_vcpu *vcpu) KVM_BUG_ON(sev_es_guest(vcpu->kvm), vcpu->kvm); =20 svm->vmcb->control.virt_ext &=3D ~LBR_CTL_ENABLE_MASK; - svm_enable_intercept_for_msr(vcpu, MSR_IA32_LASTBRANCHFROMIP, MSR_TYPE_RW= ); - svm_enable_intercept_for_msr(vcpu, MSR_IA32_LASTBRANCHTOIP, MSR_TYPE_RW); - svm_enable_intercept_for_msr(vcpu, MSR_IA32_LASTINTFROMIP, MSR_TYPE_RW); - svm_enable_intercept_for_msr(vcpu, MSR_IA32_LASTINTTOIP, MSR_TYPE_RW); + svm_recalc_lbr_msr_intercepts(vcpu); =20 /* * Move the LBR msrs back to the vmcb01 to avoid copying them @@ -1258,17 +1118,9 @@ static inline void init_vmcb_after_set_cpuid(struct = kvm_vcpu *vcpu) struct vcpu_svm *svm =3D to_svm(vcpu); =20 if (guest_cpuid_is_intel_compatible(vcpu)) { - /* - * We must intercept SYSENTER_EIP and SYSENTER_ESP - * accesses because the processor only stores 32 bits. - * For the same reason we cannot use virtual VMLOAD/VMSAVE. - */ svm_set_intercept(svm, INTERCEPT_VMLOAD); svm_set_intercept(svm, INTERCEPT_VMSAVE); svm->vmcb->control.virt_ext &=3D ~VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK; - - svm_enable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_EIP, MSR_TYPE_RW); - svm_enable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_ESP, MSR_TYPE_RW); } else { /* * If hardware supports Virtual VMLOAD VMSAVE then enable it @@ -1279,10 +1131,9 @@ static inline void init_vmcb_after_set_cpuid(struct = kvm_vcpu *vcpu) svm_clr_intercept(svm, INTERCEPT_VMSAVE); svm->vmcb->control.virt_ext |=3D VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK; } - /* No need to intercept these MSRs */ - svm_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_EIP, MSR_TYPE_RW); - svm_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_ESP, MSR_TYPE_RW); } + + svm_recalc_msr_intercepts(vcpu); } =20 static void init_vmcb(struct kvm_vcpu *vcpu) @@ -1409,13 +1260,6 @@ static void init_vmcb(struct kvm_vcpu *vcpu) =20 svm_recalc_instruction_intercepts(vcpu, svm); =20 - /* - * If the host supports V_SPEC_CTRL then disable the interception - * of MSR_IA32_SPEC_CTRL. - */ - if (boot_cpu_has(X86_FEATURE_V_SPEC_CTRL)) - svm_disable_intercept_for_msr(vcpu, MSR_IA32_SPEC_CTRL, MSR_TYPE_RW); - if (kvm_vcpu_apicv_active(vcpu)) avic_init_vmcb(svm, vmcb); =20 @@ -1446,8 +1290,6 @@ static void __svm_vcpu_reset(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm =3D to_svm(vcpu); =20 - svm_vcpu_init_msrpm(vcpu); - svm_init_osvw(vcpu); =20 if (kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_STUFF_FEATURE_MSRS)) @@ -3247,8 +3089,7 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct = msr_data *msr) =20 /* * TSC_AUX is usually changed only during boot and never read - * directly. Intercept TSC_AUX instead of exposing it to the - * guest via direct_access_msrs, and switch it via user return. + * directly. Intercept TSC_AUX and switch it via user return. */ preempt_disable(); ret =3D kvm_set_user_return_msr(tsc_aux_uret_slot, data, -1ull); @@ -4684,14 +4525,6 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu= *vcpu) =20 svm_recalc_instruction_intercepts(vcpu, svm); =20 - if (boot_cpu_has(X86_FEATURE_IBPB)) - svm_set_intercept_for_msr(vcpu, MSR_IA32_PRED_CMD, MSR_TYPE_W, - !guest_has_pred_cmd_msr(vcpu)); - - if (boot_cpu_has(X86_FEATURE_FLUSH_L1D)) - svm_set_intercept_for_msr(vcpu, MSR_IA32_FLUSH_CMD, MSR_TYPE_W, - !guest_cpu_cap_has(vcpu, X86_FEATURE_FLUSH_L1D)); - if (sev_guest(vcpu->kvm)) sev_vcpu_after_set_cpuid(svm); =20 @@ -5559,12 +5392,6 @@ static __init int svm_hardware_setup(void) memset(iopm_va, 0xff, PAGE_SIZE * (1 << order)); iopm_base =3D __sme_page_pa(iopm_pages); =20 - r =3D init_msrpm_offsets(); - if (r) { - __free_pages(__sme_pa_to_page(iopm_base), get_order(IOPM_SIZE)); - return r; - } - kvm_caps.supported_xcr0 &=3D ~(XFEATURE_MASK_BNDREGS | XFEATURE_MASK_BNDCSR); =20 diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 32bb1e536dce..23e1e3ae30b0 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -318,12 +318,6 @@ struct vcpu_svm { struct list_head ir_list; spinlock_t ir_list_lock; =20 - /* Save desired MSR intercept (read: pass-through) state */ - struct { - DECLARE_BITMAP(read, MAX_DIRECT_ACCESS_MSRS); - DECLARE_BITMAP(write, MAX_DIRECT_ACCESS_MSRS); - } shadow_msr_intercept; - struct vcpu_sev_es_state sev_es; =20 bool guest_state_loaded; @@ -824,6 +818,7 @@ void sev_init_vmcb(struct vcpu_svm *svm); void sev_vcpu_after_set_cpuid(struct vcpu_svm *svm); int sev_es_string_io(struct vcpu_svm *svm, int size, unsigned int port, in= t in); void sev_es_vcpu_reset(struct vcpu_svm *svm); +void sev_es_recalc_msr_intercepts(struct kvm_vcpu *vcpu); void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector); void sev_es_prepare_switch_to_guest(struct vcpu_svm *svm, struct sev_es_sa= ve_area *hostsa); void sev_es_unmap_ghcb(struct vcpu_svm *svm); --=20 2.49.0.1204.g71687c7c1d-goog From nobody Wed Feb 11 04:00:15 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 15461266B5C for ; Thu, 29 May 2025 23:40:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562049; cv=none; b=nqEVuO1P9vmm+FIw3CONFjzzclW4E6uqlbXHxuJ/5h8nwBct2oiaoYB30jtPbzwgZKdz1L/luns4nfGdeyCCt2+AyPkj+Ok/OnA7cn7JVqwMve752gIfseAcswryIX591H1/BrVb0KyHbOFcLSwG27My/Cwr45Y552m2Vc5kJLM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562049; c=relaxed/simple; bh=ipd3PqNgKX6EiEMlkRwnAr7yR8L6HWmKo1llt0yzTC4=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=ciZfl23BQhLSOILPGaP8XDpnLZpNCrJBwYzWOzamPhdvrDVJoMNztoaXNIVxU2asMHrdFv34AG/Zn97VaKhdnLDNNQOLgHu1exsJkPQeG0itKCeegEDsOSvfV7SXCpT3Njrr/cZncr89ui5SxASptKlhCtTldPt5hIdXTYt/o44= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=eUNY+Ygg; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="eUNY+Ygg" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-310a0668968so1332712a91.0 for ; Thu, 29 May 2025 16:40:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748562046; x=1749166846; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=RqTWQjZVwQr5Q0PPr6wjVd4jvFiN8x0lNx4T8nW7sQg=; b=eUNY+YggGAjQetCZHVO4752louL7vowlv0AI2dbEwvtUfLDsIIEjsjFbSjX5sS9B3n cvOcj+S5e4GiM9Nb3YT9Sl7f5VBENgCWf7UXl6JAI/lGHqPPUaqE4SvdoeUlRUdA185H 0tTd6s6gtflXODynZaCgnzmmtiw9LoZyLowLv3FCM9tzMcRHosAyKKhEMjiwoUaGqo2K wYcQsPeBRDiwEqsEI5N+0ouGAxonp5JeT6xYjoeTjzNHSsI7ZMb9uDcUJZA8Idox6ke9 U73dmjrXkdE6PvsFx4UdtqKfAS0aFLSErOneFuManpp1ahN6SdfFS6ZhNUnH7G2tciae X5xg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748562046; x=1749166846; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=RqTWQjZVwQr5Q0PPr6wjVd4jvFiN8x0lNx4T8nW7sQg=; b=rhjhFCg6lddYjW35BqWOqPTjArk6HNpBwsRzJANz1gFjNGDzyz7HNt0Z8atITEPWuN 2kzyRCDwsEY3g0/iH3yvOYaM3ZnlKCEUdi1O4OrrZglQuGfPQtkM53PENRTz5Ze3uR3Q WPEZIjyHFkZbcVQ0M7tlDoR1tImYhmdAz5Ct0JsaoEvLKPQWfAIeapdrxIS5nOZbiFJX 2oCfWm/hj5uknUh24hN4B9d2Sudw/A64mc2LEOZYyp1AqphmDxf0b0q+Q69mGjvBSIJz scePveZTPUU1pe79Zz4I5kTVNVC0A3Fg/NepjfqrUi8+6GBISubKGVWtOsLjpoRWH3y0 SxXA== X-Forwarded-Encrypted: i=1; AJvYcCUvfleGPydBipeALdMxf2qv7z/xgPN/Ie3P4XIs9lZTFo9LsZQJ3T9LW7tuSWsd/Icasbus/puhKre0/rg=@vger.kernel.org X-Gm-Message-State: AOJu0Yy/IxifoTWBndi0ZOOiAWqZhE72e/YsMWJDYAB4kgmQm9M998C6 U3u1403U1KJETV6Ten+dxT8K8kw2+3FTp7bIfGq6bJyEdX5/C1cyQQ3vX9Due1/2xK+a/meGCVZ 6AMImBg== X-Google-Smtp-Source: AGHT+IFs+u+XipOnoBwNAwXST/KXxFeLXiR93xuTQC778aXypTHx/u/r2nP7YeM5Z926+f7RnXMBFJJZ8OM= X-Received: from pjbli5.prod.google.com ([2002:a17:90b:48c5:b0:311:e2ef:f61a]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:2786:b0:311:df4b:4b8b with SMTP id 98e67ed59e1d1-3124187bab8mr1726927a91.26.1748562046653; Thu, 29 May 2025 16:40:46 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 29 May 2025 16:40:03 -0700 In-Reply-To: <20250529234013.3826933-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250529234013.3826933-1-seanjc@google.com> X-Mailer: git-send-email 2.49.0.1204.g71687c7c1d-goog Message-ID: <20250529234013.3826933-19-seanjc@google.com> Subject: [PATCH 18/28] KVM: x86: Rename msr_filter_changed() => recalc_msr_intercepts() From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Borislav Petkov , Xin Li , Chao Gao , Dapeng Mi Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Rename msr_filter_changed() to recalc_msr_intercepts() and drop the trampoline wrapper now that both SVM and VMX use a filter-agnostic recalc helper to react to the new userspace filter. No functional change intended. Signed-off-by: Sean Christopherson Reviewed-by: Xin Li (Intel) --- arch/x86/include/asm/kvm-x86-ops.h | 2 +- arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/kvm/svm/svm.c | 8 +------- arch/x86/kvm/vmx/main.c | 6 +++--- arch/x86/kvm/vmx/vmx.c | 7 +------ arch/x86/kvm/vmx/x86_ops.h | 2 +- arch/x86/kvm/x86.c | 8 +++++++- 7 files changed, 15 insertions(+), 20 deletions(-) diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-= x86-ops.h index 8d50e3e0a19b..19a6735d6dd8 100644 --- a/arch/x86/include/asm/kvm-x86-ops.h +++ b/arch/x86/include/asm/kvm-x86-ops.h @@ -139,7 +139,7 @@ KVM_X86_OP(check_emulate_instruction) KVM_X86_OP(apic_init_signal_blocked) KVM_X86_OP_OPTIONAL(enable_l2_tlb_flush) KVM_X86_OP_OPTIONAL(migrate_timers) -KVM_X86_OP(msr_filter_changed) +KVM_X86_OP(recalc_msr_intercepts) KVM_X86_OP(complete_emulated_msr) KVM_X86_OP(vcpu_deliver_sipi_vector) KVM_X86_OP_OPTIONAL_RET0(vcpu_get_apicv_inhibit_reasons); diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_hos= t.h index 330cdcbed1a6..89a626e5b80f 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1885,7 +1885,7 @@ struct kvm_x86_ops { int (*enable_l2_tlb_flush)(struct kvm_vcpu *vcpu); =20 void (*migrate_timers)(struct kvm_vcpu *vcpu); - void (*msr_filter_changed)(struct kvm_vcpu *vcpu); + void (*recalc_msr_intercepts)(struct kvm_vcpu *vcpu); int (*complete_emulated_msr)(struct kvm_vcpu *vcpu, int err); =20 void (*vcpu_deliver_sipi_vector)(struct kvm_vcpu *vcpu, u8 vector); diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 685d9fd4a4e1..a9a801bcc6d0 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -900,11 +900,6 @@ static void svm_recalc_msr_intercepts(struct kvm_vcpu = *vcpu) */ } =20 -static void svm_msr_filter_changed(struct kvm_vcpu *vcpu) -{ - svm_recalc_msr_intercepts(vcpu); -} - void svm_copy_lbrs(struct vmcb *to_vmcb, struct vmcb *from_vmcb) { to_vmcb->save.dbgctl =3D from_vmcb->save.dbgctl; @@ -933,7 +928,6 @@ static void svm_disable_lbrv(struct kvm_vcpu *vcpu) struct vcpu_svm *svm =3D to_svm(vcpu); =20 KVM_BUG_ON(sev_es_guest(vcpu->kvm), vcpu->kvm); - svm->vmcb->control.virt_ext &=3D ~LBR_CTL_ENABLE_MASK; svm_recalc_lbr_msr_intercepts(vcpu); =20 @@ -5231,7 +5225,7 @@ static struct kvm_x86_ops svm_x86_ops __initdata =3D { =20 .apic_init_signal_blocked =3D svm_apic_init_signal_blocked, =20 - .msr_filter_changed =3D svm_msr_filter_changed, + .recalc_msr_intercepts =3D svm_recalc_msr_intercepts, .complete_emulated_msr =3D svm_complete_emulated_msr, =20 .vcpu_deliver_sipi_vector =3D svm_vcpu_deliver_sipi_vector, diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c index d1e02e567b57..b3c58731a2f5 100644 --- a/arch/x86/kvm/vmx/main.c +++ b/arch/x86/kvm/vmx/main.c @@ -220,7 +220,7 @@ static int vt_get_msr(struct kvm_vcpu *vcpu, struct msr= _data *msr_info) return vmx_get_msr(vcpu, msr_info); } =20 -static void vt_msr_filter_changed(struct kvm_vcpu *vcpu) +static void vt_recalc_msr_intercepts(struct kvm_vcpu *vcpu) { /* * TDX doesn't allow VMM to configure interception of MSR accesses. @@ -231,7 +231,7 @@ static void vt_msr_filter_changed(struct kvm_vcpu *vcpu) if (is_td_vcpu(vcpu)) return; =20 - vmx_msr_filter_changed(vcpu); + vmx_recalc_msr_intercepts(vcpu); } =20 static int vt_complete_emulated_msr(struct kvm_vcpu *vcpu, int err) @@ -1034,7 +1034,7 @@ struct kvm_x86_ops vt_x86_ops __initdata =3D { .apic_init_signal_blocked =3D vt_op(apic_init_signal_blocked), .migrate_timers =3D vmx_migrate_timers, =20 - .msr_filter_changed =3D vt_op(msr_filter_changed), + .recalc_msr_intercepts =3D vt_op(recalc_msr_intercepts), .complete_emulated_msr =3D vt_op(complete_emulated_msr), =20 .vcpu_deliver_sipi_vector =3D kvm_vcpu_deliver_sipi_vector, diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 6ffa2b2b85ce..826510a0b5bb 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -4074,7 +4074,7 @@ void pt_update_intercept_for_msr(struct kvm_vcpu *vcp= u) } } =20 -static void vmx_recalc_msr_intercepts(struct kvm_vcpu *vcpu) +void vmx_recalc_msr_intercepts(struct kvm_vcpu *vcpu) { if (!cpu_has_vmx_msr_bitmap()) return; @@ -4124,11 +4124,6 @@ static void vmx_recalc_msr_intercepts(struct kvm_vcp= u *vcpu) */ } =20 -void vmx_msr_filter_changed(struct kvm_vcpu *vcpu) -{ - vmx_recalc_msr_intercepts(vcpu); -} - static int vmx_deliver_nested_posted_interrupt(struct kvm_vcpu *vcpu, int vector) { diff --git a/arch/x86/kvm/vmx/x86_ops.h b/arch/x86/kvm/vmx/x86_ops.h index b4596f651232..34c6e683e321 100644 --- a/arch/x86/kvm/vmx/x86_ops.h +++ b/arch/x86/kvm/vmx/x86_ops.h @@ -52,7 +52,7 @@ void vmx_deliver_interrupt(struct kvm_lapic *apic, int de= livery_mode, int trig_mode, int vector); void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu); bool vmx_has_emulated_msr(struct kvm *kvm, u32 index); -void vmx_msr_filter_changed(struct kvm_vcpu *vcpu); +void vmx_recalc_msr_intercepts(struct kvm_vcpu *vcpu); void vmx_prepare_switch_to_guest(struct kvm_vcpu *vcpu); void vmx_update_exception_bitmap(struct kvm_vcpu *vcpu); int vmx_get_feature_msr(u32 msr, u64 *data); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index f9f798f286ce..6da6be8ff5fc 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -10924,8 +10924,14 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu) kvm_vcpu_update_apicv(vcpu); if (kvm_check_request(KVM_REQ_APF_READY, vcpu)) kvm_check_async_pf_completion(vcpu); + + /* + * Recalc MSR intercepts as userspace may want to intercept + * accesses to MSRs that KVM would otherwise pass through to + * the guest. + */ if (kvm_check_request(KVM_REQ_MSR_FILTER_CHANGED, vcpu)) - kvm_x86_call(msr_filter_changed)(vcpu); + kvm_x86_call(recalc_msr_intercepts)(vcpu); =20 if (kvm_check_request(KVM_REQ_UPDATE_CPU_DIRTY_LOGGING, vcpu)) kvm_x86_call(update_cpu_dirty_logging)(vcpu); --=20 2.49.0.1204.g71687c7c1d-goog From nobody Wed Feb 11 04:00:15 2026 Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com [209.85.210.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 71EB7267711 for ; Thu, 29 May 2025 23:40:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562052; cv=none; b=scwFn6iXFo3+p/9R9prVtTyOlYWGB5knGqW6BVHfixkZBtV0FjsAzrLBF3QpKCF3Fxj4zSnfxV0p5p+qTOoa34mEGoi6+K9Znv2rtSNdmvHFY1JxNpTNn+2PKqUGd6MlXH11z2GdRqHos4Lw1J/OJglO7jchSZMXS7RdPKTad2Y= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562052; c=relaxed/simple; bh=3Ss96AAD1zcLzWkvW+r+tlN+q9wQb93Ov1S2Eah97js=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=uOuHfdRVcEzf9TmwfrrBEiJoevAJ6qijM31i15zyM/BT4oTEYS0FY1WRJ+T5PzrTwAaWaRz+zxpwLEIlKvgRapXeEOobzCw6YIvHhJ63cG1Mb9rmuS5S16KpnBM05Rbdr1pt1ul8YUHREqavAaSy1VyLUYIp4r68RnmJLBFise8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=b5P2PXIR; arc=none smtp.client-ip=209.85.210.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="b5P2PXIR" Received: by mail-pf1-f202.google.com with SMTP id d2e1a72fcca58-7377139d8b1so1203493b3a.0 for ; Thu, 29 May 2025 16:40:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748562050; x=1749166850; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=ICiJiSxOLmQxtER1UTGYaICTPY0kJa+u8J+f2toknpc=; b=b5P2PXIR4MBjxB7N5X+3FxGdyNrCepmaT7/H3Ycn2Bv9xBuwMuEKXwAm+Mz0qT0m0s OI+oy6r71PTNn92SmJgmlOwttNr36wqKktwOyTUdu6oRp4hxTSVQzfb6gO/9h0j7r7R+ a9olOEJwu25TvT4W6AyVSObotmNdnf86MSTelEd3ovkyIEIF1HvCv4kTC9oWsAAIqdpa F34vMwQdvoP7QTwO2E3TxVzKcVijJ1QGf3yCbrelWtqX1VHEXu5Gun0olJsMk02eHO1X jnlOBivi5TMLvaBmdqBO3qFKVgwMrcURj/Mkm3El9AhKZYYi42EyhS8Wzkmmwrh7HdGt 4vIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748562050; x=1749166850; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ICiJiSxOLmQxtER1UTGYaICTPY0kJa+u8J+f2toknpc=; b=dfLui7S3KqXdYf6otq4BsItUibl7jE8KEGQZfsPtEfOOg4th3pMeSL+j5WKCe2Cfh/ ttDmMt8L3jGTSTbifFEx5criZI3ryDZuvCkxVeuWoH4Pz9P454tENbDsRsdWiSVohXeh aBCjsFTgKNKRFsl4AD5thTGoofUdRgdsTlQsuE5vDzpKEoYVrHeN2CG8rWX0C+Lt7xjt nQTuDfPnpCmtl5PqZdLyGphh7OqazV00GcrfyVm5gWoRAYIajPE7WC5lVL/5ejzUhv/7 GbdM0jOCJ1Et+xnett6XZRjwQvHHvBQwHIuj3Lzi3sRLkl8d6cDuP+Jr50DA4gY3/a3b 3TsA== X-Forwarded-Encrypted: i=1; AJvYcCXjzw6aTKpoFB5PhS+UlzUTEFiP00OV+T96UX7EsaOae1UbWA3WadOh/DXHhAsf6jxWOPfZ6Oz/hw/kxvA=@vger.kernel.org X-Gm-Message-State: AOJu0YzlJr4btkPkpcuEWcA0pROM4MkMyANCCSRwh6FXf6+Qncj87ZUy BSEyKHYYTAzcB64Twzf2k1GX1hEmcbMcvS4JGaTE2mO2b64VI+f8T3hU3q727ty5NFgHZ2qm8bJ BA7UJbQ== X-Google-Smtp-Source: AGHT+IEkzQv92LgC6XPOHAO80Xw4IzD4slJRTbmhAV7VxAG9t7v05ThV8+ubj9WSHvkwXXpBOx2W0zebT8o= X-Received: from pgbdk1.prod.google.com ([2002:a05:6a02:c81:b0:b2e:bef7:3f03]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a21:6494:b0:218:c22:e3e6 with SMTP id adf61e73a8af0-21ad952e37cmr2162295637.12.1748562049784; Thu, 29 May 2025 16:40:49 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 29 May 2025 16:40:04 -0700 In-Reply-To: <20250529234013.3826933-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250529234013.3826933-1-seanjc@google.com> X-Mailer: git-send-email 2.49.0.1204.g71687c7c1d-goog Message-ID: <20250529234013.3826933-20-seanjc@google.com> Subject: [PATCH 19/28] KVM: SVM: Rename init_vmcb_after_set_cpuid() to make it intercepts specific From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Borislav Petkov , Xin Li , Chao Gao , Dapeng Mi Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Rename init_vmcb_after_set_cpuid() to svm_recalc_intercepts_after_set_cpuid= () to more precisely describe its role. Strictly speaking, the name isn't perfect as toggling virtual VM{LOAD,SAVE} is arguably not recalculating an intercept, but practically speaking it's close enough. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/svm.