From nobody Sat Oct 11 08:30:54 2025
Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com
 [209.85.216.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id DCB652874EA
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:57:43 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596265; cv=none;
 b=QCZKubKC90q1h7iWake7k8SUA57d6YIJoLEsxRf+9Kh1BKo+DjCcaOvk90knX2YSdr/wC5BF0/DzLc78o6V5lsigoIZUQfyhCo3KRPThUWhAaPTj0n/yR4Owxu8m7bOmaoaiWs9IKJZszJZyFyvMk6VZDjyUosLAxEW4tpyMg7A=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596265; c=relaxed/simple;
	bh=tTEXLUd/zXDDLNY3MmnlVb5Gbwhb1Oifynpm05TtVX0=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=QDQOhLw3JDKo4tZgX+4gVBAXL/cNuYuAh3lKHIP90zeONE0ip4+V2M4xm5B/8Jm598DrZ9P/k5ndkF0tKIAHgSAJ/MD3wtCibIjBL1i/gaw7zfGMu0kZ+ExGHDMAKz01/b+Oey9b0MQRIKWV49pJRslOQ7+oZKecfSKH+NhVt5M=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=C9BRlTPM; arc=none smtp.client-ip=209.85.216.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="C9BRlTPM"
Received: by mail-pj1-f74.google.com with SMTP id
 98e67ed59e1d1-311f4f2e761so6377463a91.2
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:57:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596263; x=1750201063;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=LtGhffg+4qUCmhXz2Gv6Fzz7TJfhsSuBXbr9dL/TWnM=;
        b=C9BRlTPM2S8QfPSLCg+AIVcHrhapeIJpxk8axTJxfEgvP9SsdD0VwDWGkzT1AsfkYV
         Sd2vGpC+ZmoURI/vdvfAi/27hzejh7ls6VZ4jA6rvASzDxfwy6qZnGC3FXw//QKaVTTF
         ochVrpQHqu1ipy4PUEHNU0vDubm/iZRqXD/Kn1W5IMcZZ5Zy3BrhHKs9K7OsDxZnLzok
         NasXJfJWoUc1T82mL+zthkilBCqZmHVt7ZHX7QJ9NW0wdxZc2rnKkLYOEJFbX9mTYnXK
         Uk7kfnx0IncNZyUlncZwHf+J8xKTOrhPLIrJE2bUuum3H2mgJ1t3GBwoh8c+V9ETxplq
         ETgg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596263; x=1750201063;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=LtGhffg+4qUCmhXz2Gv6Fzz7TJfhsSuBXbr9dL/TWnM=;
        b=N7lmwAi7UWHxCD582ZgroIUMRUv5BmgHt2bd3n6wiV3jG9GXk7VkfWAg5rL2yfnoQ1
         z2e2ZEnoelVpyXoLYKhhXGPeN1m5aZndOn+Vk00LIDNGITsK304LW5jN/tJoqa+hOVFY
         hLwmocPVg8+WrKamEyE8vHBFH4VbU0K/1Zp8ONIjg1zgQePPrikq1Lv4nDuMYG6Dn6hL
         A21faWiY6qLqg6PRtMy0Sci0+u9lYoUDiaFQiDlt6o93HRrxjZ2IypqD6/OI7cdd2cpg
         O6maxRcDTp02G4WMFXN1LGhnyOJ8K2G89/9Fvp8tEpdIRgjfGd932RQ4xUZrN/PMza3K
         +Iig==
X-Forwarded-Encrypted: i=1;
 AJvYcCXQdwP4Tcg1wZsrfoz7plnSwSk0A2UbjN07LXJJibEVWS61VtMSAP53FPlsI/42A2WwFEizP0rlZ8pUE9g=@vger.kernel.org
X-Gm-Message-State: AOJu0YwY3TCneruS7kYmbnQxc84MTNaH/itmk/gEGEfJpmuzRZMaSIdk
	KZE+nSg3xpYcCOVCCp83saXYITxLHtMePYoVB5Uf53rUaim8NXWIFj+glnj6HZLR15asexzJmwM
	/HN4x6w==
X-Google-Smtp-Source: 
 AGHT+IGRgtC4yLWdb8Itbiy3X/aS2mIMT2QE2jBxKl1uV/cOtKkRKfJGAlO+SD96Q9qtuFg+lfuRp8EUej4=
X-Received: from pjb7.prod.google.com ([2002:a17:90b:2f07:b0:2fa:1803:2f9f])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:90b:5404:b0:311:a623:676c
 with SMTP id 98e67ed59e1d1-313af243c3bmr1739474a91.27.1749596263290; Tue, 10
 Jun 2025 15:57:43 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:06 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-2-seanjc@google.com>
Subject: [PATCH v2 01/32] KVM: SVM: Disable interception of SPEC_CTRL iff the
 MSR exists for the guest
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Disable interception of SPEC_CTRL when the CPU virtualizes (i.e. context
switches) SPEC_CTRL if and only if the MSR exists according to the vCPU's
CPUID model.  Letting the guest access SPEC_CTRL is generally benign, but
the guest would see inconsistent behavior if KVM happened to emulate an
access to the MSR.

Fixes: d00b99c514b3 ("KVM: SVM: Add support for Virtual SPEC_CTRL")
Reported-by: Chao Gao <chao.gao@intel.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
---
 arch/x86/kvm/svm/svm.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 0ad1a6d4fb6d..21e745acebc3 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -1362,11 +1362,14 @@ static void init_vmcb(struct kvm_vcpu *vcpu)
 	svm_recalc_instruction_intercepts(vcpu, svm);
=20
 	/*
-	 * If the host supports V_SPEC_CTRL then disable the interception
-	 * of MSR_IA32_SPEC_CTRL.
+	 * If the CPU virtualizes MSR_IA32_SPEC_CTRL, i.e. KVM doesn't need to
+	 * manually context switch the MSR, immediately configure interception
+	 * of SPEC_CTRL, without waiting for the guest to access the MSR.
 	 */
 	if (boot_cpu_has(X86_FEATURE_V_SPEC_CTRL))
-		set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SPEC_CTRL, 1, 1);
+		set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SPEC_CTRL,
+				     guest_has_spec_ctrl_msr(vcpu),
+				     guest_has_spec_ctrl_msr(vcpu));
=20
 	if (kvm_vcpu_apicv_active(vcpu))
 		avic_init_vmcb(svm, vmcb);
--=20
2.50.0.rc0.642.g800a2b2222-goog
From nobody Sat Oct 11 08:30:54 2025
Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com
 [209.85.216.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 84B5D28C2D3
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:57:45 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596267; cv=none;
 b=ruT52T5hge0oj1ww7tRaJ6R7OWwWf+28kWKYfGO6aryHRw0uhwjtp7LpAufIIms6ELwVtAtCx6h0kvzUcujRIO0gMp2dWGksf8JFfMS5w8+sKhDoUMIY39+5Hgbo46iIXUep/vx9lYMoJPuPzV+q+ji8yvnluXGosQUbPmRiP2A=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596267; c=relaxed/simple;
	bh=Sl7RMVG1Smug1Zt7BIT/fBDHqqAV5fqrOgEX8eS3zlY=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=Rt8/mX4Zzk+IDDJAtYHvSL4K0uRqlQwQBYornn0k9BJ/NmemKVNnFl3QEiXQWMxnwNm1uzyoI6h3h+t73GiqHLz1UYSuDwH3NGgeIdv6Ki9X90xXGdCtO5AXFngUSSFqQtD+VTtGezy0R3/d2TG5uOByD2fqw37fGNYyr7pMa20=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=QsoJWD4K; arc=none smtp.client-ip=209.85.216.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="QsoJWD4K"
Received: by mail-pj1-f74.google.com with SMTP id
 98e67ed59e1d1-311b6d25163so5127141a91.0
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:57:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596265; x=1750201065;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=C2MqcAD9SEyvsvm0pt69BHrzaupG3Xug+UbyYJUQj98=;
        b=QsoJWD4KOnJQssKXqxRQqNMyOHhIREOPqJcIiedoaJyrupjye8AmC6qrC/UpVaLu/g
         NvQAFqwJGzXDqKRdiGz2ntog+MmVjOCiqaK7zv1TIAFgaOT8KyNv3bHYOct3PstoFckI
         FGardfr5dKUuHnkGRqNe9kA40QbwLSyonWzPLEeu9c0Mt4AZ3mwpGNqW4a8rujiQmWm3
         9sM5tM2yhNp+F7IDpsWX4shsYxXZhQwfdq4eoKDOkcIuPlL6Ks7jnV/uZIKfGQoE60kF
         qa4GKd3EIfyrjdPC5PFPAJRYbFMMYS2vJFStVIAla66MrO0TW4xBgq5dVvmaRhevU6Ls
         HohQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596265; x=1750201065;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=C2MqcAD9SEyvsvm0pt69BHrzaupG3Xug+UbyYJUQj98=;
        b=j+0Wh2UOMDswW+EkCE1gy/Rn78332+q1jDd3SHEd6olwmhxnHv24jGrOJBZItI7JkL
         Ez4BHLLOwOTcYyiCEy6WuoVe6A/3c65Kk3dRm19vBd2lInBYsSjCTG+kgvVDPMEg0ghs
         h1sZtOYN+r77mbxP+oltvW/vDqsLf4CS9nGp+nzYqa04ShE8SdoXesR01vSgsOaxCdEA
         OnrG2o62S48j28IwdD6kGsglPIo8jTJDLllPbWtrAoc3ddaa2lrDWpSai2tJb4KFiHz3
         W0xamQiDeBti0LM5u7Avkc6HZfvybrJPHG1EsjAka71zYHYuU6pi5S7Mq72tMPepfvUP
         gfZg==
X-Forwarded-Encrypted: i=1;
 AJvYcCVXxEQZchY9K6wlq4U+kaAuhI0h8EVB+HG45N/4bs1AZ6viHMITNL57n+O7m+Ewc6VNvg7zrpktsrUv18g=@vger.kernel.org
X-Gm-Message-State: AOJu0Ywe0Y6o1Gn7dnLQMrjE6sfQqZlPCTdWBRXuBlSXGuf80QQDZK2v
	sDmjQreDaUW9mmzfZ51SKdQ5qEqOkVxcmT4lc2Qs4/YNcOkDWOcSGeCFq4aa4BuQ5HRT6/eAeZ7
	uSR6jMg==
X-Google-Smtp-Source: 
 AGHT+IEsKlnetXx2xFWIoFZib3Nzc35PtGs1gAdAOfo2EicjORiTp+qxdwZfJwoZ740t92RDBf5DoDOkGCc=
X-Received: from pjv13.prod.google.com ([2002:a17:90b:564d:b0:313:2ad9:17ec])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:90b:3ec4:b0:311:9c9a:58d7
 with SMTP id 98e67ed59e1d1-313b1fbe6admr572991a91.19.1749596264797; Tue, 10
 Jun 2025 15:57:44 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:07 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-3-seanjc@google.com>
Subject: [PATCH v2 02/32] KVM: SVM: Allocate IOPM pages after initial setup in
 svm_hardware_setup()
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Allocate pages for the IOPM after initial setup has been completed in
svm_hardware_setup(), so that sanity checks can be added in the setup flow
without needing to free the IOPM pages.  The IOPM is only referenced (via
iopm_base) in init_vmcb() and svm_hardware_unsetup(), so there's no need
to allocate it early on.

No functional change intended (beyond the obvious ordering differences,
e.g. if the allocation fails).

Signed-off-by: Sean Christopherson <seanjc@google.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
---
 arch/x86/kvm/svm/svm.c | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 21e745acebc3..262eae46a396 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -5505,15 +5505,6 @@ static __init int svm_hardware_setup(void)
 	}
 	kvm_enable_efer_bits(EFER_NX);
=20
-	iopm_pages =3D alloc_pages(GFP_KERNEL, order);
-
-	if (!iopm_pages)
-		return -ENOMEM;
-
-	iopm_va =3D page_address(iopm_pages);
-	memset(iopm_va, 0xff, PAGE_SIZE * (1 << order));
-	iopm_base =3D __sme_page_pa(iopm_pages);
-
 	init_msrpm_offsets();
=20
 	kvm_caps.supported_xcr0 &=3D ~(XFEATURE_MASK_BNDREGS |
@@ -5580,6 +5571,15 @@ static __init int svm_hardware_setup(void)
 		else
 			pr_info("LBR virtualization supported\n");
 	}
+
+	iopm_pages =3D alloc_pages(GFP_KERNEL, order);
+	if (!iopm_pages)
+		return -ENOMEM;
+
+	iopm_va =3D page_address(iopm_pages);
+	memset(iopm_va, 0xff, PAGE_SIZE * (1 << order));
+	iopm_base =3D __sme_page_pa(iopm_pages);
+
 	/*
 	 * Note, SEV setup consumes npt_enabled and enable_mmio_caching (which
 	 * may be modified by svm_adjust_mmio_mask()), as well as nrips.
--=20
2.50.0.rc0.642.g800a2b2222-goog
From nobody Sat Oct 11 08:30:54 2025
Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com
 [209.85.210.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3FFFE28D8FE
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:57:47 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.210.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596268; cv=none;
 b=aXy/y5Rg4HRealcBFqKGWyuRG0Np98UpZgeVMXOOeXHf8ByB9GHmYdG+ex+Rk0hyqqeMsIa0Du1mdbRMjGHskZ02H11AFUAOErTrJjvbHcLKgcQbSYSbm5t1w4c/yR4+IMwIDqHWIj952hTwh15rIrnCtMqcQASeGDbn6Kw7lXA=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596268; c=relaxed/simple;
	bh=9VEAvtUsud2CGs9vlrwfusz06B+7ZsvAKB7oC960uWQ=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=OcRKl/bNFIHXq73IePPOn4G9yyplDkE2OsoQc1fFjPKb/GhrOBrRqcV56bySvwDVz+iTftB3o0s4FKiFpi8UAO/fNqqwqVPPCnli1JFHjuGQpea6ZFNV8VLjzwnAloN5Ok2w9Buha3gO4YHemRw1a9JVnptDVQib67aULG2liVg=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=ziGyi8Ma; arc=none smtp.client-ip=209.85.210.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="ziGyi8Ma"
Received: by mail-pf1-f202.google.com with SMTP id
 d2e1a72fcca58-747d84fe5f8so3448880b3a.3
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:57:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596266; x=1750201066;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=sgbdhI3yd/wQ/3cQ73eXvLbLWKSkDV545uFxsAvOoCg=;
        b=ziGyi8Mavn6a6PdpdzWGfFzc3CBeFRC3BGD2s3dVd9sJlC5ZiL9GRhM/S69ZWV655j
         ormtFGCto370krwFDKu/iWosSmSyfoRdrDh/p188J77npgoe6EO66htmdNC7hNUgvNKF
         gF3JomtT6WVwMiWTIBwtHu2J5a87LpsfqE50wsu3UcBBRLT+eqFPHLS1e03dUNOh3NBR
         xU+1zW5iLQvFZHEPN5UOHgtykctpNvEwtiamJDPmGzO09nPt/LADrwEp6UxxgdXnY4El
         XjL/Asu+IhBcj+bvH6xEV65QLReNca0W+r6cX4r36zIGBUb6/agntTRjXyWR638m8Zv4
         1u9Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596266; x=1750201066;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=sgbdhI3yd/wQ/3cQ73eXvLbLWKSkDV545uFxsAvOoCg=;
        b=YkGxxAuhmR3Zeo7iME34Ztuu+z0kr+nH4zs6lG9Rzw4cU71/5Vxzc0bRdFDCptipd5
         hC5dW5xbHjyU1v33PxcwW6IdKg48IX/zbwhXvb8yGoB5zZfjzLZMvswT8UYbGs2Vgwjh
         Ttloel1oMUPZC07CdMpfIA/LlIalkAIbSurWWrDJb7/hPwPRUGwa1sIm510MtrRbDTq1
         baQPgNN24haX6ADqQ8cM/bp8l/2zvcmM6GwmFguujBFXNeCuBPu3r+ikvu+Jkmf1iOo+
         /ReF/2qhAmTSprQCqA/aQoQaIKZbZ6//XLB882ZH+Ne1hHuucOjVO+MeZ3Wh7T9w1gdL
         9QcQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCUmNYZNjY1W/Xv3b497eZgb+/TiEFkJYPwM0viBDGRL+pzxA9Y6mqpvK4EiG4kzPDarHgbc+VaNEU6Ez0E=@vger.kernel.org
X-Gm-Message-State: AOJu0Yx1jmnhBSBqqbZaYyO4Ube2PAqBGsMZlapFEhzmmCLc02jTKTpQ
	k846/vPn99d3hM181XQ5OJmsdbWmzw4Ma/zFfAILAcGAJrCUZtRi/xtPVg2rdJkBDNepjcCrnMP
	e4Pl1qQ==
X-Google-Smtp-Source: 
 AGHT+IFoj6QRzLKrYLLSAJQ2LmKp+ObVPY/ahIVkPm5UND4Cxp0AWwCGUQGOuOLKDbn2xQa0z5KnVXCOFdg=
X-Received: from pffv21.prod.google.com ([2002:aa7:8095:0:b0:746:2897:67f3])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6a00:2d92:b0:748:32cc:eebc
 with SMTP id d2e1a72fcca58-7486cbd9035mr1442926b3a.17.1749596266499; Tue, 10
 Jun 2025 15:57:46 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:08 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-4-seanjc@google.com>
Subject: [PATCH v2 03/32] KVM: SVM: Don't BUG if setting up the MSR intercept
 bitmaps fails
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