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index a9a801bcc6d0..bbd1d89d9a3b 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1107,7 +1107,7 @@ static void svm_recalc_instruction_intercepts(struct = kvm_vcpu *vcpu, } } =20 -static inline void init_vmcb_after_set_cpuid(struct kvm_vcpu *vcpu) +static void svm_recalc_intercepts_after_set_cpuid(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm =3D to_svm(vcpu); =20 @@ -1273,7 +1273,8 @@ static void init_vmcb(struct kvm_vcpu *vcpu) sev_init_vmcb(svm); =20 svm_hv_init_vmcb(vmcb); - init_vmcb_after_set_cpuid(vcpu); + + svm_recalc_intercepts_after_set_cpuid(vcpu); =20 vmcb_mark_all_dirty(vmcb); =20 @@ -4522,7 +4523,7 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu = *vcpu) if (sev_guest(vcpu->kvm)) sev_vcpu_after_set_cpuid(svm); =20 - init_vmcb_after_set_cpuid(vcpu); + svm_recalc_intercepts_after_set_cpuid(vcpu); } =20 static bool svm_has_wbinvd_exit(void) --=20 2.49.0.1204.g71687c7c1d-goog From nobody Wed Feb 11 04:00:15 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4C77C267F64 for ; Thu, 29 May 2025 23:40:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562054; cv=none; b=U1DyLBvJVV+uBwFRn2onDKhyn++vS4voNXI7pIHJQ/gRaXogIsChLd5JO9S4bFqVfiX3Ij2dUBL+LXC846JnB54akOJ6dyIdVkwr/JYX5EFzNjKOXO34sVWBe82qycsQq7+wflmOiM6A1f9AVU8NIDJUfwJgV3p9R9TDjs0hROQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562054; c=relaxed/simple; bh=NMpozlc+ss875qK0wUIqjUpEbG1y7oMO4uIXzZ+fxbw=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=BE4UHWub2SGDCCOYAp3q/Cz/UOfOKSheeFcaL/kXbZwTbe+EPEt9CWcDETESHm0j1iLOFgdPYiVw7cwbaSv644vUub0bZRpFyE6CItA8GKaQ0zHyo3wxDueQ9Px8Kae1fM0te1iR+mfqn1Q0NZX8Iz9GO1jLc/arvd+3iioQW98= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=LEO4PJKo; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="LEO4PJKo" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-3119ba092aeso2166857a91.1 for ; Thu, 29 May 2025 16:40:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748562051; x=1749166851; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=3U6kOnBx1q2vhTYY8N27dofDiZJr3M0o4KlDwfSt6+A=; b=LEO4PJKo3vcOVVPly/IqjjQL88b59QSvaVcKngV7J8caai7iW/fkJ2GvguAMqHykQs qq3KuvGcSCu8LoiStRU0/+OoJmJj7K5oSplc7jYXRp/WA0nlwV8Twh8kC5oXrSFsy1wt UoZO2g5aBagJvpjt+xWyMqlFIMNPwf1y13W2/SkL2hMl+bf7TX+T1g5GlQgGzc/txVW5 +QS+Zkn39BnS2DrOe9KepkjyKoo5xbN6xswx+6R+Q4F0IdF2maKkBilG1QvYUMsdWNyb Vhm1MH9U4BNNqvVxmKi/wHQmyiMeiaIr+5yoyq2be8v8qiL/FNmlOnN+Dtfd9fSnCUTa PYkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748562051; x=1749166851; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=3U6kOnBx1q2vhTYY8N27dofDiZJr3M0o4KlDwfSt6+A=; b=uw70MBDR96Sj+ZJu00emjFX4RVz+IlOp45y21logwt3/lFv4ApA6KwtZyDOD0kKB0c UFXkAkKS3BsDU/SBVy8kL0BypEvSTk9fPNlenhKpo1p4jQTflEU6XTfMRrSELIdWiac5 QZBfEp3le6YA97icnZGKMPRAYMc6lwEPEFeTsKvESSCx1iHa6++OjEIkeZO4CkyGDAtt WJPW1g7kYSO2a/YfmOmlap5xlKUDKxVBowSNC8smuFG7OB8CrAGJMVUkJONHdh1vCBzt /UUkRJlBS6HgT6f/tL5x1vraes6jSJEA1ItZ9zLV4Jgay1csg2+q0sy1KMeTGYnVpi3q ziCQ== X-Forwarded-Encrypted: i=1; AJvYcCVHNXP0PE1mdCRLasn/L38RNCkzrsr33E0oj1t+R0CVOaPR6MTXMXDiO+BUnFHGQ5UCRyB3IJlUnNIv6s4=@vger.kernel.org X-Gm-Message-State: AOJu0YwB2i82XA778D4TxRkRzvafdPqAoP96H5plGdkfL0prbWAkPjxe HaC4o0YMjfkF4vySFScX6PERFBCaqRAcqp5DbUvtyaG9t9BYIW6Ip9ukkCthpfpbnJ2ZlO1O1gR HKd+/vA== X-Google-Smtp-Source: AGHT+IFOI3AcdrOSreQhGPi1kh2avodZ537x4ilDYyYFqVyh9QPEJSmEBTDx34aDzyQtf/NUW2PW7hmhSdc= X-Received: from pjbss4.prod.google.com ([2002:a17:90b:2ec4:b0:311:2058:21e7]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:5448:b0:311:f05b:869a with SMTP id 98e67ed59e1d1-312415334f2mr1913449a91.8.1748562051548; Thu, 29 May 2025 16:40:51 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 29 May 2025 16:40:05 -0700 In-Reply-To: <20250529234013.3826933-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250529234013.3826933-1-seanjc@google.com> X-Mailer: git-send-email 2.49.0.1204.g71687c7c1d-goog Message-ID: <20250529234013.3826933-21-seanjc@google.com> Subject: [PATCH 20/28] KVM: SVM: Fold svm_vcpu_init_msrpm() into its sole caller From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Borislav Petkov , Xin Li , Chao Gao , Dapeng Mi Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Fold svm_vcpu_init_msrpm() into svm_recalc_msr_intercepts() now that there is only the one caller (and because the "init" misnomer is even more misleading than it was in the past). No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/svm.c | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index bbd1d89d9a3b..12fbfbf9acad 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -787,21 +787,6 @@ static void svm_recalc_lbr_msr_intercepts(struct kvm_v= cpu *vcpu) =20 } =20 -static void svm_vcpu_init_msrpm(struct kvm_vcpu *vcpu) -{ - svm_disable_intercept_for_msr(vcpu, MSR_STAR, MSR_TYPE_RW); - svm_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_CS, MSR_TYPE_RW); - -#ifdef CONFIG_X86_64 - svm_disable_intercept_for_msr(vcpu, MSR_GS_BASE, MSR_TYPE_RW); - svm_disable_intercept_for_msr(vcpu, MSR_FS_BASE, MSR_TYPE_RW); - svm_disable_intercept_for_msr(vcpu, MSR_KERNEL_GS_BASE, MSR_TYPE_RW); - svm_disable_intercept_for_msr(vcpu, MSR_LSTAR, MSR_TYPE_RW); - svm_disable_intercept_for_msr(vcpu, MSR_CSTAR, MSR_TYPE_RW); - svm_disable_intercept_for_msr(vcpu, MSR_SYSCALL_MASK, MSR_TYPE_RW); -#endif -} - void svm_set_x2apic_msr_interception(struct vcpu_svm *svm, bool intercept) { static const u32 x2avic_passthrough_msrs[] =3D { @@ -860,7 +845,17 @@ static void svm_recalc_msr_intercepts(struct kvm_vcpu = *vcpu) { struct vcpu_svm *svm =3D to_svm(vcpu); =20 - svm_vcpu_init_msrpm(vcpu); + svm_disable_intercept_for_msr(vcpu, MSR_STAR, MSR_TYPE_RW); + svm_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_CS, MSR_TYPE_RW); + +#ifdef CONFIG_X86_64 + svm_disable_intercept_for_msr(vcpu, MSR_GS_BASE, MSR_TYPE_RW); + svm_disable_intercept_for_msr(vcpu, MSR_FS_BASE, MSR_TYPE_RW); + svm_disable_intercept_for_msr(vcpu, MSR_KERNEL_GS_BASE, MSR_TYPE_RW); + svm_disable_intercept_for_msr(vcpu, MSR_LSTAR, MSR_TYPE_RW); + svm_disable_intercept_for_msr(vcpu, MSR_CSTAR, MSR_TYPE_RW); + svm_disable_intercept_for_msr(vcpu, MSR_SYSCALL_MASK, MSR_TYPE_RW); +#endif =20 if (lbrv) svm_recalc_lbr_msr_intercepts(vcpu); --=20 2.49.0.1204.g71687c7c1d-goog From nobody Wed Feb 11 04:00:15 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ACDD42686B3 for ; Thu, 29 May 2025 23:40:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562055; cv=none; b=bwfMVPTYV9OLcfgNDTfJjiVABtAPxy61oO+fE+ejAb4FavX/YGDbUNGyVnOSPdawTIBerlXk7rhi3YjDRXgxoAmoBTR9eCzrVyPYeuTVH1wBQFVNE3o2g3LwTp844nyhomNwXEbEXmbEgoUtbkHPdmi3ErlScaiMRmSE1EpSmV0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562055; c=relaxed/simple; bh=++Ox5d+DXiCY42PnE8lmaGXv0oH4mN+WmEJPpvVyn14=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=riWBHp0tOaRjzeS4f85w7Urhsd/zC0MWllJAbjxae8GPRhXXbM2gKwBZHM9FWhQuqbIp6NAhvIV5I1P+TSY9cyXHblucip39P1p0ju5L5fF8Zgzza2Wtl3KCc1aIWU1MZ0urkv+P8Ue5BLtDkC5E8ER1hnRcADT2pbaEwr3Nw54= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=lsLcAcMB; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="lsLcAcMB" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-31202bbaafaso1437935a91.1 for ; Thu, 29 May 2025 16:40:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748562053; x=1749166853; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=GxDEH2I3zlAqvCgosNWe3M4dcdToh1WoWvh1SBj+HqY=; b=lsLcAcMBv8W5G345XF04wCXTMnmLUqmEIzh72+kN8PFE6FQGBfrK2/rxFEnG8u5Mwq niwv/AQq1K/GiQU75fn+3Cb8YbPHE9CewQjwiWd/8VK8JnWNCLmTcRRfejnSmOSEXhdK pGpXMBlTBgRb80Vv5vAcjjN9e3B+XeS+9U/vndopSlE/8zX2ffEXh6KySyCB15ytrTZq IS9M5Z6bpH2CCF4MBJnKe7jWfrjnfVfonGZZw7/BZz85YbRaLZ4t5SuXiNagNG1zy94l 3asXMEH1FM2/Cp15sgd0VAV8YvsUDiMVVkoHChoNS8lpxfBv7tTsmOpgFo8dzmzx6Mb8 RbMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748562053; x=1749166853; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=GxDEH2I3zlAqvCgosNWe3M4dcdToh1WoWvh1SBj+HqY=; b=E/dJ4HAxxZJlrHowPyNlqHV6tc23Uxk/7nmE1I5ygIzeYAvdR3CVJy4OTv0OCzXj/2 Z5QlswfmZ73ip+e9/oigUOzW/BJV83k3CDfNlpoPcwTalJqSSBeZ6bhNER90+8NIuHTA FFsnQ8yTXjsz7o31scI7DCrGj7OUS2Q6kzH1z5Tph/yPB1l7xawjdF01OLF/lgEciKMS 6q5HbbBBsdwSsVR74o36l08ne9LJLi8fCnIWrOc1eYJKbwLBI6SgS+WlY1tO+BRBAOUs 2DBjgEDuOwY8nf8XgdEDH4cWK2zVwWSiXXjRU6CxLvTnkyfFAyhEeCd7hscA4ugFz+YK NoqQ== X-Forwarded-Encrypted: i=1; AJvYcCXUL9vtr3YQoiquDXaxqi719t/NuETjKqpRDH5PK4SDMQIXOzgHELbeCQGBJJa5yMGoyYzr9mjh9Kukeik=@vger.kernel.org X-Gm-Message-State: AOJu0Yx4dFo2rQb34//ZG59FrhqV/EWHBF032DYi6HgSMafyR28+I8TF pI0BX28wpMqIVbXAgINYhJwQvdVH8YbnoPuSvNpDyh6RuCYCu6xFLWXgtpaqH0upQtsa2c1ixyk k74UK3Q== X-Google-Smtp-Source: AGHT+IFMMaWfKh45B1kec3L3aN0Q9ZzH6mNMeDqxBwlJYzUDz/YDra+mEZJ0TLYD5rwMsIShwj6cIab0VZU= X-Received: from pjbsn11.prod.google.com ([2002:a17:90b:2e8b:b0:311:1a09:11ff]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:55cb:b0:312:26d9:d59c with SMTP id 98e67ed59e1d1-31241e8e674mr1666711a91.22.1748562053215; Thu, 29 May 2025 16:40:53 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 29 May 2025 16:40:06 -0700 In-Reply-To: <20250529234013.3826933-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250529234013.3826933-1-seanjc@google.com> X-Mailer: git-send-email 2.49.0.1204.g71687c7c1d-goog Message-ID: <20250529234013.3826933-22-seanjc@google.com> Subject: [PATCH 21/28] KVM: SVM: Merge "after set CPUID" intercept recalc helpers From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Borislav Petkov , Xin Li , Chao Gao , Dapeng Mi Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Merge svm_recalc_intercepts_after_set_cpuid() and svm_recalc_instruction_intercepts() such that the "after set CPUID" helper simply invokes the type-specific helpers (MSRs vs. instructions), i.e. make svm_recalc_intercepts_after_set_cpuid() a single entry point for all intercept updates that need to be performed after a CPUID change. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/svm.c | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 12fbfbf9acad..2ebac30a337a 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1079,9 +1079,10 @@ void svm_write_tsc_multiplier(struct kvm_vcpu *vcpu) } =20 /* Evaluate instruction intercepts that depend on guest CPUID features. */ -static void svm_recalc_instruction_intercepts(struct kvm_vcpu *vcpu, - struct vcpu_svm *svm) +static void svm_recalc_instruction_intercepts(struct kvm_vcpu *vcpu) { + struct vcpu_svm *svm =3D to_svm(vcpu); + /* * Intercept INVPCID if shadow paging is enabled to sync/free shadow * roots, or if INVPCID is disabled in the guest to inject #UD. @@ -1100,11 +1101,6 @@ static void svm_recalc_instruction_intercepts(struct= kvm_vcpu *vcpu, else svm_set_intercept(svm, INTERCEPT_RDTSCP); } -} - -static void svm_recalc_intercepts_after_set_cpuid(struct kvm_vcpu *vcpu) -{ - struct vcpu_svm *svm =3D to_svm(vcpu); =20 if (guest_cpuid_is_intel_compatible(vcpu)) { svm_set_intercept(svm, INTERCEPT_VMLOAD); @@ -1121,7 +1117,11 @@ static void svm_recalc_intercepts_after_set_cpuid(st= ruct kvm_vcpu *vcpu) svm->vmcb->control.virt_ext |=3D VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK; } } +} =20 +static void svm_recalc_intercepts_after_set_cpuid(struct kvm_vcpu *vcpu) +{ + svm_recalc_instruction_intercepts(vcpu); svm_recalc_msr_intercepts(vcpu); } =20 @@ -1247,8 +1247,6 @@ static void init_vmcb(struct kvm_vcpu *vcpu) svm_clr_intercept(svm, INTERCEPT_PAUSE); } =20 - svm_recalc_instruction_intercepts(vcpu, svm); - if (kvm_vcpu_apicv_active(vcpu)) avic_init_vmcb(svm, vmcb); =20 @@ -4513,8 +4511,6 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu = *vcpu) if (guest_cpuid_is_intel_compatible(vcpu)) guest_cpu_cap_clear(vcpu, X86_FEATURE_V_VMSAVE_VMLOAD); =20 - svm_recalc_instruction_intercepts(vcpu, svm); - if (sev_guest(vcpu->kvm)) sev_vcpu_after_set_cpuid(svm); =20 --=20 2.49.0.1204.g71687c7c1d-goog From nobody Wed Feb 11 04:00:15 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8DD162690EB for ; Thu, 29 May 2025 23:40:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562057; cv=none; b=MSWoY7vd6Y3j4Z2kAPYJDSbdhgGRFPw46mM91I0dyxUD6GHXYaf3zdRXgOvrphS/Ccy9lBcWXfO/PM01hW+wCWllpdvESOR+JnV419kGE6Y1/Mz9Kl8f3dOYyTNtEJXBCTiLsbChKJMi0vgkZ3dwXtnSEj6U1RppUpnZmw5A/5s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562057; c=relaxed/simple; bh=SoD0Hcit0b3Q2X0664j5BC/XwufKuxL0p4SDIiBBwuI=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=fMf5gS3IUSbJSv8arS+8Seaer+m9IgZAApZwvZKiH0Lp56vrFSos+1Ug/FI6PuHnN1VVfB0TAl6zPdQI79qsjOJyzo2Gil+Nn2FDbr9wxH7eiO/e3k3S2Z+jkleM/42IfX1KxaJtZ5ME4/TEm5jJXzTuBHeEQPIyHs8KM3ByLrs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=txM9L/Qp; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="txM9L/Qp" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-311c5d9307eso1639314a91.2 for ; Thu, 29 May 2025 16:40:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748562055; x=1749166855; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=ma79OxOfbFz3TgRT1+ArAbLyQaoHvlTGS7OlgEQow6Q=; b=txM9L/QpogytWeQoiYOOveFZq7bV54bAIxcfdQCdwv+MYK8Tc2nojInZ0pS0kdRkp+ F9mO+j9Xb5aBKtfiI1I+8mRboNnzYq5xUgOZsSSfennflJJ3xwnbTQ0rQaOp3Yxu3OqM D99bIx1LE9SFl0KvK6aI5urL1uj4O3xhi+vQkRet8cXhvhBh6oGCpfhXLK98pgX5SHeI OWvyRQfvvqwZUiaC7I7UmZkWlG7rIK5HUJ6TvcmXqaMLVs++pqron9vR4/pGjuyTPhtw pcTMEG1Ajw0YYau0DQXqcx+m2qzEABF2vSSRblPq36I5NPx0UuanmR3vSTO0n74Ihtul zp9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748562055; x=1749166855; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ma79OxOfbFz3TgRT1+ArAbLyQaoHvlTGS7OlgEQow6Q=; b=QOALehMxtTEAgNsymtYVuxh0diPIgvw7TSUOiKDYEBYTwb8hpSwtvK1Ixz/jRkNaJe XNE7AxUhqpuPP4Ek0zPrJrg+DeBM0a267E2NXnbIoLKfarBIf5a8WKsRCqPV4+PVg7r7 QVZ3M3VezCwsV99GEyI7IX+0TPYVC4koxtWPCPBz+O47+9xc7vdBvQCPHHLDBSFbCR4A Osw8nTX6n86yJje01ePVxpWUIhm3+mEb2BmBRXsah6B5iAMt13qHhZvbnLtH2Ak1ctPR BKrsKHWNimKsexejVUFapCKkz6zo6ZywXvsjm4e+qhzpkoDrULQ6MjhFfHIONEzZQ/MS bk+Q== X-Forwarded-Encrypted: i=1; AJvYcCUlimwvFOmcp2CIxruXQjliLZyGJZsi3K4xZYPXGJ7xOEuNiMfbP3WeP1JDt3yMHn5+AJLw5g63FeOhiPg=@vger.kernel.org X-Gm-Message-State: AOJu0YxLr0vDenus2ZjuH+AdvENi3fwt1MiF82IdKu9pGXaexLlYyqvq qWjGX3Adgoe/dyACXw27Tpd+dO2Hzi7WxkY7ISV6Dlf6Q3EBMJq5uw/z+Sflcu4N/HaE3JcZbvU 0MkofhA== X-Google-Smtp-Source: AGHT+IHkbdZTK3P5HLHYM5AwmXLymCJ0QLixXG2jn4Ae152nUnpVjDZhnL8AuCnVXKZgkEkLTE0sz/Z5ACw= X-Received: from pjbsc15.prod.google.com ([2002:a17:90b:510f:b0:301:1bf5:2f07]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:2701:b0:311:c939:c84a with SMTP id 98e67ed59e1d1-312416340bamr2391836a91.15.1748562054868; Thu, 29 May 2025 16:40:54 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 29 May 2025 16:40:07 -0700 In-Reply-To: <20250529234013.3826933-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250529234013.3826933-1-seanjc@google.com> X-Mailer: git-send-email 2.49.0.1204.g71687c7c1d-goog Message-ID: <20250529234013.3826933-23-seanjc@google.com> Subject: [PATCH 22/28] KVM: SVM: Drop explicit check on MSRPM offset when emulating SEV-ES accesses From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Borislav Petkov , Xin Li , Chao Gao , Dapeng Mi Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Now that msr_write_intercepted() defaults to true, i.e. accurately reflects hardware behavior for out-of-range MSRs, and doesn't WARN (or BUG) on an out-of-range MSR, drop sev_es_prevent_msr_access()'s svm_msrpm_offset() check that guarded against calling msr_write_intercepted() with a "bad" index. Opportunistically clean up the helper's formatting. Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/svm.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 2ebac30a337a..9d01776d82d4 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2771,12 +2771,11 @@ static int svm_get_feature_msr(u32 msr, u64 *data) return 0; } =20 -static bool -sev_es_prevent_msr_access(struct kvm_vcpu *vcpu, struct msr_data *msr_info) +static bool sev_es_prevent_msr_access(struct kvm_vcpu *vcpu, + struct msr_data *msr_info) { return sev_es_guest(vcpu->kvm) && vcpu->arch.guest_state_protected && - svm_msrpm_offset(msr_info->index) !=3D MSR_INVALID && !msr_write_intercepted(vcpu, msr_info->index); } =20 --=20 2.49.0.1204.g71687c7c1d-goog From nobody Wed Feb 11 04:00:15 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1F445269AE3 for ; Thu, 29 May 2025 23:40:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562058; cv=none; b=hKXec3EAgLLe6DqbEDaK5+NkHidWyb7yBM3K2c/CkWAkef5EvUOSUz+mhVVv6gFTdYk2FmbWgygTf3bGjCdUapJDp5RE5cEOmQ6+46NNIS6Tj3Np/gAoOWAv/Ylzs9d5UL0IhGLYcmiw3tbFmGc90wzx48mBU44R4hkEotxO0/U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562058; c=relaxed/simple; bh=wiSfnvg+3ob6BZ0Eu3gekeRK967P9Nv3tIdvcIcKxQ0=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=FOF7c1HWPPddH63RirNAM11+BboLGwcsOvhuOL1h+y3SLe8IkagMhv4e/NUbXPrHrN9Fdhu/8B7f/8Uw+1uK5xssh4xGg7SjBhk08QApT2O9az1wWUMSJ5ghR9OpvmSGjio9bg2oDLLF5PEml/nuXlx6DD5gQfBzNXZPCyfnMKM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=DkEmLBI/; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="DkEmLBI/" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-310efe825ccso1375117a91.3 for ; Thu, 29 May 2025 16:40:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748562056; x=1749166856; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=+CgyWByAaHVV85PeVC13Q9ehun1/Wd3oFQ4GzRhsXCQ=; b=DkEmLBI/LEgYd2QJSbA27/HwX3AD0dc6dmG+tJ6rveX4K/IKKAfIlDZ1erOfPsICPv 6vqm41i1/74DNCm/p8vtbWRb1Jci6r0UokkM/zYM6+/Pmn+cnlSCEyhSiBxuzGfrOfBm 4rnQA1VxotQ58nk03g6Q6WY8h6AeIAdw+XOCQjvw1IP4vlCc05pdUN/d+uQEaXiesOHt esXM0ioW9sAOWt5y4CO2WfactTjOXtW+5rXsECHRlq/4caGcd2+ClKZQXvFIoyy6V58z /T3HCnISGnJy1/6yrnth5mxutGF8rEvTa09VwD2cJN2ms5WrhVFpH/ruD5n2SmEb7+xu x/RA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748562056; x=1749166856; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=+CgyWByAaHVV85PeVC13Q9ehun1/Wd3oFQ4GzRhsXCQ=; b=HWMwmAZjr8hHD4LlB3pPtYJ0ozDBoxRsArqrfWQWSqwATwGweLYAB2mfQoQFGYhJKR 