WARN and reject module loading if there is a problem with KVM's MSR
interception bitmaps.  Panicking the host in this situation is inexcusable
since it is trivially easy to propagate the error up the stack.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
---
 arch/x86/kvm/svm/svm.c | 25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 262eae46a396..f70211780880 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -945,7 +945,7 @@ static void svm_msr_filter_changed(struct kvm_vcpu *vcp=
u)
 	}
 }
=20
-static void add_msr_offset(u32 offset)
+static int add_msr_offset(u32 offset)
 {
 	int i;
=20
@@ -953,7 +953,7 @@ static void add_msr_offset(u32 offset)
=20
 		/* Offset already in list? */
 		if (msrpm_offsets[i] =3D=3D offset)
-			return;
+			return 0;
=20
 		/* Slot used by another offset? */
 		if (msrpm_offsets[i] !=3D MSR_INVALID)
@@ -962,17 +962,13 @@ static void add_msr_offset(u32 offset)
 		/* Add offset to list */
 		msrpm_offsets[i] =3D offset;
=20
-		return;
+		return 0;
 	}
=20
-	/*
-	 * If this BUG triggers the msrpm_offsets table has an overflow. Just
-	 * increase MSRPM_OFFSETS in this case.
-	 */
-	BUG();
+	return -ENOSPC;
 }
=20
-static void init_msrpm_offsets(void)
+static int init_msrpm_offsets(void)
 {
 	int i;
=20
@@ -982,10 +978,13 @@ static void init_msrpm_offsets(void)
 		u32 offset;
=20
 		offset =3D svm_msrpm_offset(direct_access_msrs[i].index);
-		BUG_ON(offset =3D=3D MSR_INVALID);
+		if (WARN_ON(offset =3D=3D MSR_INVALID))
+			return -EIO;
=20
-		add_msr_offset(offset);
+		if (WARN_ON_ONCE(add_msr_offset(offset)))
+			return -EIO;
 	}
+	return 0;
 }
=20
 void svm_copy_lbrs(struct vmcb *to_vmcb, struct vmcb *from_vmcb)
@@ -5505,7 +5504,9 @@ static __init int svm_hardware_setup(void)
 	}
 	kvm_enable_efer_bits(EFER_NX);
=20
-	init_msrpm_offsets();
+	r =3D init_msrpm_offsets();
+	if (r)
+		return r;
=20
 	kvm_caps.supported_xcr0 &=3D ~(XFEATURE_MASK_BNDREGS |
 				     XFEATURE_MASK_BNDCSR);
--=20
2.50.0.rc0.642.g800a2b2222-goog
From nobody Sat Oct 11 08:30:54 2025
Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com
 [209.85.216.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D8FE428750C
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:57:48 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596270; cv=none;
 b=AXk2cVDV0INmaMxkhb9wWlZYfT4QBBpE/T346lZOAbrVxCv2NqNsOMurvdABeTxHMOeZIovcrW7bMS3q8leje2ue0VWjnWVwDAmVhOE7s8BaIBpqL54cRDVpi/5n7+lvLNAOi9Vqaql2G9p5tUO2EzALT/EeZILGg+1v4ttYyEI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596270; c=relaxed/simple;
	bh=h9i+uZd04eChsW+nlNKQ3UAXF59GUvx7ckxUk1JRgd4=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=PNGQJjbqyT1zvLEEMTFBmG4qfppOAVX2ry+5w4mdLyVJBdowu21jpG9wklfKI7xwJleY8MXIusDCo2y6fVTmaWSb2t7ifC9JZjbRtD4x3AgVVSrlOPydNUmyIn0LPV+bzmVEqEy46xWinzW1/QupaNMHhTAL3m6nmXyIJfbtGqg=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=rTx17Bn5; arc=none smtp.client-ip=209.85.216.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="rTx17Bn5"
Received: by mail-pj1-f73.google.com with SMTP id
 98e67ed59e1d1-30a39fa0765so8614000a91.3
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:57:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596268; x=1750201068;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=SoQUNiBbCP8FPIO1f5Uwyh/idHejyF8GDJKfEhkOQsI=;
        b=rTx17Bn57VyUIawH+WDV368ZGhe/qJCAlvNgITFnGOweL9ibJpIxbSSEubV8kKSP97
         FekRb6+GEuhlWRJIFtMR7WTA6vAmRm5Z/tNlZSBy3aSmODHp8TuCoXo0Rmp8qi4tQmP1
         yY3Vfe0+m5jfkyvGyDsPA1U4yQXXylTTumToO+DTZrGcslRi3HSHS8McNei6hkSnTGDA
         1LriH1qMGrrGdcoMngVm8t2RVgJW33jMj2Eh2Jkh420oDFZwNhWAjSsjOvEj0pLN0VJd
         xXRwgohNPL69gzf5gSlejwH4GOabZsObpVq5Q1tlGim/PjfKltIkJOnL+RFk0F1F6vr+
         HmdA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596268; x=1750201068;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=SoQUNiBbCP8FPIO1f5Uwyh/idHejyF8GDJKfEhkOQsI=;
        b=e5txncgGQtpntzyeQXjc0XJmQzY+DySiE6aiX0iRXWUDLb9tn64yRpJbGYxRo5GiL1
         y98VmZAazv585Ql3++Kt/yCxrNX3tHTqQYX8GOUIapOHgF3+0hsniywQ/fnOW+hQMdtA
         gk3q1BdesHb0iuxmBOvcwZC7vvDX8kJNsmY5b/Q3riwM9Lja46bz2iws7kBh2aRLfr27
         qBLn4+dYQSHI87fAj0emFw0lQmR+9UluqLACKA+g5GZadGXJb2Rzjq8dfu727W+f0pej
         AgsW8ErtdGxtCNvlrucgsnWunb0Qv5EK57ir/pEEoZp+CcXXdwkD6cz+lOCEWRSNYdK9
         ZvBA==
X-Forwarded-Encrypted: i=1;
 AJvYcCVYDCsXP/sEIWxyO8a8rsKWknsBuVbd4cCm5x66/2oSMBroTlQqh1l5cH/+ZzK9rRGiaNBC82EiMVd5i4U=@vger.kernel.org
X-Gm-Message-State: AOJu0YwNB6gSOq6iAd5mkjx02iFXCmXpwxp1MZVGqdXaviBBFClhy4wN
	jTv+uLw6fjCO4QpuJVG7LcDkOs1yDcjIEUWWqsvmKNEKeu9fENcLuGQK1LLPZzvS2qC1ctflqA1
	S6sE54w==
X-Google-Smtp-Source: 
 AGHT+IFXybDfHkTW5ENG82VCoMPz90fwPWH+yLTn1OifXhmiBLrjBHv9sk6PMNKANCsysYSoP522+lIAWmc=
X-Received: from pjbsv3.prod.google.com ([2002:a17:90b:5383:b0:311:6040:2c7a])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:90b:1f8f:b0:311:9c1f:8516
 with SMTP id 98e67ed59e1d1-313af13d310mr1609638a91.15.1749596268237; Tue, 10
 Jun 2025 15:57:48 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:09 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-5-seanjc@google.com>
Subject: [PATCH v2 04/32] KVM: SVM: Tag MSR bitmap initialization helpers with
 __init
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Tag init_msrpm_offsets() and add_msr_offset() with __init, as they're used
only during hardware setup to map potential passthrough MSRs to offsets in
the bitmap.

Reviewed-by: Chao Gao <chao.gao@intel.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
---
 arch/x86/kvm/svm/svm.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index f70211780880..0c71efc99208 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -945,7 +945,7 @@ static void svm_msr_filter_changed(struct kvm_vcpu *vcp=
u)
 	}
 }
=20
-static int add_msr_offset(u32 offset)
+static __init int add_msr_offset(u32 offset)
 {
 	int i;
=20
@@ -968,7 +968,7 @@ static int add_msr_offset(u32 offset)
 	return -ENOSPC;
 }
=20
-static int init_msrpm_offsets(void)
+static __init int init_msrpm_offsets(void)
 {
 	int i;
=20
--=20
2.50.0.rc0.642.g800a2b2222-goog
From nobody Sat Oct 11 08:30:54 2025
Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com
 [209.85.210.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 80593299A93
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:57:50 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.210.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596272; cv=none;
 b=goDPYh7LZ+iWhBKiGPus1A5SFYLixSQaYeJxsd+t++yjKOwLSO1KN55WRx7yLXPEf3mxwagWfTgU6YGAy99v/MwQA10ZCojrNbTdDrHjVzwqfY68G31wxBQ0rXIwcK54hRwwnbLhPYZnNv3KgOr3sZ+J2JWcWIw0yx0Fisrs1JM=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596272; c=relaxed/simple;
	bh=s3xp6iS4ZBZd5UZyOrWqH8rAHwq2L7PdkpewI9eTv2s=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=d7ok3Yksp2ysNWJT0wPGqDbVC1c39I9Lsz2Aq8UqUzHX4SJw/A9yawMDigZZ2sWmMiZh57e1wcGoDf9eaDc2wOgjm6fGNSBoIh1paXqgWtMa1pW1UMnwdnQWza0CUcRhJLHKhJFCk0q9ewL47/lv6/kyfipWjOe80utnnHsvDnA=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=DjdvhBMM; arc=none smtp.client-ip=209.85.210.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="DjdvhBMM"
Received: by mail-pf1-f202.google.com with SMTP id
 d2e1a72fcca58-73bfc657aefso4186926b3a.1
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:57:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596270; x=1750201070;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=VeQp8JRtyaBnYt1A8Mx+0eX8s8JcdFqHSgK3iz36nVo=;
        b=DjdvhBMM2d2P6G30Mppcd8ehlGofyPDJRu2rTVBUI/6Rrho0t/AGw8jQYTTXT7kWz4
         1BnYL3/xPDllgjPrTDwP6/8UBOy7FV0J+COpDiWWzSbbQ6uO+YLjvOERmpYwYEk69KZJ
         iGmAfvVFC6hWVs6OEZVKDw5IM411LnoI7X/P2lhFyAbxWWXBaC3pqRzOicyE6P7A3hmj
         LR+/9vI8rqvsKxSamC4OWYij85QHloCGW03xKI9X07WGO+Gn2N/Ds7TNOeNC8HKd7DEb
         VVb2qoqxPIGBnaMKNchzt/rmH6AACynYMvRyglMi/gySUtDkyW2Y9u4+gx7FC4ONCgSD
         wzjQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596270; x=1750201070;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=VeQp8JRtyaBnYt1A8Mx+0eX8s8JcdFqHSgK3iz36nVo=;
        b=OUT01hXN8XXnsmk8C3IuuxVZGO5/SS3SzG4oRM+aYFBYTQhDIkkTZ2I8WvbgAiMaJ6
         qNmUWeS/zhnPzZr/cMkvjtb0EtHH6Wj5dgYo7px7RGhYOxXFoklFBGtuVIso9cMIudt2
         2YT+Sqrphh6AzAPwEKLSX9R2yB4eWo2Y9RiKVsZxCrl9AIxMWfVVT9wVrQ7xhN4RT6K8
         N+bH4zwv7PFLf+wZwZcru6g1A9CQUKGPgNM1BWuhnKzi+UAUZ85z1uaEBllIxTwIFqhM
         N6xQ4NLHfSjTtsgBNWu76wLHNZ7qvFXwQEkqfF4NYcxfhzRyW1z8AYRw8A7d44EgPQsV
         PKcw==
X-Forwarded-Encrypted: i=1;
 AJvYcCWIvNHrV/Sq4zadj1kJdiOKAq5Ksd3kRu+ZiV8+5nmHKNSP6+2K1owXCg8UxSQp7l3tCDPnyyGRLQNrjOI=@vger.kernel.org
X-Gm-Message-State: AOJu0YzY4uMnvZl8LmjLRKN/NmexLe9AhS+JMF+/9TF3Q6XYlSl1Vj3G
	55mei6DvGNB7wT4DiLjcMesMqKPVxBJArC9Vadv2mlYcWa58zfAc7y67l5XpFJ+C26SakT3xcVh
	p7QcB2w==
X-Google-Smtp-Source: 
 AGHT+IEqdKNLiP0HdlL9Ic9oob9D/qJdDHA9+2AATPraaJ+WfW+T6d7Afm3PVQMoJ3XAQ5JBpgKotymy5x4=
X-Received: from pgbdl11.prod.google.com
 ([2002:a05:6a02:d0b:b0:b2d:249f:ea07])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6a20:7347:b0:1f5:51d5:9ef3
 with SMTP id adf61e73a8af0-21f8672695bmr1838091637.20.1749596269811; Tue, 10
 Jun 2025 15:57:49 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:10 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-6-seanjc@google.com>
Subject: [PATCH v2 05/32] KVM: SVM: Use ARRAY_SIZE() to iterate over
 direct_access_msrs
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Drop the unnecessary and dangerous value-terminated behavior of
direct_access_msrs, and simply iterate over the actual size of the array.
The use in svm_set_x2apic_msr_interception() is especially sketchy, as it
relies on unused capacity being zero-initialized, and '0' being outside
the range of x2APIC MSRs.

To ensure the array and shadow_msr_intercept stay synchronized, simply
assert that their sizes are identical (note the six 64-bit-only MSRs).

Note, direct_access_msrs will soon be removed entirely; keeping the assert
synchronized with the array isn't expected to be along-term maintenance
burden.

Reviewed-by: Chao Gao <chao.gao@intel.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
---
 arch/x86/kvm/svm/svm.c | 18 +++++++++++-------
 arch/x86/kvm/svm/svm.h |  2 +-
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 0c71efc99208..c75977ca600b 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -86,7 +86,7 @@ static DEFINE_PER_CPU(u64, current_tsc_ratio);
 static const struct svm_direct_access_msrs {
 	u32 index;   /* Index of the MSR */
 	bool always; /* True if intercept is initially cleared */
-} direct_access_msrs[MAX_DIRECT_ACCESS_MSRS] =3D {
+} direct_access_msrs[] =3D {
 	{ .index =3D MSR_STAR,				.always =3D true  },
 	{ .index =3D MSR_IA32_SYSENTER_CS,		.always =3D true  },
 	{ .index =3D MSR_IA32_SYSENTER_EIP,		.always =3D false },
@@ -144,9 +144,12 @@ static const struct svm_direct_access_msrs {
 	{ .index =3D X2APIC_MSR(APIC_TMICT),		.always =3D false },
 	{ .index =3D X2APIC_MSR(APIC_TMCCT),		.always =3D false },
 	{ .index =3D X2APIC_MSR(APIC_TDCR),		.always =3D false },
-	{ .index =3D MSR_INVALID,				.always =3D false },
 };
=20
+static_assert(ARRAY_SIZE(direct_access_msrs) =3D=3D
+	      MAX_DIRECT_ACCESS_MSRS - 6 * !IS_ENABLED(CONFIG_X86_64));
+#undef MAX_DIRECT_ACCESS_MSRS
+
 /*
  * These 2 parameters are used to config the controls for Pause-Loop Exiti=
ng:
  * pause_filter_count: On processors that support Pause filtering(indicated
@@ -767,9 +770,10 @@ static int direct_access_msr_slot(u32 msr)
 {
 	u32 i;
=20
-	for (i =3D 0; direct_access_msrs[i].index !=3D MSR_INVALID; i++)
+	for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) {
 		if (direct_access_msrs[i].index =3D=3D msr)
 			return i;
+	}
=20
 	return -ENOENT;
 }
@@ -891,7 +895,7 @@ void svm_vcpu_init_msrpm(struct kvm_vcpu *vcpu, u32 *ms=
rpm)
 {
 	int i;
=20
-	for (i =3D 0; direct_access_msrs[i].index !=3D MSR_INVALID; i++) {
+	for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) {
 		if (!direct_access_msrs[i].always)
 			continue;
 		set_msr_interception(vcpu, msrpm, direct_access_msrs[i].index, 1, 1);
@@ -908,7 +912,7 @@ void svm_set_x2apic_msr_interception(struct vcpu_svm *s=
vm, bool intercept)
 	if (!x2avic_enabled)
 		return;
=20
-	for (i =3D 0; i < MAX_DIRECT_ACCESS_MSRS; i++) {
+	for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) {
 		int index =3D direct_access_msrs[i].index;
=20
 		if ((index < APIC_BASE_MSR) ||
@@ -936,7 +940,7 @@ static void svm_msr_filter_changed(struct kvm_vcpu *vcp=
u)
 	 * will automatically get filtered through the MSR filter, so we are
 	 * back in sync after this.
 	 */
-	for (i =3D 0; direct_access_msrs[i].index !=3D MSR_INVALID; i++) {
+	for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) {
 		u32 msr =3D direct_access_msrs[i].index;
 		u32 read =3D test_bit(i, svm->shadow_msr_intercept.read);
 		u32 write =3D test_bit(i, svm->shadow_msr_intercept.write);
@@ -974,7 +978,7 @@ static __init int init_msrpm_offsets(void)
=20
 	memset(msrpm_offsets, 0xff, sizeof(msrpm_offsets));
=20
-	for (i =3D 0; direct_access_msrs[i].index !=3D MSR_INVALID; i++) {
+	for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) {
 		u32 offset;
=20
 		offset =3D svm_msrpm_offset(direct_access_msrs[i].index);
diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index e6f3c6a153a0..f1e466a10219 100644
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -44,7 +44,7 @@ static inline struct page *__sme_pa_to_page(unsigned long=
 pa)
 #define	IOPM_SIZE PAGE_SIZE * 3
 #define	MSRPM_SIZE PAGE_SIZE * 2
=20
-#define MAX_DIRECT_ACCESS_MSRS	48
+#define MAX_DIRECT_ACCESS_MSRS	47
 #define MSRPM_OFFSETS	32
 extern u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly;
 extern bool npt_enabled;
--=20
2.50.0.rc0.642.g800a2b2222-goog
From nobody Sat Oct 11 08:30:54 2025
Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com
 [209.85.214.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 04AD729B768
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:57:51 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.214.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596273; cv=none;
 b=ZycN+uIN59RiW5wqRNzXdorVtk9JA5C5uZNQlshCqHZUZD0/J2PwQJ9rblQzlC+2ojePqFTnixIBdjqt+w/qyeMi361laEnHmGdrAqrnM4Pdwk3iPkaTUabKOJz/WDKk/b5Ux84Qbr4JDfFCTnRZDnZDIE1e0cTcIarXfcZ1Nhk=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596273; c=relaxed/simple;
	bh=c+t0aGloWvvPZWudE6chQFa0LcMP7HyKXfD+z7olri4=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=NcbwgHgutVrgiYlZ8kWJ9zvlzGaC4UP42qE/+aMQ0q/94wFblDnOjMB/NeNvKYUhcUJP9uPIUhFXHGN1SC6c02rL+qm781/z78mxjEVrBHJEDUK80sQ4XZe66+T9iOYA04ecqi1tbO+JgHGObRa6lGz7rYErx8lv/aGpwCebHPY=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=ZyxoXWYx; arc=none smtp.client-ip=209.85.214.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="ZyxoXWYx"
Received: by mail-pl1-f202.google.com with SMTP id
 d9443c01a7336-235e7550f7bso56785355ad.3
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:57:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596271; x=1750201071;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=XhAPhvLo2nl6sdVqTFuYJr40FL1ci1fLAEXeXTkKruM=;
        b=ZyxoXWYxfSvnbYcHS3/uhTfnGnP3GiR+R+TarIHG598aIBtwfhmr3nuSj7miorzO/D
         g451vcKWIna2jaFYHwYLsMLcyr7uYnz3TK5G+LMfQmgDzCcgJrT3leTatfLHag/Daa2I
         nQwrs98UDlvewePOEdtWMPj+AYrDh/Xv9S6sB5OHOQu75WjUSBW55kEj8oNd+a6JnvXL
         v/JSPHXm93sY2sKuZZaF9/3maK5NXrgknmGahxZJT6JB7QrjsGB67Fzrm2yQOuDJBqkb
         5z6L2plj24CLk77yIqT0fVzOSJLPZ9KpqAluVmSxuCKXQsp4m/5wsbnn6d7v7z+hEC9r
         97hg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596271; x=1750201071;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=XhAPhvLo2nl6sdVqTFuYJr40FL1ci1fLAEXeXTkKruM=;
        b=lPXRFzk5iFn9p37aZvyAIMZZCZo0JYXBqfnI4gaNcU+hrsyPC7OOrcWCncsOaLFUnc
         /ZX67WgoVvilcq3UAecNJ3m3rmT/NGfRPVN9XC+F94bNwlVW+q9n2d/7ciQnltVJpEsW
         z7sSVU9aNfcoQm6oZtsx3HKeksykd/zNzLe+OD1cHN37ED9PG4E8rJBhKPS3W+Qp561P
         1TVMmb07Z9prjd7crXDyz/n0eQEzVm9MlrgoaijL2UuPsihyQyezAkgbS6tAx/N83b4h
         9fnvCJWIg8otUgoHy9vFsEDotKBO3NsOUQ0hfFZZq1P15wlZsou1lNHmk23vtld23aM2
         Rgdg==
X-Forwarded-Encrypted: i=1;
 AJvYcCWi9fBZxWa69Qo5oHoMYjCH7sJUGte+TdtMQA7EENdZJEg8YLosva9Wjhy8N3+/CESy5ZcD0xah8tJL0nA=@vger.kernel.org
X-Gm-Message-State: AOJu0YyOMrU9wJb6iwp3mVba+gYNTgjr2VehQWFB/g1FIn1KGPCz3h01
	ORRXXdvOmot+cir8N4O/JnMo/c5MutWNeXG+qQJr9okzXXxcubLy2jhnvC3Mub4mCN9iCW9LEMK
	8ZnzNGw==
X-Google-Smtp-Source: 
 AGHT+IFp0iTQA2qb/rrkM2L4XBGSSDPzYUa46lgRiaFpLtNRWiXfONhK/T8YLERYwpCsdcZuiyvCj/aOGFQ=
X-Received: from pjf16.prod.google.com ([2002:a17:90b:3f10:b0:313:221f:6571])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:902:d48c:b0:234:a992:96d9
 with SMTP id d9443c01a7336-236426208b0mr6442435ad.17.1749596271429; Tue, 10
 Jun 2025 15:57:51 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:11 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-7-seanjc@google.com>
Subject: [PATCH v2 06/32] KVM: SVM: Kill the VM instead of the host if MSR
 interception is buggy
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

WARN and kill the VM instead of panicking the host if KVM attempts to set
or query MSR interception for an unsupported MSR.  Accessing the MSR
interception bitmaps only meaningfully affects post-VMRUN behavior, and
KVM_BUG_ON() is guaranteed to prevent the current vCPU from doing VMRUN,
i.e. there is no need to panic the entire host.