9eZhchLtcHpPA350o0XKVv9kx5KUIePcsQmiIz3c7i7qUr9j3JAPS0TsQFrehmBL+/Gi rwL6EC5p0VFaBjB0ETsYT0X6+OMQVVAn3NfoI/2qmyzXFt13SLaLOg+3eW48Avov6Ub7 3NTe8DEmXyvDCXgHTW3c8sXDL9oVSqx/Up172Y/jF5wqmoONfHu9VWZ6Qg04+qkIu4GJ MU5Je9xexkXc8Ha/QkVFbyEQ4ArDY8upts9qpFoq1WxrLQH5lx87LcCksjQ1LdYX1hk5 aP+Q== X-Forwarded-Encrypted: i=1; AJvYcCWIjOsivd55Qtx5G/x5QY3pnZe76uPXBa4/tJuDTFCJcqwwSDe8GraWE2dmSbzzbM4lgUva3OVgPkhN/yY=@vger.kernel.org X-Gm-Message-State: AOJu0YyVNAo0FwLeSrgjMHeDaSr6aYi2nJ4bwtx0D/YJssFBsw5kbgnZ +E6EcVCLLMBQyoCz+lWVOIOCMD6J3IenbCUY3EwxtCrky2fUyC5XKVhZTL5D56cfgwV+lTjD+SW c7MNILg== X-Google-Smtp-Source: AGHT+IGo71TMXPlGjlEtx+9KCFpk1shtfB/J83ECXF+TfIzjn3vXYzFl65S88oW17CFw5334ijpYDq8c4lw= X-Received: from pjp3.prod.google.com ([2002:a17:90b:55c3:b0:312:a03:ef54]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:4f4b:b0:311:c939:c851 with SMTP id 98e67ed59e1d1-312413f92e6mr2030455a91.4.1748562056573; Thu, 29 May 2025 16:40:56 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 29 May 2025 16:40:08 -0700 In-Reply-To: <20250529234013.3826933-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250529234013.3826933-1-seanjc@google.com> X-Mailer: git-send-email 2.49.0.1204.g71687c7c1d-goog Message-ID: <20250529234013.3826933-24-seanjc@google.com> Subject: [PATCH 23/28] KVM: SVM: Move svm_msrpm_offset() to nested.c From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Borislav Petkov , Xin Li , Chao Gao , Dapeng Mi Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Move svm_msrpm_offset() from svm.c to nested.c now that all usage of the u32-index offsets is nested virtualization specific. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/nested.c | 27 +++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 27 --------------------------- arch/x86/kvm/svm/svm.h | 1 - 3 files changed, 27 insertions(+), 28 deletions(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 0026d2adb809..5d6525627681 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -187,6 +187,33 @@ void recalc_intercepts(struct vcpu_svm *svm) static int nested_svm_msrpm_merge_offsets[6] __ro_after_init; static int nested_svm_nr_msrpm_merge_offsets __ro_after_init; =20 +static const u32 msrpm_ranges[] =3D { + SVM_MSRPM_RANGE_0_BASE_MSR, + SVM_MSRPM_RANGE_1_BASE_MSR, + SVM_MSRPM_RANGE_2_BASE_MSR +}; + +static u32 svm_msrpm_offset(u32 msr) +{ + u32 offset; + int i; + + for (i =3D 0; i < ARRAY_SIZE(msrpm_ranges); i++) { + if (msr < msrpm_ranges[i] || + msr >=3D msrpm_ranges[i] + SVM_MSRS_PER_RANGE) + continue; + + offset =3D (msr - msrpm_ranges[i]) / SVM_MSRS_PER_BYTE; + offset +=3D (i * SVM_MSRPM_BYTES_PER_RANGE); /* add range offset */ + + /* Now we have the u8 offset - but need the u32 offset */ + return offset / 4; + } + + /* MSR not in any range */ + return MSR_INVALID; +} + int __init nested_svm_init_msrpm_merge_offsets(void) { const u32 merge_msrs[] =3D { diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 9d01776d82d4..fa2df1c869db 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -195,33 +195,6 @@ static DEFINE_MUTEX(vmcb_dump_mutex); */ static int tsc_aux_uret_slot __read_mostly =3D -1; =20 -static const u32 msrpm_ranges[] =3D { - SVM_MSRPM_RANGE_0_BASE_MSR, - SVM_MSRPM_RANGE_1_BASE_MSR, - SVM_MSRPM_RANGE_2_BASE_MSR -}; - -u32 svm_msrpm_offset(u32 msr) -{ - u32 offset; - int i; - - for (i =3D 0; i < ARRAY_SIZE(msrpm_ranges); i++) { - if (msr < msrpm_ranges[i] || - msr >=3D msrpm_ranges[i] + SVM_MSRS_PER_RANGE) - continue; - - offset =3D (msr - msrpm_ranges[i]) / SVM_MSRS_PER_BYTE; - offset +=3D (i * SVM_MSRPM_BYTES_PER_RANGE); /* add range offset */ - - /* Now we have the u8 offset - but need the u32 offset */ - return offset / 4; - } - - /* MSR not in any range */ - return MSR_INVALID; -} - static int get_npt_level(void) { #ifdef CONFIG_X86_64 diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 23e1e3ae30b0..d146c35b9bd2 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -673,7 +673,6 @@ BUILD_SVM_MSR_BITMAP_HELPERS(void, set, __set) /* svm.c */ extern bool dump_invalid_vmcb; =20 -u32 svm_msrpm_offset(u32 msr); u32 *svm_vcpu_alloc_msrpm(void); void svm_vcpu_free_msrpm(u32 *msrpm); void svm_copy_lbrs(struct vmcb *to_vmcb, struct vmcb *from_vmcb); --=20 2.49.0.1204.g71687c7c1d-goog From nobody Wed Feb 11 04:00:15 2026 Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1C9A526A088 for ; Thu, 29 May 2025 23:40:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562060; cv=none; b=UcFHYavtSEcPVfzu8DMK6mSkL4rE+sdR6QFb6rX5sqz1yp0pxMe3Z6RsVBF6QL3xfxhUPo33HS+EAUn3cImtFuk93jQEYiIKi8Ap3i053KCzk6f4r1jgBOZsmpJ2hS8NnysJtiL/lvrwBlfvKe9tr6HrCu0Lz+Ws2Q3/eNdWRAU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562060; c=relaxed/simple; bh=WSoaNu660Zd2LHE7vtRJTDYgkU/FHIlWHCtZt9PFxFk=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=aTMHkSyq0sFnnNKiTbv9JFCkzNcbPbSTi9vThz7kZe0IFh4qigFXOut/HsGZOYFN7fdvoAqq+gsm+pkhNdkVJBHFhtWetSxcdy0W9vEFqIiW23KVjq8Y0EeM7sHdIPrLhsimbPKhKgdOE5MRYigEzaKWT3BmJPGDP7EnwNVdj1k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=WGaDQCPB; arc=none smtp.client-ip=209.85.214.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="WGaDQCPB" Received: by mail-pl1-f201.google.com with SMTP id d9443c01a7336-233e462f57fso16828965ad.1 for ; Thu, 29 May 2025 16:40:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748562058; x=1749166858; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=knshc8Ro6b23sXzG4OhMtI9xEOuGTz+THWgQsoLQKOM=; b=WGaDQCPBLIa6mYd0E5T8Kpd8cEZ5WCGWw8IRz4hOukf5y5GpmAOsxA+LH/mPgGGL2a DTua2UPz6vy6wtjJDR0yT1N4dUfabGH7ZTHFN/XouJ6KrGBEkn8Do6Oh8x4G5a2taMIg yIzvqr/8F8StLeKOvHMoRWkadPLrz7JWDpm9FXmbRZ7Ewu4vXey5URZZ/je/yriAtSv9 nlLXbXzNQi2VuhHMlQhRLjVldZe8Z32xL276mmvainCNkm7NEqqnFL6mbRH5b93t4/n/ 5e4v48n7opL6DsSqx5r5slFDJL1IPM1OpQbPo+8FJI+SzsVHLhtC7nVX/JCfohfn+K3r pDRg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748562058; x=1749166858; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=knshc8Ro6b23sXzG4OhMtI9xEOuGTz+THWgQsoLQKOM=; b=n0OJyaKiVjJjxb6PQ2a122Eu7iAVHwcLifQnJ/U9+bwvja2L/qg/PKY2JHbpiVyeLk Ku2m8Ju1z0/gzgo7ocWReiIkhYp26be3jFXdQI1fzmJM4rHENdHIHrp8Go842rpph9Ns 0Z/GlvCM413EWQRjAmV3MoLcl+SgCJOHiaHDmZeNNYWjmZYzIX+X9MjiIZx+HdJ8ybjC /g7hHiDPXLVHTVowlEVndu9GYyyOBtxgocJk5MN78jvbqQwSKXHjyHwAawH0RJdza5Sp eakRWlfvn0AXLAtVY8Ax+/Ckd/4qQsj8RmTHeF1Bzb7vGzEu5y6FhtBcKOPNnglxi1Bq UMIg== X-Forwarded-Encrypted: i=1; AJvYcCX931VREygibuqd4I/nbjcKLfGbmQNqdeOA+duolstSaG6SoOTu6VL0IG0kCcIgJfAMOwTMbopmi3Xvyjg=@vger.kernel.org X-Gm-Message-State: AOJu0YwS4vA7Trd0IByzNwLl5lh2EIr3KwL5yAOUrSjOazl/9NJrU/eW NDSmzbFtHPYlNyW4l/1oaaVN8N9uxnvDkLPyZ7RsbwqUOWZBAJx6od7EwhTiina5BKlrAOQ+KCg xJVtS0A== X-Google-Smtp-Source: AGHT+IEKYGN3bgz9PNv8hfea1DfB0n41Fsnd40ZBScCazZ4iIJMrBbN2fDYm5QFjqceqs1filEr1ra9Jymg= X-Received: from pjbsl12.prod.google.com ([2002:a17:90b:2e0c:b0:311:be10:7246]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:902:ea11:b0:235:1966:93a9 with SMTP id d9443c01a7336-235291e7dcbmr16997285ad.3.1748562058357; Thu, 29 May 2025 16:40:58 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 29 May 2025 16:40:09 -0700 In-Reply-To: <20250529234013.3826933-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250529234013.3826933-1-seanjc@google.com> X-Mailer: git-send-email 2.49.0.1204.g71687c7c1d-goog Message-ID: <20250529234013.3826933-25-seanjc@google.com> Subject: [PATCH 24/28] KVM: SVM: Store MSRPM pointer as "void *" instead of "u32 *" From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Borislav Petkov , Xin Li , Chao Gao , Dapeng Mi Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Store KVM's MSRPM pointers as "void *" instead of "u32 *" to guard against directly accessing the bitmaps outside of code that is explicitly written to access the bitmaps with a specific type. Opportunistically use svm_vcpu_free_msrpm() in svm_vcpu_free() instead of open coding an equivalent. Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/nested.c | 4 +++- arch/x86/kvm/svm/svm.c | 8 ++++---- arch/x86/kvm/svm/svm.h | 13 ++++++++----- 3 files changed, 15 insertions(+), 10 deletions(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 5d6525627681..e07e10fb52a5 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -271,6 +271,8 @@ int __init nested_svm_init_msrpm_merge_offsets(void) static bool nested_svm_merge_msrpm(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm =3D to_svm(vcpu); + u32 *msrpm02 =3D svm->nested.msrpm; + u32 *msrpm01 =3D svm->msrpm; int i; =20 /* @@ -305,7 +307,7 @@ static bool nested_svm_merge_msrpm(struct kvm_vcpu *vcp= u) if (kvm_vcpu_read_guest(vcpu, offset, &value, 4)) return false; =20 - svm->nested.msrpm[p] =3D svm->msrpm[p] | value; + msrpm02[p] =3D msrpm01[p] | value; } =20 svm->nested.force_msr_bitmap_recalc =3D false; diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index fa2df1c869db..6f99031c2926 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -731,11 +731,11 @@ void svm_enable_intercept_for_msr(struct kvm_vcpu *vc= pu, u32 msr, int type) svm->nested.force_msr_bitmap_recalc =3D true; } =20 -u32 *svm_vcpu_alloc_msrpm(void) +void *svm_vcpu_alloc_msrpm(void) { unsigned int order =3D get_order(MSRPM_SIZE); struct page *pages =3D alloc_pages(GFP_KERNEL_ACCOUNT, order); - u32 *msrpm; + void *msrpm; =20 if (!pages) return NULL; @@ -809,7 +809,7 @@ void svm_set_x2apic_msr_interception(struct vcpu_svm *s= vm, bool intercept) svm->x2avic_msrs_intercepted =3D intercept; } =20 -void svm_vcpu_free_msrpm(u32 *msrpm) +void svm_vcpu_free_msrpm(void *msrpm) { __free_pages(virt_to_page(msrpm), get_order(MSRPM_SIZE)); } @@ -1353,7 +1353,7 @@ static void svm_vcpu_free(struct kvm_vcpu *vcpu) sev_free_vcpu(vcpu); =20 __free_page(__sme_pa_to_page(svm->vmcb01.pa)); - __free_pages(virt_to_page(svm->msrpm), get_order(MSRPM_SIZE)); + svm_vcpu_free_msrpm(svm->msrpm); } =20 #ifdef CONFIG_CPU_MITIGATIONS diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index d146c35b9bd2..77287c870967 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -189,8 +189,11 @@ struct svm_nested_state { u64 vmcb12_gpa; u64 last_vmcb12_gpa; =20 - /* These are the merged vectors */ - u32 *msrpm; + /* + * The MSR permissions map used for vmcb02, which is the merge result + * of vmcb01 and vmcb12 + */ + void *msrpm; =20 /* A VMRUN has started but has not yet been performed, so * we cannot inject a nested vmexit yet. */ @@ -271,7 +274,7 @@ struct vcpu_svm { */ u64 virt_spec_ctrl; =20 - u32 *msrpm; + void *msrpm; =20 ulong nmi_iret_rip; =20 @@ -673,8 +676,8 @@ BUILD_SVM_MSR_BITMAP_HELPERS(void, set, __set) /* svm.c */ extern bool dump_invalid_vmcb; =20 -u32 *svm_vcpu_alloc_msrpm(void); -void svm_vcpu_free_msrpm(u32 *msrpm); +void *svm_vcpu_alloc_msrpm(void); +void svm_vcpu_free_msrpm(void *msrpm); void svm_copy_lbrs(struct vmcb *to_vmcb, struct vmcb *from_vmcb); void svm_enable_lbrv(struct kvm_vcpu *vcpu); void svm_update_lbrv(struct kvm_vcpu *vcpu); --=20 2.49.0.1204.g71687c7c1d-goog From nobody Wed Feb 11 04:00:15 2026 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8236E26A0D5 for ; Thu, 29 May 2025 23:41:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562063; cv=none; b=XYf+KiXgW6cFS4v277c58egl47x4oDtMG5lAx8nx5pJLEBtNLh18H+gM5UIv2/uQ4s3wgpLf46Y08VeoIsEntuSa61tNBsn54SC5aAH5v2lHm6h86/mHXzvb+6xfGFKQq35BMaGK4cvcoKwGJ6q4RSkfUSApGDAsA1xiXZiJLzo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562063; c=relaxed/simple; bh=ZFb/3lAGC1g8Y2bFOP1ommZzO1+zHR4brXHCUWjaq1g=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=oXszUVUFXa/YkEZRheK9tmI47jorKynkpKtxj1aPMy9g+9LNkYuHTAjJMyT+ApRdoWw5a1DkQUx/HCaUsgZO36Fv/Y/EjyFp8eQT4AIspnOOAYCi4AAAguLGr40qy3XIxu1sC9K5VggsBmvup/2fi1gGS3aE7ExKImPBn5b2/fw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=eopGam8G; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="eopGam8G" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-b090c7c2c6aso955974a12.0 for ; Thu, 29 May 2025 16:41:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748562060; x=1749166860; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=3a1J0Ub7xM1RZ2MIP5yy6ba1P/0GmNR80DgJ0Et9T+s=; b=eopGam8Gu0WO+bBPAdCvCJhAKOZ7ZvX7ovWarAPFqmHMR8WJFaYOTGasFnliISDxmV DuHs1v5TNoGsyxG/EEN/q+NsTEHP93vdPR54SPG+GI33pfMMPm8eYHLmJAJBpTRIKBDa 3oVDt+DTl0XfINyYfpQuCTHjG6m74KeFFy2fqVFSLZ1So2mI8vHQ6bTzwtjeY5n88DQ5 /wc6vdLa+0bGFr6PMWjbN4I0+OEmaalToX2tmXWu+NE65cTnDV3WImHvZGu1bk7AlunL XMBIihQllwH8/xlumiDj3iJ+PGyOM3Jj8jh/InlXESaUdOYLd7sIeP5A2eLNmzMmo/Jq PvjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748562060; x=1749166860; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=3a1J0Ub7xM1RZ2MIP5yy6ba1P/0GmNR80DgJ0Et9T+s=; b=VUNzA31VDCVWdOr4aW0SMwfMVVKrWz7blvJ569vunMnX/al7VObwxY47QoD9Gg0V26 XU7V+fu8yJgLCdwdSBI9LtxL1ttQRGBFeEzk/tPLfxArSIMc7ohyhDzrVjoWhnB/h8VK j+NGeGD/0hwHAMgE49itg+G5zvYrJIG2GziWW1JH1XVc6phBgs6m/YEajHRoVUU+zw8I Ybsyh1bbouAtJorPL5ZwIYI+KDzmvt9TfID25ZVzyppAzWOiWoJT1hkUAsDvZfDSi5bB GBv9lBle5jPY6n1/1N6USFND20r8JR0lm80ocSnsrlrJwndjSv9qFzFdSHEd6hBOAKPV nOBQ== X-Forwarded-Encrypted: i=1; AJvYcCX1doK2V5C5TAbpemGQ43euHOrGvVb8NFtx49E5HslFkcYzlO+OD2sBx4CXr8ULbQI+GnpsvWh0zqNx8B8=@vger.kernel.org X-Gm-Message-State: AOJu0Yw8GByje6D78WcEdtPD5XubjDtKiaI19u4qVsNVRsWU5Nse+OjW Lu0nvxJz0huBf8HwJRJt2Y7Mvd7zk5FxHVmFIhkbuSOfoqccZeUdq6v/xukKzViid6HOXwUdWAA Ir8g+gw== X-Google-Smtp-Source: AGHT+IEP4RsRolE3up+NH8Y9OpUWlzlFJ2wXS8wR9Fo5TGNprPoAZ7Tc/4cyp0Tv0pwH5QbDGJMGN1zZzrA= X-Received: from pjbsi6.prod.google.com ([2002:a17:90b:5286:b0:311:6040:2c7a]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:903:1946:b0:235:2799:640 with SMTP id d9443c01a7336-235396ac9afmr423775ad.25.1748562059798; Thu, 29 May 2025 16:40:59 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 29 May 2025 16:40:10 -0700 In-Reply-To: <20250529234013.3826933-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250529234013.3826933-1-seanjc@google.com> X-Mailer: git-send-email 2.49.0.1204.g71687c7c1d-goog Message-ID: <20250529234013.3826933-26-seanjc@google.com> Subject: [PATCH 25/28] KVM: nSVM: Access MSRPM in 4-byte chunks only for merging L0 and L1 bitmaps From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Borislav Petkov , Xin Li , Chao Gao , Dapeng Mi Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Access the MSRPM using u32/4-byte chunks (and appropriately adjusted offsets) only when merging L0 and L1 bitmaps as part of emulating VMRUN. The only reason to batch accesses to MSRPMs is to avoid the overhead of uaccess operations (e.g. STAC/CLAC and bounds checks) when reading L1's bitmap pointed at by vmcb12. For all other uses, either per-bit accesses are more than fast enough (no uaccess), or KVM is only accessing a single bit (nested_svm_exit_handled_msr()) and so there's nothing to batch. In addition to (hopefully) documenting the uniqueness of the merging code, restricting chunked access to _just_ the merging code will allow for increasing the chunk size (to unsigned long) with minimal risk. Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/nested.c | 50 ++++++++++++++++----------------------- arch/x86/kvm/svm/svm.h | 18 ++++++++++---- 2 files changed, 34 insertions(+), 34 deletions(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index e07e10fb52a5..a4e98ada732b 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -187,31 +187,19 @@ void recalc_intercepts(struct vcpu_svm *svm) static int nested_svm_msrpm_merge_offsets[6] __ro_after_init; static int nested_svm_nr_msrpm_merge_offsets __ro_after_init; =20 -static const u32 msrpm_ranges[] =3D { - SVM_MSRPM_RANGE_0_BASE_MSR, - SVM_MSRPM_RANGE_1_BASE_MSR, - SVM_MSRPM_RANGE_2_BASE_MSR -}; +#define SVM_BUILD_MSR_BYTE_NR_CASE(range_nr, msr) \ + case SVM_MSRPM_FIRST_MSR(range_nr) ... SVM_MSRPM_LAST_MSR(range_nr): \ + return SVM_MSRPM_BYTE_NR(range_nr, msr); =20 static u32 svm_msrpm_offset(u32 msr) { - u32 offset; - int i; - - for (i =3D 0; i < ARRAY_SIZE(msrpm_ranges); i++) { - if (msr < msrpm_ranges[i] || - msr >=3D msrpm_ranges[i] + SVM_MSRS_PER_RANGE) - continue; - - offset =3D (msr - msrpm_ranges[i]) / SVM_MSRS_PER_BYTE; - offset +=3D (i * SVM_MSRPM_BYTES_PER_RANGE); /* add range offset */ - - /* Now we have the u8 offset - but need the u32 offset */ - return offset / 4; + switch (msr) { + SVM_BUILD_MSR_BYTE_NR_CASE(0, msr) + SVM_BUILD_MSR_BYTE_NR_CASE(1, msr) + SVM_BUILD_MSR_BYTE_NR_CASE(2, msr) + default: + return MSR_INVALID; } - - /* MSR not in any range */ - return MSR_INVALID; } =20 int __init nested_svm_init_msrpm_merge_offsets(void) @@ -245,6 +233,12 @@ int __init nested_svm_init_msrpm_merge_offsets(void) if (WARN_ON(offset =3D=3D MSR_INVALID)) return -EIO; =20 + /* + * Merging is done in 32-bit chunks to reduce the number of + * accesses to L1's bitmap. + */ + offset /=3D sizeof(u32); + for (j =3D 0; j < nested_svm_nr_msrpm_merge_offsets; j++) { if (nested_svm_msrpm_merge_offsets[j] =3D=3D offset) break; @@ -1363,8 +1357,9 @@ void svm_leave_nested(struct kvm_vcpu *vcpu) =20 static int nested_svm_exit_handled_msr(struct vcpu_svm *svm) { - u32 offset, msr, value; - int write, mask; + u32 offset, msr; + int write; + u8 value; =20 if (!