Opportunistically move the sanity checks about their use to index into the
MSRPM, e.g. so that bugs only WARN and terminate the VM, as opposed to
doing that _and_ generating an out-of-bounds load.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Dapeng Mi <dapeng1.mi@linux.intel.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
---
 arch/x86/kvm/svm/svm.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index c75977ca600b..7e39b9df61f1 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -824,11 +824,12 @@ static bool msr_write_intercepted(struct kvm_vcpu *vc=
pu, u32 msr)
 				      to_svm(vcpu)->msrpm;
=20
 	offset    =3D svm_msrpm_offset(msr);
+	if (KVM_BUG_ON(offset =3D=3D MSR_INVALID, vcpu->kvm))
+		return false;
+
 	bit_write =3D 2 * (msr & 0x0f) + 1;
 	tmp       =3D msrpm[offset];
=20
-	BUG_ON(offset =3D=3D MSR_INVALID);
-
 	return test_bit(bit_write, &tmp);
 }
=20
@@ -854,12 +855,13 @@ static void set_msr_interception_bitmap(struct kvm_vc=
pu *vcpu, u32 *msrpm,
 		write =3D 0;
=20
 	offset    =3D svm_msrpm_offset(msr);
+	if (KVM_BUG_ON(offset =3D=3D MSR_INVALID, vcpu->kvm))
+		return;
+
 	bit_read  =3D 2 * (msr & 0x0f);
 	bit_write =3D 2 * (msr & 0x0f) + 1;
 	tmp       =3D msrpm[offset];
=20
-	BUG_ON(offset =3D=3D MSR_INVALID);
-
 	read  ? clear_bit(bit_read,  &tmp) : set_bit(bit_read,  &tmp);
 	write ? clear_bit(bit_write, &tmp) : set_bit(bit_write, &tmp);
=20
--=20
2.50.0.rc0.642.g800a2b2222-goog
From nobody Sat Oct 11 08:30:54 2025
Received: from mail-pg1-f201.google.com (mail-pg1-f201.google.com
 [209.85.215.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8386329CB49
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:57:53 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.215.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596275; cv=none;
 b=ZomZgBoHX5QGM2xr123/jPKWoOCw/rz6TWKuVRuEiR2DMHcvWCLG1JDTorkwmeDO4ER8sKHuS6VuVC2yfHvOFi6CmjbFRaEVx/BR9ov2WgSph3zfrS/mOVwkw17hWhubjTNZgdQG0YJ/AsrjVq3dynrZt5hasTxmp8gOchM62RM=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596275; c=relaxed/simple;
	bh=IrLy/Df3wu3wMxRH1r5QDaoeLkis8ef7ilxDGxyhByY=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=naM47DGrXYjdelO/PGSo1ZxyiA7SUVN6+4EZjGVhkzDLNitu5gK3Mnolmp9WeLU9Oeoo4CIJUUXY4yIkv2ZjgcYqo3B9YgTVP+OZSi3RmgSNEN4NgOcORxSl9jz9lyiDdxFBfmRnOv6+9GGjz7Lvg4mn1eEdQ7FSpBDX8tosW3o=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=PUKOaA55; arc=none smtp.client-ip=209.85.215.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="PUKOaA55"
Received: by mail-pg1-f201.google.com with SMTP id
 41be03b00d2f7-b2eea1c2e97so4187930a12.2
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:57:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596273; x=1750201073;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=TPKLATaGLc00m7kXvQ3la9x8CEEHoqYxndz/QonAUuw=;
        b=PUKOaA55UUrMe/zaVvtx3DCCb3CcNfPkA0AdHZrF7E87XRInnkMuH3qC0Yy1wQvoKJ
         I0v+2lxobFPs3mFn8U3iTTH90xt7nwwPLYs81H9SvoLr19QUmZ1fP8U5wTzhLmUMPl1D
         fktg/Yvc5HuTvKAM1vIQNk8DSUFUt3X7sLDhGDV5VUjm3PMwVsOoIJqFSXF5X1uRO3Ql
         eT6mar0AGPnPs3FUGlgRGwKZUTYr2Gey/fUyT9rj2klhl917aJLCl8INJcMlREQHF+VV
         jnz4PvKFM17PjK4mY4nvuv6lxVlceFF9gpZ9GjetqAyO7aH1lQgrQdQOptp8cmRabGj7
         PuEw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596273; x=1750201073;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=TPKLATaGLc00m7kXvQ3la9x8CEEHoqYxndz/QonAUuw=;
        b=MfJhoh4xCOXgY77YfDIHKZDOS18ehgaWPqmYh1rYic/TGiS5lDUaBd22k+Au7sKYKl
         H86wKITpAZiIJ5W+tKj0kae8wZPZw72xwnPJD/2yZZl4FQmZshE+YcniR373GfXHVXl9
         TEqR9Qrmji1aWj7lDPY5EqT2AODcBST2zq3rkuRi9FwmIJbgEPrFYZTCnze07AaIeDEs
         XyGUG6f/2umtalyXG4ya3mgIAsned2i+ZwqkEXp0JauYETxOLldvXvRf+PNmEq5liQy0
         8f5CfwR1m9T8IrCCkmYMErBaQCeW+Lraf3PjcEbRpy3QA/robPZ1TF6hXsfoVZ8G9O7T
         iuvw==
X-Forwarded-Encrypted: i=1;
 AJvYcCV/iGtpKG4i765WKvlrm4Fe5j78VtAv3Cxs+42Die//6TFGMb9IS0SauRq1xhA1CvOG9A0Y+/UIybiMWBw=@vger.kernel.org
X-Gm-Message-State: AOJu0YwlDxwIBD+8NU7VAf7HLf6ZtjL7yYG9wk7teNBRzs2/iVIqiXRS
	uyihScJXXKT9In4lz9kvHgrPLd/LT+y83cSUE0zSRAVVhHcqodhwrP5eO/rStbVnAyfSRjQAVZr
	aQjAPGg==
X-Google-Smtp-Source: 
 AGHT+IFHmWkw5WMiuFEFFkIcQA8B9UzGjXdAO5xpW5JgeQVVsN57Lc31dpZTMJm+3EEUe76E0nIN8Hgi7Xo=
X-Received: from plsc8.prod.google.com ([2002:a17:902:b688:b0:235:f4e3:ba29])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:902:e548:b0:224:910:23f6
 with SMTP id d9443c01a7336-23641b29b81mr12563265ad.45.1749596272908; Tue, 10
 Jun 2025 15:57:52 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:12 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-8-seanjc@google.com>
Subject: [PATCH v2 07/32] KVM: x86: Use non-atomic bit ops to manipulate
 "shadow" MSR intercepts
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Manipulate the MSR bitmaps using non-atomic bit ops APIs (two underscores),
as the bitmaps are per-vCPU and are only ever accessed while vcpu->mutex is
held.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Binbin Wu <binbin.wu@linux.intel.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
---
 arch/x86/kvm/svm/svm.c | 12 ++++++------
 arch/x86/kvm/vmx/vmx.c |  8 ++++----
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 7e39b9df61f1..ec97ea1d7b38 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -789,14 +789,14 @@ static void set_shadow_msr_intercept(struct kvm_vcpu =
*vcpu, u32 msr, int read,
=20
 	/* Set the shadow bitmaps to the desired intercept states */
 	if (read)
-		set_bit(slot, svm->shadow_msr_intercept.read);
+		__set_bit(slot, svm->shadow_msr_intercept.read);
 	else
-		clear_bit(slot, svm->shadow_msr_intercept.read);
+		__clear_bit(slot, svm->shadow_msr_intercept.read);
=20
 	if (write)
-		set_bit(slot, svm->shadow_msr_intercept.write);
+		__set_bit(slot, svm->shadow_msr_intercept.write);
 	else
-		clear_bit(slot, svm->shadow_msr_intercept.write);
+		__clear_bit(slot, svm->shadow_msr_intercept.write);
 }
=20
 static bool valid_msr_intercept(u32 index)
@@ -862,8 +862,8 @@ static void set_msr_interception_bitmap(struct kvm_vcpu=
 *vcpu, u32 *msrpm,
 	bit_write =3D 2 * (msr & 0x0f) + 1;
 	tmp       =3D msrpm[offset];
=20
-	read  ? clear_bit(bit_read,  &tmp) : set_bit(bit_read,  &tmp);
-	write ? clear_bit(bit_write, &tmp) : set_bit(bit_write, &tmp);
+	read  ? __clear_bit(bit_read,  &tmp) : __set_bit(bit_read,  &tmp);
+	write ? __clear_bit(bit_write, &tmp) : __set_bit(bit_write, &tmp);
=20
 	msrpm[offset] =3D tmp;
=20
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 9ff00ae9f05a..8f7fe04a1998 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -4029,9 +4029,9 @@ void vmx_disable_intercept_for_msr(struct kvm_vcpu *v=
cpu, u32 msr, int type)
 	idx =3D vmx_get_passthrough_msr_slot(msr);
 	if (idx >=3D 0) {
 		if (type & MSR_TYPE_R)
-			clear_bit(idx, vmx->shadow_msr_intercept.read);
+			__clear_bit(idx, vmx->shadow_msr_intercept.read);
 		if (type & MSR_TYPE_W)
-			clear_bit(idx, vmx->shadow_msr_intercept.write);
+			__clear_bit(idx, vmx->shadow_msr_intercept.write);
 	}
=20
 	if ((type & MSR_TYPE_R) &&
@@ -4071,9 +4071,9 @@ void vmx_enable_intercept_for_msr(struct kvm_vcpu *vc=
pu, u32 msr, int type)
 	idx =3D vmx_get_passthrough_msr_slot(msr);
 	if (idx >=3D 0) {
 		if (type & MSR_TYPE_R)
-			set_bit(idx, vmx->shadow_msr_intercept.read);
+			__set_bit(idx, vmx->shadow_msr_intercept.read);
 		if (type & MSR_TYPE_W)
-			set_bit(idx, vmx->shadow_msr_intercept.write);
+			__set_bit(idx, vmx->shadow_msr_intercept.write);
 	}
=20
 	if (type & MSR_TYPE_R)
--=20
2.50.0.rc0.642.g800a2b2222-goog
From nobody Sat Oct 11 08:30:54 2025
Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com
 [209.85.210.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3FC9A2BD59A
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:57:55 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.210.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596276; cv=none;
 b=ggZyaxT5J2EGWbfqanXbv+/2ruo/BOlW9UOal30F1SbVcyBYpYN2IzZbkbWgIXaGe8hDkuo5EyFJNoArbOgGvKESXzkjW360Td+d/O93K6g3JBt7PJOpKAF4PL6/r/7hS0bsV8Jyp73EpfgqzkcHvrTpamT/zIDraGM4F/v5CUk=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596276; c=relaxed/simple;
	bh=WJ/GMU/xzF2OXuravj1ifO4vfSp1RRYL7XD1ZEUK4r8=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=WMhxj90/CKwaVoXZAaRqMmYLL/DRAppgKSvExrCB1deSyuBNaTwbczUIjM5CSbrL2dNt5K7789aXXVoEK5tnFpw0nYuEEQojV7d3/TGUusxhqnjUDKfMPdtSnn3gwfQIjx5AVp0gCZLfxkZZux6nbaSRkBCugt4FbAcwIuUZeow=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=llPwxt4z; arc=none smtp.client-ip=209.85.210.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="llPwxt4z"
Received: by mail-pf1-f201.google.com with SMTP id
 d2e1a72fcca58-7462aff55bfso4991503b3a.2
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:57:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596274; x=1750201074;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=aPjiw0cgNLeamyirB4dOeXsfFa7tz6KDF0aXc9RAbzo=;
        b=llPwxt4zzj40mimZd8/Cky1QclkagQDGEmYsBbT/kMp0LgzSWiweMqCX32wzIPMpRn
         M1kFA66nbnCPHHfBI8Exbl1QEM7k1+1VnMqcOywxfLP0H6oPCOQVNzUxhpSsijYPWEG3
         VElhWVxV4IR4XvZ9cNrjXfimEX+ujjD6qSHRTvloN/JfydFEkcG3Pl7fpmTX257wRnLv
         clcFS+UB1o8I522FQdMmFUVI9DjQwjj0cf0rYYMpnB1Synb8Ka8vwdHXEh7jSYYksE8Z
         +9B51N39BIJVDOqObMPCcln4rODfRpLkf9sB1gEfXi8ChsyHHiI2L3y+MkfGQ7S3/B+w
         Gl/g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596274; x=1750201074;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=aPjiw0cgNLeamyirB4dOeXsfFa7tz6KDF0aXc9RAbzo=;
        b=YX4vgjPcJLvdW8qlsO6OlfJ90LoEFd1ZnmpyzFIvWxUFkxQ73jld2zIRn0QFIsflwr
         Xjz13fbJVn0vDxtTNM1bFeeO+6craVGyK2VZeiSKT3USUPN/bNGCX3vfNhtcX7fEl7Mn
         R+Q3UYDE7hSCA3YIjQMrmsRPG6mxMcCbKEUyVL/eZgWVu7Tm+QfGsdSWm9LTfIJa0vTS
         q+ZqhpBxA23MipEKkBSKz7lvk9dfVhXJVqO3Ky/4g0mJaIGb9I5yqQYBGUW7ulxhkGdt
         MKJqq9qMUEq/4ejqyp4cnWiZdBDb56tSvHqIDKx2XDtigISM4TbSF/DFouK7ZonnSNiP
         53MQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCU5t/NgHwbm/cXINGnoJVD40rUesY2e4OBi3a0wR1hyBLtvkSPdH5qWen7e4lgO5pn+qerK7o94Nq4P78A=@vger.kernel.org
X-Gm-Message-State: AOJu0YzR8E5D2wOeDe1bOyJ7a6KDaYx9IWSyRHCfvVCcZJz+JaIlv26K
	tpW+6B/Bwf8jdl5zG07IewEwgkG3DkDt7/D0wsR4c5KoC5FPpTirH/S7Q9AYmp4tKk6gxgG86q1
	+0deM1Q==
X-Google-Smtp-Source: 
 AGHT+IHw+fYQ+JlF3Ar9HXBBbIQL6EkrfLH+q1Yr/8tHzcJ4ZaB0UZe7g+zuKBkMp6FnOc2eUNC+b4DEpMI=
X-Received: from pgmn9.prod.google.com ([2002:a63:5c49:0:b0:b2e:bfa8:7724])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6a20:6f89:b0:1f5:7ea8:a791
 with SMTP id adf61e73a8af0-21f86602592mr1755783637.10.1749596274683; Tue, 10
 Jun 2025 15:57:54 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:13 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-9-seanjc@google.com>
Subject: [PATCH v2 08/32] KVM: SVM: Massage name and param of helper that
 merges vmcb01 and vmcb12 MSRPMs
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Rename nested_svm_vmrun_msrpm() to nested_svm_merge_msrpm() to better
capture its role, and opportunistically feed it @vcpu instead of @svm, as
grabbing "svm" only to turn around and grab svm->vcpu is rather silly.

No functional change intended.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Dapeng Mi <dapeng1.mi@linux.intel.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
---
 arch/x86/kvm/svm/nested.c | 15 +++++++--------
 arch/x86/kvm/svm/svm.c    |  2 +-
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index 8427a48b8b7a..89a77f0f1cc8 100644
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -189,8 +189,9 @@ void recalc_intercepts(struct vcpu_svm *svm)
  * is optimized in that it only merges the parts where KVM MSR permission =
bitmap
  * may contain zero bits.
  */
-static bool nested_svm_vmrun_msrpm(struct vcpu_svm *svm)
+static bool nested_svm_merge_msrpm(struct kvm_vcpu *vcpu)
 {
+	struct vcpu_svm *svm =3D to_svm(vcpu);
 	int i;
=20
 	/*
@@ -205,7 +206,7 @@ static bool nested_svm_vmrun_msrpm(struct vcpu_svm *svm)
 	if (!svm->nested.force_msr_bitmap_recalc) {
 		struct hv_vmcb_enlightenments *hve =3D &svm->nested.ctl.hv_enlightenment=
s;
=20
-		if (kvm_hv_hypercall_enabled(&svm->vcpu) &&
+		if (kvm_hv_hypercall_enabled(vcpu) &&
 		    hve->hv_enlightenments_control.msr_bitmap &&
 		    (svm->nested.ctl.clean & BIT(HV_VMCB_NESTED_ENLIGHTENMENTS)))
 			goto set_msrpm_base_pa;
@@ -230,7 +231,7 @@ static bool nested_svm_vmrun_msrpm(struct vcpu_svm *svm)
=20
 		offset =3D svm->nested.ctl.msrpm_base_pa + (p * 4);
=20
-		if (kvm_vcpu_read_guest(&svm->vcpu, offset, &value, 4))
+		if (kvm_vcpu_read_guest(vcpu, offset, &value, 4))
 			return false;
=20
 		svm->nested.msrpm[p] =3D svm->msrpm[p] | value;
@@ -937,7 +938,7 @@ int nested_svm_vmrun(struct kvm_vcpu *vcpu)
 	if (enter_svm_guest_mode(vcpu, vmcb12_gpa, vmcb12, true))
 		goto out_exit_err;
=20
-	if (nested_svm_vmrun_msrpm(svm))
+	if (nested_svm_merge_msrpm(vcpu))
 		goto out;
=20
 out_exit_err:
@@ -1819,13 +1820,11 @@ static int svm_set_nested_state(struct kvm_vcpu *vc=
pu,
=20
 static bool svm_get_nested_state_pages(struct kvm_vcpu *vcpu)
 {
-	struct vcpu_svm *svm =3D to_svm(vcpu);
-
 	if (WARN_ON(!is_guest_mode(vcpu)))
 		return true;
=20
 	if (!vcpu->arch.pdptrs_from_userspace &&
-	    !nested_npt_enabled(svm) && is_pae_paging(vcpu))
+	    !nested_npt_enabled(to_svm(vcpu)) && is_pae_paging(vcpu))
 		/*
 		 * Reload the guest's PDPTRs since after a migration
 		 * the guest CR3 might be restored prior to setting the nested
@@ -1834,7 +1833,7 @@ static bool svm_get_nested_state_pages(struct kvm_vcp=
u *vcpu)
 		if (CC(!load_pdptrs(vcpu, vcpu->arch.cr3)))
 			return false;
=20
-	if (!nested_svm_vmrun_msrpm(svm)) {
+	if (!nested_svm_merge_msrpm(vcpu)) {
 		vcpu->run->exit_reason =3D KVM_EXIT_INTERNAL_ERROR;
 		vcpu->run->internal.suberror =3D
 			KVM_INTERNAL_ERROR_EMULATION;
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index ec97ea1d7b38..854904a80b7e 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -3137,7 +3137,7 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct =
msr_data *msr)
 		 *
 		 * For nested:
 		 * The handling of the MSR bitmap for L2 guests is done in
-		 * nested_svm_vmrun_msrpm.
+		 * nested_svm_merge_msrpm().
 		 * We update the L1 MSR bit as well since it will end up
 		 * touching the MSR anyway now.
 		 */
--=20
2.50.0.rc0.642.g800a2b2222-goog
From nobody Sat Oct 11 08:30:54 2025
Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com
 [209.85.210.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 35FEF2BEC4A
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:57:56 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.210.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596278; cv=none;
 b=NPQE0iNFroXiSYPaop5W9EfXVOyNODCzeMzoCp4dQJH5RuRxBMfnrqdNZA8BxWRBD4QZUvxO6SvlR+EK2kujTlLyd4spkBXJYtrk6Z+pMZHEUzVbvBNgnvRwnGSpbYNlsWMFxzlIa7h0Kxpw+lIoxjjLkSjhZWY9EHWrmK4D6Ns=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596278; c=relaxed/simple;
	bh=MDOUH3X6wq/mglGD6uhAQsU6Et3gPFf5mZVecvvR/9I=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=oQaxqAt7Ugab83iwiF6PceZ1iJ7eoBjXXVp3GtmVbp+3fZ7jDn+u2s2yWOYYvZO4+NH9JHFGgTpxPd2sYoDMvwprYS/K3+OHg4lj0eVZc+HI+Q+4vZ2MhttUlrUkJSSijPwn3wuFkKSjnD2s8WFsQxEUMfYbABVsJN2FnYz5rTs=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=HflR/2iq; arc=none smtp.client-ip=209.85.210.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="HflR/2iq"
Received: by mail-pf1-f201.google.com with SMTP id
 d2e1a72fcca58-7377139d8b1so4922227b3a.0
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:57:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596276; x=1750201076;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=BWoe3RUxKXBLyv8Si/dsvC7/cgdlk+MDhj94IyKDEDU=;
        b=HflR/2iq7dL2gImevWzs6jvbe047NoKFWpV4a8B+Nqn5auALDCD+p20jVg9sz5VDwn
         UTOw3rdfwQxsSFrzf3+wJb8gdg82CxhBbcvghkccK4jULG49o9rSS0Ie+KAsNhsya3nb
         7htHN/xDEJRSTf4vMc4wz0Cd2/oore/27fCZcpPFg9Umjpz/eU2xHS+4HztFuNZVNyYb
         5HrJO1xp4PHuUZPp1z3dQNkqatBzCy+7FRBiHu10mxcDSV8E+Z1reIfxyW2gB3nRE6ri
         NdQMczDt2gqesZFuZUbRmBr/xgM9XtPjPbtrcYSAiokq8RzrPPF3dS3Akw6PAnMASYYD
         1gyA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596276; x=1750201076;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=BWoe3RUxKXBLyv8Si/dsvC7/cgdlk+MDhj94IyKDEDU=;
        b=kR6AswbUXx6LWBUfOOcqpIOnbv9GzswLJGnYrMIGdQypyTkOq+TjkG9pU2zPpbpfRc
         EByO7apWpwkN74sHl8Lgo73XoR1B6JfR1+FdrzSn0UPeo/eqhda1fXaNZqIwD4HE+gDz
         KiZOoRW8h3SsQaFP57IRVQ5Bdoy3BLgZeaVPDidgc2awKIPKpnfS0yEFKjnLVbHB9Tih
         f7ykAILvL9aNWrLzXCy8Dj/fobSbTxrh3wzKJXHp1EAJfqJSxqU43Ln5Ru+VXTQBJVbH
         Z5dtUTGqjgJA4/gN3ArweYmjlrTbllXYCWubkGOCfcfxJu5TqUAHbMx0RZ802kLy4nLZ
         S92Q==
X-Forwarded-Encrypted: i=1;
 AJvYcCUMtPdPF6M1jL0Is873bCJHxdzl+A+b4t6C01SA50gkZ77GWQ9vxb6R93wZi89UDC498Pr9A2G4GWJeRtE=@vger.kernel.org
X-Gm-Message-State: AOJu0Yypt6OAVG7jmA9oNFfMRl0osJGkgJOSYiuM2vXzQVYKT5/l2RVS
	XBpyn6ILFTBWEwIi4sUqGFrEYTND61JbIaD/0OJBsWqWYo7A9upaVZaGgG5LUxss5CSUooHE1Ao
	pSLuRtQ==
X-Google-Smtp-Source: 
 AGHT+IEg1w75KYPNRmchxzOO8gESU1MbJ8FnfG5EUTzVHn8nGAguHp/iA+cZNRupVdy01no7GpvgeWcwHnk=
X-Received: from pgbaz4.prod.google.com ([2002:a05:6a02:44:b0:b2f:9d37:5774])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6a20:72a5:b0:1f5:5a0b:4768
 with SMTP id adf61e73a8af0-21f86703596mr1655744637.21.1749596276465; Tue, 10
 Jun 2025 15:57:56 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:14 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-10-seanjc@google.com>
Subject: [PATCH v2 09/32] KVM: SVM: Clean up macros related to architectural
 MSRPM definitions
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Move SVM's MSR Permissions Map macros to svm.h in antipication of adding
helpers that are available to SVM code, and opportunistically replace a
variety of open-coded literals with (hopefully) informative macros.