(vmcb12_is_intercept(&svm->nested.ctl, INTERCEPT_MSR_PROT))) return NESTED_EXIT_HOST; @@ -1372,18 +1367,15 @@ static int nested_svm_exit_handled_msr(struct vcpu_= svm *svm) msr =3D svm->vcpu.arch.regs[VCPU_REGS_RCX]; offset =3D svm_msrpm_offset(msr); write =3D svm->vmcb->control.exit_info_1 & 1; - mask =3D 1 << ((2 * (msr & 0xf)) + write); =20 if (offset =3D=3D MSR_INVALID) return NESTED_EXIT_DONE; =20 - /* Offset is in 32 bit units but need in 8 bit units */ - offset *=3D 4; - - if (kvm_vcpu_read_guest(&svm->vcpu, svm->nested.ctl.msrpm_base_pa + offse= t, &value, 4)) + if (kvm_vcpu_read_guest(&svm->vcpu, svm->nested.ctl.msrpm_base_pa + offse= t, + &value, sizeof(value))) return NESTED_EXIT_DONE; =20 - return (value & mask) ? NESTED_EXIT_DONE : NESTED_EXIT_HOST; + return (value & BIT(write)) ? NESTED_EXIT_DONE : NESTED_EXIT_HOST; } =20 static int nested_svm_intercept_ioio(struct vcpu_svm *svm) diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 77287c870967..155b6089fcd2 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -634,15 +634,23 @@ static_assert(SVM_MSRS_PER_RANGE =3D=3D 8192); (range_nr * SVM_MSRPM_BYTES_PER_RANGE * BITS_PER_BYTE + \ (msr - SVM_MSRPM_RANGE_## range_nr ##_BASE_MSR) * SVM_BITS_PER_MSR) =20 -#define SVM_MSRPM_SANITY_CHECK_BITS(range_nr) \ +#define SVM_MSRPM_BYTE_NR(range_nr, msr) \ + (range_nr * SVM_MSRPM_BYTES_PER_RANGE + \ + (msr - SVM_MSRPM_RANGE_## range_nr ##_BASE_MSR) / SVM_MSRS_PER_BYTE) + +#define SVM_MSRPM_SANITY_CHECK_BITS_AND_BYTES(range_nr) \ static_assert(SVM_MSRPM_BIT_NR(range_nr, SVM_MSRPM_FIRST_MSR(range_nr) + 1= ) =3D=3D \ range_nr * 2048 * 8 + 2); \ static_assert(SVM_MSRPM_BIT_NR(range_nr, SVM_MSRPM_FIRST_MSR(range_nr) + 7= ) =3D=3D \ - range_nr * 2048 * 8 + 14); + range_nr * 2048 * 8 + 14); \ +static_assert(SVM_MSRPM_BYTE_NR(range_nr, SVM_MSRPM_FIRST_MSR(range_nr) + = 1) =3D=3D \ + range_nr * 2048); \ +static_assert(SVM_MSRPM_BYTE_NR(range_nr, SVM_MSRPM_FIRST_MSR(range_nr) + = 7) =3D=3D \ + range_nr * 2048 + 1); =20 -SVM_MSRPM_SANITY_CHECK_BITS(0); -SVM_MSRPM_SANITY_CHECK_BITS(1); -SVM_MSRPM_SANITY_CHECK_BITS(2); +SVM_MSRPM_SANITY_CHECK_BITS_AND_BYTES(0); +SVM_MSRPM_SANITY_CHECK_BITS_AND_BYTES(1); +SVM_MSRPM_SANITY_CHECK_BITS_AND_BYTES(2); =20 #define SVM_BUILD_MSR_BITMAP_CASE(bitmap, range_nr, msr, bitop, bit_rw) \ case SVM_MSRPM_FIRST_MSR(range_nr) ... SVM_MSRPM_LAST_MSR(range_nr): \ --=20 2.49.0.1204.g71687c7c1d-goog From nobody Wed Feb 11 04:00:15 2026 Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com [209.85.210.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2926526AA8F for ; Thu, 29 May 2025 23:41:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562063; cv=none; b=vDuO+WyuuU4F86ujLQW+ctzP313hp7XsArPFxO8dpRNLyErCUpe4V5SLf9d4VsZpAKUT9A4HSMTJuxiQFPKlO3ZdCZrStJIFnQDJfBwe28StjI3Ftgh+6Vtr7O+cB0KqMn1XTGlQFDd9UatN4mrIU22I2157uJ82uFJRwg/MArE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562063; c=relaxed/simple; bh=uAvpkJ1kh9zyVF8zsh87KKvNUaHxXqBUn9OHKPL2zxs=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=KuHoKuPRbHjkc+daKNPPxJqWJwLGJWP5tjvVXftQQ1M2UuWCjTAJvtim9JDo7vPJkNTXiPfC6juS1M/EhG6xM1WQ4XFtAu5PNa48S619K+//63+q++VxHA+um3suREKrKh4xWtxb+t/1teUPNBNqUZfpst0051PAbnuJZXOXznY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Zh6fn9cu; arc=none smtp.client-ip=209.85.210.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Zh6fn9cu" Received: by mail-pf1-f202.google.com with SMTP id d2e1a72fcca58-742b6705a52so1911641b3a.1 for ; Thu, 29 May 2025 16:41:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748562061; x=1749166861; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=Tbq754Ngub1Qv1FsclXkkiEsExVwCE+OzSUyYEWmCng=; b=Zh6fn9cucIS1hJrs3BlYoAlDSJYk5fFFXnw3ncJlIUUlpskoX96vwt0tYqipovwbp1 //OxisYaPRRrBqFfFx5vKtA/DnHZ6dpWLxhy/seIIXIMAwMdtlh6Q6pT6K+uRTBGYOel Ldg+iUAPsnj62jwYktexEGnbDQtcnNaDaYDx/0FoEyP8cJiMOvnJ7wH5dCqHFGxxMA3/ Et84y0hsUCDLE8pR8MT45Uve85Hyo0WdVtXcO/PRBgAnvHSJ5Yvz6cQ3SGuNuC2wrt1n zojejrZzc5YBl/Xk0CzJQVGH13neoBmtoJXWqjltWppt3ki7c1fBnOfN2GcQmxKkS6ff U7FQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748562061; x=1749166861; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Tbq754Ngub1Qv1FsclXkkiEsExVwCE+OzSUyYEWmCng=; b=sQHCH4Yl+4yuDzw7RoM1hYWtQz39smMxEEoBYeOusd0fs91/uLMIi/ulygnt0AVsV1 l6qTxCKfzrpUondojfl2gJaKwZE25PDg93clwQ/Gf+BEzCqza5BbCb8B4Pq4Qu/nhpnM Luu7RJ4/0GEM1y/PA7eks27b2FsetY9fvZBmYGJjUZwtbkHzhjukp9zc3Mr+bIEj9SBG cPDlgelQaKaEBiLzdgVHu0sVdhNGIGEVPHfMfQGJ+YHTHdA3GdBNJNiQ1pGxvaSI/D8j yLx9aGqL1+d4yFmg/NgUCba2Bo9EeiWie5+EFmxPH7txzMQyipmavMenZgQVVNVx29dG wnXw== X-Forwarded-Encrypted: i=1; AJvYcCXCh3KBmOHycTtl/sBF2SuT/3YBNe3XH1i39hrkFxZGp7fPNgByxYWBlFoetjgIoCIg+wm9IoTXBGDEcyk=@vger.kernel.org X-Gm-Message-State: AOJu0YwgskCInJMxsCjOLY3Yt48Q2YAO+QRVO1TCE4LJQrRVEudA9MMT uteFImpWUYEJ2v5wnvox/1zY7LVDs/ufbd6aS8n6V/dG61sHsjSma8OaeCtNseVnl8/1/FhZ9m0 l8uZ7Ow== X-Google-Smtp-Source: AGHT+IHsxkwYTOeBBNW9rzUAUGeHbr0ESRWe2CQWLtpJV7+H9jhCssfj6CJS4wpx0wj5vMu8jxd8n2ceNv4= X-Received: from pfbgd11.prod.google.com ([2002:a05:6a00:830b:b0:736:47b8:9b88]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a21:e8c:b0:204:4573:d856 with SMTP id adf61e73a8af0-21adff4c279mr304380637.4.1748562061484; Thu, 29 May 2025 16:41:01 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 29 May 2025 16:40:11 -0700 In-Reply-To: <20250529234013.3826933-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250529234013.3826933-1-seanjc@google.com> X-Mailer: git-send-email 2.49.0.1204.g71687c7c1d-goog Message-ID: <20250529234013.3826933-27-seanjc@google.com> Subject: [PATCH 26/28] KVM: SVM: Return -EINVAL instead of MSR_INVALID to signal out-of-range MSR From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Borislav Petkov , Xin Li , Chao Gao , Dapeng Mi Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Return -EINVAL instead of MSR_INVALID from svm_msrpm_offset() to indicate that the MSR isn't covered by one of the (currently) three MSRPM ranges, and delete the MSR_INVALID macro now that all users are gone. Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/nested.c | 14 +++++++------- arch/x86/kvm/svm/svm.h | 2 -- 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index a4e98ada732b..60f62cddd291 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -191,14 +191,14 @@ static int nested_svm_nr_msrpm_merge_offsets __ro_aft= er_init; case SVM_MSRPM_FIRST_MSR(range_nr) ... SVM_MSRPM_LAST_MSR(range_nr): \ return SVM_MSRPM_BYTE_NR(range_nr, msr); =20 -static u32 svm_msrpm_offset(u32 msr) +static int svm_msrpm_offset(u32 msr) { switch (msr) { SVM_BUILD_MSR_BYTE_NR_CASE(0, msr) SVM_BUILD_MSR_BYTE_NR_CASE(1, msr) SVM_BUILD_MSR_BYTE_NR_CASE(2, msr) default: - return MSR_INVALID; + return -EINVAL; } } =20 @@ -228,9 +228,9 @@ int __init nested_svm_init_msrpm_merge_offsets(void) int i, j; =20 for (i =3D 0; i < ARRAY_SIZE(merge_msrs); i++) { - u32 offset =3D svm_msrpm_offset(merge_msrs[i]); + int offset =3D svm_msrpm_offset(merge_msrs[i]); =20 - if (WARN_ON(offset =3D=3D MSR_INVALID)) + if (WARN_ON(offset < 0)) return -EIO; =20 /* @@ -1357,9 +1357,9 @@ void svm_leave_nested(struct kvm_vcpu *vcpu) =20 static int nested_svm_exit_handled_msr(struct vcpu_svm *svm) { - u32 offset, msr; - int write; + int offset, write; u8 value; + u32 msr; =20 if (!(vmcb12_is_intercept(&svm->nested.ctl, INTERCEPT_MSR_PROT))) return NESTED_EXIT_HOST; @@ -1368,7 +1368,7 @@ static int nested_svm_exit_handled_msr(struct vcpu_sv= m *svm) offset =3D svm_msrpm_offset(msr); write =3D svm->vmcb->control.exit_info_1 & 1; =20 - if (offset =3D=3D MSR_INVALID) + if (offset < 0) return NESTED_EXIT_DONE; =20 if (kvm_vcpu_read_guest(&svm->vcpu, svm->nested.ctl.msrpm_base_pa + offse= t, diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 155b6089fcd2..27c722fd766e 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -677,8 +677,6 @@ BUILD_SVM_MSR_BITMAP_HELPERS(bool, test, test) BUILD_SVM_MSR_BITMAP_HELPERS(void, clear, __clear) BUILD_SVM_MSR_BITMAP_HELPERS(void, set, __set) =20 -#define MSR_INVALID 0xffffffffU - #define DEBUGCTL_RESERVED_BITS (~DEBUGCTLMSR_LBR) =20 /* svm.c */ --=20 2.49.0.1204.g71687c7c1d-goog From nobody Wed Feb 11 04:00:15 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BA5EA26B094 for ; Thu, 29 May 2025 23:41:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562065; cv=none; b=bdc7gk0H1+NXxJR3/ROiJ9YCq1Ijk7WzuAdzpVgFUgm8fv2UDpxu5AsyqZfjHrAWs3ZNVgGmdaTmyFVutm8fI3q6abiaAVIJRl6CDfTB1+B7eSGSZzIhLZ16IzNCWKNtPMlOr3RlO3ODNWBB9JNXUTIUou17qNav90xuMzMJRoo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562065; c=relaxed/simple; bh=tsblVO85XoDjTNiWEa3udBEZ0r8PDQUQXfsZoNEoi1Y=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=B+njcRkn6ajX4emEp6lbd9ckwSyQIN0aDr38jobPWrk90MYvTWNjyzjznteGlEAaodf6LMSylnlzS9NLTr0P7wQQRWdoqr1iKsnVKC8WkUvhiS4TWrNMJYjun3j/+uVb/6gLcMffCZlvmvnIS+O0wmmi7VL0LcgRJ+NnR4BpF7A= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=3SPZQgR2; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="3SPZQgR2" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-311b6d25278so1455105a91.3 for ; Thu, 29 May 2025 16:41:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748562063; x=1749166863; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=NTiX6sorGYCjVyu6VPciOEYdAyiyqpHL947Q3I6wQJk=; b=3SPZQgR2QGDWg15uTnqK2CpT1panVF/DXcylZjY6FVfhvHJnQM1t7i47prvBOgR84w B2RDRur1/MO5YvdLmtxtUPONtfucr8lTWcgLJoveKBDItYKdYlC+FR+vfJEQP/sM/DZ9 8VSqc91IOXGeJdmnnqdUai6xB6gAdTGNIsjjcOwH1mkp/1rLrE4CgBx5yZ/kGefiSvzz KTpGqfl5vUlc1WmCmy04gSl0FMjxcexK4HH/wTXHeBiv+54wKnAOfZkkLA0Qve3kAKuY BmyWUR5eaC2E0cdKCknR8S/W3nTtNpv07F+ysf0Q7hO2PNl73peGzT+LTNKoHQKIIqm9 yWgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748562063; x=1749166863; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=NTiX6sorGYCjVyu6VPciOEYdAyiyqpHL947Q3I6wQJk=; b=HnGFdH8UttGoMO5mMfnNhmU7hdRvjDw6m4xv52jmvXgfGp9qahpNz1j4s8AA2kRxMO qI4TwE74o2N/T7rROPttR56jAeoz5M8pgYk8ZkppONRZDFGlPqr5PkZvUAItxXjqzTut BNuNKfHEQzI9gkUtUt3dQJzNJ9AuPZimnbQvEbE6/RzUkfMhXzJRYVknekzhXyXVjw4o tGF4YgCgW9eSfUjKf+nlajgekvxipL4egPjNhP2aFl9OflFKa64TsvLYbMEzt8wHn+PO QCqUAHZpjObjiz+6lVDYgh+bml7gGyObDSL6vFb1M6/XgS2uXXqQ35lSjql7pKbV2yl0 a6KQ== X-Forwarded-Encrypted: i=1; AJvYcCWmtVvbP0MyPBmR4Pf6ztMxR4Qxb4qM/iFzmkDcyyVMJiD3q1/Vqd7IMblBTnXQdmXJlBGIiUh+wTE171Y=@vger.kernel.org X-Gm-Message-State: AOJu0Yyjz4FSk0PJoAJXBoWp6Yeel40b4Vh5kSKRUkLoiEhHOtRH/hsX rvpF2ZPt2lsP+AWana9J0PmSswi83fkbXyytt+9pwSE0bWdxMUPBcIa33kKvNR0jKJ59VRRZZQ2 Ci/fbyQ== X-Google-Smtp-Source: AGHT+IHFPNRf85vhQW/Vp+4EXHWKl7Nvisj67P5EudGcWW95ABwEWKiz/7SumHmo1hjKp55lMs20QG9HBlw= X-Received: from pjk14.prod.google.com ([2002:a17:90b:558e:b0:30e:6bb2:6855]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:55cb:b0:312:26d9:d59c with SMTP id 98e67ed59e1d1-31241e8e674mr1667162a91.22.1748562062955; Thu, 29 May 2025 16:41:02 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 29 May 2025 16:40:12 -0700 In-Reply-To: <20250529234013.3826933-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250529234013.3826933-1-seanjc@google.com> X-Mailer: git-send-email 2.49.0.1204.g71687c7c1d-goog Message-ID: <20250529234013.3826933-28-seanjc@google.com> Subject: [PATCH 27/28] KVM: nSVM: Merge MSRPM in 64-bit chunks on 64-bit kernels From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Borislav Petkov , Xin Li , Chao Gao , Dapeng Mi Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When merging L0 and L1 MSRPMs as part of nested VMRUN emulation, access the bitmaps using "unsigned long" chunks, i.e. use 8-byte access for 64-bit kernels instead of arbitrarily working on 4-byte chunks. Opportunistically rename local variables in nested_svm_merge_msrpm() to more precisely/accurately reflect their purpose ("offset" in particular is extremely ambiguous). Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/nested.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 60f62cddd291..fb4808cf4711 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -184,6 +184,7 @@ void recalc_intercepts(struct vcpu_svm *svm) } } =20 +typedef unsigned long nsvm_msrpm_merge_t; static int nested_svm_msrpm_merge_offsets[6] __ro_after_init; static int nested_svm_nr_msrpm_merge_offsets __ro_after_init; =20 @@ -234,10 +235,10 @@ int __init nested_svm_init_msrpm_merge_offsets(void) return -EIO; =20 /* - * Merging is done in 32-bit chunks to reduce the number of - * accesses to L1's bitmap. + * Merging is done in chunks to reduce the number of accesses + * to L1's bitmap. */ - offset /=3D sizeof(u32); + offset /=3D sizeof(nsvm_msrpm_merge_t); =20 for (j =3D 0; j < nested_svm_nr_msrpm_merge_offsets; j++) { if (nested_svm_msrpm_merge_offsets[j] =3D=3D offset) @@ -265,8 +266,8 @@ int __init nested_svm_init_msrpm_merge_offsets(void) static bool nested_svm_merge_msrpm(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm =3D to_svm(vcpu); - u32 *msrpm02 =3D svm->nested.msrpm; - u32 *msrpm01 =3D svm->msrpm; + nsvm_msrpm_merge_t *msrpm02 =3D svm->nested.msrpm; + nsvm_msrpm_merge_t *msrpm01 =3D svm->msrpm; int i; =20 /* @@ -293,15 +294,15 @@ static bool nested_svm_merge_msrpm(struct kvm_vcpu *v= cpu) =20 for (i =3D 0; i < nested_svm_nr_msrpm_merge_offsets; i++) { const int p =3D nested_svm_msrpm_merge_offsets[i]; - u32 value; - u64 offset; + nsvm_msrpm_merge_t l1_val; + gpa_t gpa; =20 - offset =3D svm->nested.ctl.msrpm_base_pa + (p * 4); + gpa =3D svm->nested.ctl.msrpm_base_pa + (p * sizeof(l1_val)); =20 - if (kvm_vcpu_read_guest(vcpu, offset, &value, 4)) + if (kvm_vcpu_read_guest(vcpu, gpa, &l1_val, sizeof(l1_val))) return false; =20 - msrpm02[p] =3D msrpm01[p] | value; + msrpm02[p] =3D msrpm01[p] | l1_val; } =20 svm->nested.force_msr_bitmap_recalc =3D false; --=20 2.49.0.1204.g71687c7c1d-goog From nobody Wed Feb 11 04:00:15 2026 Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com [209.85.210.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 787F226B946 for ; Thu, 29 May 2025 23:41:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562067; cv=none; b=gxGeIGV6gVHH0gGcngJk3+BeGQnZ8PhK/ZcJZU2CZA1oZdoPIash6rsmrlJ9jxHnkt/6kBjvxmBI4R/qAL/ByjPugZv1q7R3TLciEjJC6xlNL448zGI8l4OY+ur9CWB6HUN5CMr0QVJ6lYh2WvUNlK7yFki/Mxnw7gjtPeNBZUg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748562067; c=relaxed/simple; bh=oPSfAtIATZQ8+qjKJYNi2UiBRx/9GSId3SQECpQ3XcM=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=kYlxqlJl+3B7cF1yz3UG4oY0IWTpr0IokgmB+DZv4PURUyKc4dN+X/+wUCPkKfxsBOcMQnd8Y0NmKsTR5d8wzEiSATil/vpIrtNm7Zx3/ew3l0ypqSaHTCTuTKF1lPUn6aMKnSjnijphUX+6pgBoeha4knwkt8OyrgvLt6N9Uno= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=sWtxPjhy; arc=none smtp.client-ip=209.85.210.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="sWtxPjhy" Received: by mail-pf1-f202.google.com with SMTP id d2e1a72fcca58-745e89b0c32so2027839b3a.3 for ; Thu, 29 May 2025 16:41:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748562065; x=1749166865; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=D1w9eruoa/+h1y+kxAKN4nRm8YX18Xo+mwrCh9wmFfY=; b=sWtxPjhy+90GwC16Zi7TyRC/+NOdShGwJDbqSiycPijQN7kEL+nMbh/1QD6cE9Tymd qsYwesgvbwpzU6V8SMTtdU3HIMtfxaHSZaHJ7TUYSOt0/pes1bg2eV4DvhfzMoEhKKvh 8vN0TAJOT8LcO/tP+QfhrxqaxqCBdWry1/Eyou8EaOAWghG+Qn8vYylLvAPOE0OoqJZr pXQZfH1mXN38LZQqF7rNChTuSKJC8g1aW91dac15Duvo9Fh/7Rw0Gw/Bm2FJsI12AE9Q xCaGD5pso/2cO0pLJvfFeUOoRWS7ar8i5KL0aCjeS4SLBOfar8/Ld+JCrKqpsaluj9H8 C11Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748562065; x=1749166865; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=D1w9eruoa/+h1y+kxAKN4nRm8YX18Xo+mwrCh9wmFfY=; b=v7u5UCei/geD504GLTMyYF18Ffte37NI5H2m4FG3WJDdl75mru8otIB8Y7TmsOLbk1 W3Qyp1k+8trdUvR42FcWERhMku0LF2rh7XUqn5cHwEbICnX6S9eqEerxXq/5cM1VLouu YB1S6IZfiPNf2iBhb7NT3rnp/Wd5nyOc5+4BRgBYOIi/OekosGMC+CKWeWeR7J01XTBb owLa/EyV7bWGowSb7NWv2ClDtre1oigrEjephoPQ9PTUXoR5voXqcd8ZuugHjPCCehiv YJh5XHMCjfSk6byo0tVp4vJb5MrN5u9BTnRW4+61ppo1vo7uKI05pp1mZJ6+MNXmR43Z 6MPw== X-Forwarded-Encrypted: i=1; AJvYcCVjnX3GupIQ4zxQYhm6pUkbONS56pZKfUXjKgKbA4NGvAhz6ACRBvIp2ehlOpSsx0ppu6c7rzzHdk4LccQ=@vger.kernel.org X-Gm-Message-State: AOJu0YwLEbIzYgJqC8bWqUqxnNk3QQJQxrwyLjn0/2jBeyiy+rtihGeo FwYM2Sc+T1Vsgi6LRG22BxrQuaCFXJv8UQQC4pDy1r4EyQUegcsadTHmrqUHF900RDAVRO0uf9q ZjGlhew== X-Google-Smtp-Source: AGHT+IHW019t6bOh5r2+n8eqSR6m7pMK/T98B2/buD8Ya8XZUgrDevK8/xH/YgciZlXidl8e6363cIkMFQE= X-Received: from pgbcs3.prod.google.com ([2002:a05:6a02:4183:b0:b2e:b47d:8dc]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a20:12c3:b0:215:f519:e2dc with SMTP id adf61e73a8af0-21adff8a5famr337694637.14.1748562064661; Thu, 29 May 2025 16:41:04 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 29 May 2025 16:40:13 -0700 In-Reply-To: <20250529234013.3826933-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250529234013.3826933-1-seanjc@google.com> X-Mailer: git-send-email 2.49.0.1204.g71687c7c1d-goog Message-ID: <20250529234013.3826933-29-seanjc@google.com> Subject: [PATCH 28/28] KVM: selftests: Verify KVM disable interception (for userspace) on filter change From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Borislav Petkov , Xin Li , Chao Gao , Dapeng Mi Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Re-read MSR_{FS,GS}_BASE after restoring the "allow everything" userspace MSR filter to verify that KVM stops forwarding exits to userspace. This can also be used in conjunction with manual verification (e.g. printk) to ensure KVM is correctly updating the MSR bitmaps consumed by hardware. Signed-off-by: Sean Christopherson Tested-by: Dapeng Mi Tested-by: Manali Shukla --- tools/testing/selftests/kvm/x86/userspace_msr_exit_test.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tools/testing/selftests/kvm/x86/userspace_msr_exit_test.c b/to= ols/testing/selftests/kvm/x86/userspace_msr_exit_test.c index 32b2794b78fe..8463a9956410 100644 --- a/tools/testing/selftests/kvm/x86/userspace_msr_exit_test.c +++ b/tools/testing/selftests/kvm/x86/userspace_msr_exit_test.c @@ -343,6 +343,12 @@ static void guest_code_permission_bitmap(void) data =3D test_rdmsr(MSR_GS_BASE); GUEST_ASSERT(data =3D=3D MSR_GS_BASE); =20 + /* Access the MSRs again to ensure KVM has disabled interception.*/ + data =3D test_rdmsr(MSR_FS_BASE); + GUEST_ASSERT(data !=3D MSR_FS_BASE); + data =3D test_rdmsr(MSR_GS_BASE); + GUEST_ASSERT(data !=3D MSR_GS_BASE); + GUEST_DONE(); } =20 @@ -682,6 +688,8 @@ KVM_ONE_VCPU_TEST(user_msr, msr_permission_bitmap, gues= t_code_permission_bitmap) "Expected ucall state to be UCALL_SYNC."); vm_ioctl(vm, KVM_X86_SET_MSR_FILTER, &filter_gs); run_guest_then_process_rdmsr(vcpu, MSR_GS_BASE); + + vm_ioctl(vm, KVM_X86_SET_MSR_FILTER, &filter_allow); run_guest_then_process_ucall_done(vcpu); } =20 --=20 2.49.0.1204.g71687c7c1d-goog