Opportunistically open code ARRAY_SIZE(msrpm_ranges) instead of wrapping
it as NUM_MSR_MAPS, which is an ambiguous name even if it were qualified
with "SVM_MSRPM".

Deliberately leave the ranges as open coded literals, as using macros to
define the ranges actually introduces more potential failure points, since
both the definitions and the usage have to be careful to use the correct
index.  The lack of clear intent behind the ranges will be addressed in
future patches.

No functional change intended.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
---
 arch/x86/kvm/svm/svm.c | 12 ++++--------
 arch/x86/kvm/svm/svm.h | 13 ++++++++++++-
 2 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 854904a80b7e..a683602cae22 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -268,22 +268,18 @@ static int tsc_aux_uret_slot __read_mostly =3D -1;
=20
 static const u32 msrpm_ranges[] =3D {0, 0xc0000000, 0xc0010000};
=20
-#define NUM_MSR_MAPS ARRAY_SIZE(msrpm_ranges)
-#define MSRS_RANGE_SIZE 2048
-#define MSRS_IN_RANGE (MSRS_RANGE_SIZE * 8 / 2)
-
 u32 svm_msrpm_offset(u32 msr)
 {
 	u32 offset;
 	int i;
=20
-	for (i =3D 0; i < NUM_MSR_MAPS; i++) {
+	for (i =3D 0; i < ARRAY_SIZE(msrpm_ranges); i++) {
 		if (msr < msrpm_ranges[i] ||
-		    msr >=3D msrpm_ranges[i] + MSRS_IN_RANGE)
+		    msr >=3D msrpm_ranges[i] + SVM_MSRS_PER_RANGE)
 			continue;
=20
-		offset  =3D (msr - msrpm_ranges[i]) / 4; /* 4 msrs per u8 */
-		offset +=3D (i * MSRS_RANGE_SIZE);       /* add range offset */
+		offset  =3D (msr - msrpm_ranges[i]) / SVM_MSRS_PER_BYTE;
+		offset +=3D (i * SVM_MSRPM_BYTES_PER_RANGE);  /* add range offset */
=20
 		/* Now we have the u8 offset - but need the u32 offset */
 		return offset / 4;
diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index f1e466a10219..086a8c8aae86 100644
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -613,11 +613,22 @@ static inline void svm_vmgexit_no_action(struct vcpu_=
svm *svm, u64 data)
 	svm_vmgexit_set_return_code(svm, GHCB_HV_RESP_NO_ACTION, data);
 }
=20
-/* svm.c */
+/*
+ * The MSRPM is 8KiB in size, divided into four 2KiB ranges (the fourth ra=
nge
+ * is reserved).  Each MSR within a range is covered by two bits, one each=
 for
+ * read (bit 0) and write (bit 1), where a bit value of '1' means intercep=
ted.
+ */
+#define SVM_MSRPM_BYTES_PER_RANGE 2048
+#define SVM_BITS_PER_MSR 2
+#define SVM_MSRS_PER_BYTE (BITS_PER_BYTE / SVM_BITS_PER_MSR)
+#define SVM_MSRS_PER_RANGE (SVM_MSRPM_BYTES_PER_RANGE * SVM_MSRS_PER_BYTE)
+static_assert(SVM_MSRS_PER_RANGE =3D=3D 8192);
+
 #define MSR_INVALID				0xffffffffU
=20
 #define DEBUGCTL_RESERVED_BITS (~DEBUGCTLMSR_LBR)
=20
+/* svm.c */
 extern bool dump_invalid_vmcb;
=20
 u32 svm_msrpm_offset(u32 msr);
--=20
2.50.0.rc0.642.g800a2b2222-goog
From nobody Sat Oct 11 08:30:54 2025
Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com
 [209.85.216.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id CE5512BFC7B
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:57:58 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596280; cv=none;
 b=hpSAZeMEKHe38x/iPJ9dRWZ3LnlT989SO2soJ+ITQOH9FMu9PMUj3+a0WSqkj60xquxoqVVpkrsc6r1D93pBHlRl1dghiIUNnyp+KeBcqCjyjUw0YPnR4icW/dTSYc1JdzBZTSKMXTcM8s0JZ5yDr4WGAttb0YEGuSU/6h+z3rY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596280; c=relaxed/simple;
	bh=aqHJfbZLPtODrVTjO4zRfMd+2DV4KUbMHJWoB0C6XsM=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=BQDXJo6aEtNkOmAIsKXNapJEmAlukZcn6iMuvvv35eKVqHA+drxu4nOXwTsQf/O7JZXdKIIR3fUYrR2WjrJg2W7iFlIcTbJ2aqiuwD4L0auM85Xq2beR+aARuSbET+9cv7/6u3GC3gLyKkvOFgRs5E6iCpkgy43XDjr14BuADJ0=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=RkssztJ3; arc=none smtp.client-ip=209.85.216.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="RkssztJ3"
Received: by mail-pj1-f74.google.com with SMTP id
 98e67ed59e1d1-311d670ad35so5526864a91.3
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:57:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596278; x=1750201078;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=gkmdnzpn3mvnv+uvd/aCNzLTXCyaGIyTZUWMF+Vodeo=;
        b=RkssztJ3L6SF5fgfSLnok9wVMuZ83UTEQLmlsfroqds34YeE83zKdJaeTK+zycZjda
         ngF/iwpyzcW5RmgR5lfTyzvq/0KK9+xf2GP+zSiYO7yD0bm/loRQgnkdiJfmUGNRKavp
         hT6SR76dtxDZ9qllnvgBvr12qQePIg5X59CFC6mP/VBFBzgvcg0oLPcMI96VqXYlLt1o
         Sev1Uj3ASzgh01BQLYMW35iGgpcXWpUEChTdgQrr631EUfZyPgdXEZjX9J1c7sGV/syv
         d8Epx9J5gHRNHUMPnLU/40btKHYl+WqKjnhPnfJb1/XoBMAV0YmN4IdqvqH+/sZYGyVo
         J89Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596278; x=1750201078;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=gkmdnzpn3mvnv+uvd/aCNzLTXCyaGIyTZUWMF+Vodeo=;
        b=shTggc+8yT7xSRFM+ksjBknzGjqmLMpHOKCoyQYXCXuGq0oeucyJ+xsjchwV4y6IzY
         afOb5j7vVTArJwLSEihTRFjSgy3rYTxIGALwM7AJ8SfF10OI4p2tSRTTu2haqAOHvSBS
         1APhz3woaDcIH658Uouf598U905faQrMk2PjeCdpmFk3fX/xGhlsw14/qNg896qCgIFC
         c8jvjwVZj6aOx2xxGvsIvFS3w3oM1DcR0a/1muIZe7RwmAt1tldB6GtTOzFG0nPy2bYd
         NKcEjLruEyPYyAXGAJZfbllHBvdDTLz+MOHBJPGLLrcTsNMYLekWkYktBX8byrYFOKV7
         CTkA==
X-Forwarded-Encrypted: i=1;
 AJvYcCXVxi3Tgezx2Yj+rSd0OyKxr7ldusxXEvLTpMweCjX1wRF+PbNgTHV323OqE4HP+08IrtBTObFhhSmFLbI=@vger.kernel.org
X-Gm-Message-State: AOJu0YwFhrlOnCQbOB+mR2pIXQEIsC7C1Arlenn6YeL6LkxFjIApwM25
	3m4xYyIWU1JznsPkdNMsw+Brt+ll350wRRXbY7ljErwgxvEOsHss44ew1Bx6UgNYDkKluyebk5V
	N47aKxQ==
X-Google-Smtp-Source: 
 AGHT+IGr/29RZ42F3g4tbpBjge4TwOrxS+PL10a000HGGRKjcDL8ZlIFpZ/pWHRzYDxcCV+0R/5GQAbbUYg=
X-Received: from pjbsu16.prod.google.com
 ([2002:a17:90b:5350:b0:312:1af5:98c9])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:90b:5627:b0:312:959:dc42
 with SMTP id 98e67ed59e1d1-313af10ab0dmr1900041a91.11.1749596278165; Tue, 10
 Jun 2025 15:57:58 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:15 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-11-seanjc@google.com>
Subject: [PATCH v2 10/32] KVM: nSVM: Use dedicated array of MSRPM offsets to
 merge L0 and L1 bitmaps
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Use a dedicated array of MSRPM offsets to merge L0 and L1 bitmaps, i.e. to
merge KVM's vmcb01 bitmap with L1's vmcb12 bitmap.  This will eventually
allow for the removal of direct_access_msrs, as the only path where
tracking the offsets is truly justified is the merge for nested SVM, where
merging in chunks is an easy way to batch uaccess reads/writes.

Opportunistically omit the x2APIC MSRs from the merge-specific array
instead of filtering them out at runtime.

Note, disabling interception of DEBUGCTL, XSS, EFER, PAT, GHCB, and
TSC_AUX is mutually exclusive with nested virtualization, as KVM passes
through those MSRs only for SEV-ES guests, and KVM doesn't support nested
virtualization for SEV+ guests.  Defer removing those MSRs to a future
cleanup in order to make this refactoring as benign as possible.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
---
 arch/x86/kvm/svm/nested.c | 83 +++++++++++++++++++++++++++++++++------
 arch/x86/kvm/svm/svm.c    |  4 ++
 arch/x86/kvm/svm/svm.h    |  2 +
 3 files changed, 78 insertions(+), 11 deletions(-)

diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index 89a77f0f1cc8..666469e11602 100644
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -184,6 +184,75 @@ void recalc_intercepts(struct vcpu_svm *svm)
 	}
 }
=20
+/*
+ * This array (and its actual size) holds the set of offsets (indexing by =
chunk
+ * size) to process when merging vmcb12's MSRPM with vmcb01's MSRPM.  Note=
, the
+ * set of MSRs for which interception is disabled in vmcb01 is per-vCPU, e=
.g.
+ * based on CPUID features.  This array only tracks MSRs that *might* be p=
assed
+ * through to the guest.
+ *
+ * Hardcode the capacity of the array based on the maximum number of _offs=
ets_.
+ * MSRs are batched together, so there are fewer offsets than MSRs.
+ */
+static int nested_svm_msrpm_merge_offsets[9] __ro_after_init;
+static int nested_svm_nr_msrpm_merge_offsets __ro_after_init;
+
+int __init nested_svm_init_msrpm_merge_offsets(void)
+{
+	static const u32 merge_msrs[] __initconst =3D {
+		MSR_STAR,
+		MSR_IA32_SYSENTER_CS,
+		MSR_IA32_SYSENTER_EIP,
+		MSR_IA32_SYSENTER_ESP,
+	#ifdef CONFIG_X86_64
+		MSR_GS_BASE,
+		MSR_FS_BASE,
+		MSR_KERNEL_GS_BASE,
+		MSR_LSTAR,
+		MSR_CSTAR,
+		MSR_SYSCALL_MASK,
+	#endif
+		MSR_IA32_SPEC_CTRL,
+		MSR_IA32_PRED_CMD,
+		MSR_IA32_FLUSH_CMD,
+		MSR_IA32_LASTBRANCHFROMIP,
+		MSR_IA32_LASTBRANCHTOIP,
+		MSR_IA32_LASTINTFROMIP,
+		MSR_IA32_LASTINTTOIP,
+
+		MSR_IA32_DEBUGCTLMSR,
+		MSR_IA32_XSS,
+		MSR_EFER,
+		MSR_IA32_CR_PAT,
+		MSR_AMD64_SEV_ES_GHCB,
+		MSR_TSC_AUX,
+	};
+	int i, j;
+
+	for (i =3D 0; i < ARRAY_SIZE(merge_msrs); i++) {
+		u32 offset =3D svm_msrpm_offset(merge_msrs[i]);
+
+		if (WARN_ON(offset =3D=3D MSR_INVALID))
+			return -EIO;
+
+		for (j =3D 0; j < nested_svm_nr_msrpm_merge_offsets; j++) {
+			if (nested_svm_msrpm_merge_offsets[j] =3D=3D offset)
+				break;
+		}
+
+		if (j < nested_svm_nr_msrpm_merge_offsets)
+			continue;
+
+		if (WARN_ON(j >=3D ARRAY_SIZE(nested_svm_msrpm_merge_offsets)))
+			return -EIO;
+
+		nested_svm_msrpm_merge_offsets[j] =3D offset;
+		nested_svm_nr_msrpm_merge_offsets++;
+	}
+
+	return 0;
+}
+
 /*
  * Merge L0's (KVM) and L1's (Nested VMCB) MSR permission bitmaps. The fun=
ction
  * is optimized in that it only merges the parts where KVM MSR permission =
bitmap
@@ -216,19 +285,11 @@ static bool nested_svm_merge_msrpm(struct kvm_vcpu *v=
cpu)
 	if (!(vmcb12_is_intercept(&svm->nested.ctl, INTERCEPT_MSR_PROT)))
 		return true;
=20
-	for (i =3D 0; i < MSRPM_OFFSETS; i++) {
-		u32 value, p;
+	for (i =3D 0; i < nested_svm_nr_msrpm_merge_offsets; i++) {
+		const int p =3D nested_svm_msrpm_merge_offsets[i];
+		u32 value;
 		u64 offset;
=20
-		if (msrpm_offsets[i] =3D=3D 0xffffffff)
-			break;
-
-		p      =3D msrpm_offsets[i];
-
-		/* x2apic msrs are intercepted always for the nested guest */
-		if (is_x2apic_msrpm_offset(p))
-			continue;
-
 		offset =3D svm->nested.ctl.msrpm_base_pa + (p * 4);
=20
 		if (kvm_vcpu_read_guest(vcpu, offset, &value, 4))
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index a683602cae22..1ee936b8a6d0 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -5543,6 +5543,10 @@ static __init int svm_hardware_setup(void)
 	if (nested) {
 		pr_info("Nested Virtualization enabled\n");
 		kvm_enable_efer_bits(EFER_SVME | EFER_LMSLE);
+
+		r =3D nested_svm_init_msrpm_merge_offsets();
+		if (r)
+			return r;
 	}
=20
 	/*
diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index 086a8c8aae86..9f750b2399e9 100644
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -682,6 +682,8 @@ static inline bool nested_exit_on_nmi(struct vcpu_svm *=
svm)
 	return vmcb12_is_intercept(&svm->nested.ctl, INTERCEPT_NMI);
 }
=20
+int __init nested_svm_init_msrpm_merge_offsets(void);
+
 int enter_svm_guest_mode(struct kvm_vcpu *vcpu,
 			 u64 vmcb_gpa, struct vmcb *vmcb12, bool from_vmrun);
 void svm_leave_nested(struct kvm_vcpu *vcpu);
--=20
2.50.0.rc0.642.g800a2b2222-goog
From nobody Sat Oct 11 08:30:54 2025
Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com
 [209.85.216.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4F8DD2C033E
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:58:00 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596281; cv=none;
 b=fbU/UX04MeDrsAavwFG2Qg5y65t+Kas370+zZjVgZkzVwQu3qsx2I9yIRVHpMYEO89LNJ/ckulTom7w8Ofmeb/L/nA7Pd4Yl9iKbtW2wjDqJMB6EPGjhM8cwtEdlCRXiL2rgtk9Bekkhdt8pmeNp2lo0DysD3ZxiQSpWRaXnffc=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596281; c=relaxed/simple;
	bh=u7ao0TawB1pV1RTkqXHN83QLL0kwnu6scuJaSuoaBNA=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=h076bNlXthWLB5/k4t1LjFPcmhMt4T5gr5qzLqHwM7IiBP70ZvoaOBNtjCFA7n995LmxPU+NU2jjNdkZMO2sY07cN+tP6DTPwNwnpoXGXX0D6Mzn0bHt5kFSybA6GTepquuK5jjxStxcZHieTC2hMDGc7y+OuGImwDh714etzlM=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=gpx/hRvF; arc=none smtp.client-ip=209.85.216.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="gpx/hRvF"
Received: by mail-pj1-f74.google.com with SMTP id
 98e67ed59e1d1-313b0a63c41so277721a91.0
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:58:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596279; x=1750201079;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=UVDXF6a7sOgIhFQt3MLbDFl5pIZm0l+0Idj2IILtrzY=;
        b=gpx/hRvFsae357L6RpXWzvtZi/A/6JqxacXlEJ5K88CBs9RrikubznRnNzrqwyAoax
         LJ1kCoNxvySPV0gLPiel3aqOmHNU1Qed7BY3K/j9PX9KxCvJfKqvGyuWevf0QpR18f1O
         NN0x4Ho9nPwgxDhclHsWHnely04heXlrroTy5sR2CTOjSDkW2S8SesoG8LQrhyfZ6NOO
         YnbzOoIb05uKuMmLkxgDJH1a0YNFXyEgoh/6/OMlv7GGu5jHqA8oX+LudsCTmrFPeLf2
         gOfDgENHs35juHxKwMO8KMmKyD0sVBIGp7Xqd3n6eVKjVJJXa5mZqb973t7pUWbkhCyF
         0hwQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596279; x=1750201079;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=UVDXF6a7sOgIhFQt3MLbDFl5pIZm0l+0Idj2IILtrzY=;
        b=ETtq2fpktrLte4FTi395YgO8qphs1wGeSTUC8ump6/1gf1LiAYNiKL9x1A6Ui7EYyW
         7pl3Wu4HSfqmuAkMGr3ORpGqRzkTaY/7RaROUy8UL2ZyMd8KLVeryLsHYhWyDsP/jm6T
         uQ/nBO8Oj6saZWVn/bDnxOyhuIqaPliry/OlrQ1mYt2JZEB210VXTLs4KPg7Rd5Tm7a3
         lOmGmDQ1khFEFu+gadXM6LA2swe6K86B50F0Ac69w8NC+3f8x8/9PygsuyixzZG/HErc
         YlV0sCRQb6nsNtHU/z4lGPDNpVCgPQoWACPCROa+Psn3XYe1voSKVF9RkBhK7yF/fytc
         KnRQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCUBIzcos05T8cQo557gDllCTCbgdG4FpOr7GPYVjj4qwWoaiZC0TEQ/2983q6e7LQxwF/wfc/lVev0Xmm0=@vger.kernel.org
X-Gm-Message-State: AOJu0YybvUFbPIO8eCSEeJoQ1yHJom6srv9HP6iiJvBAmXM8zGPLwPyk
	IhljlpcAgiVqL6f7AHB3T3aSMp3GZFwr4tkHnKFS/8ybzqEo4zGUdaFESdfeD2D0vagk3uamOS+
	y3hwC5w==
X-Google-Smtp-Source: 
 AGHT+IEBB5qg4eF+njRYf5RTY0JBIXsh0Zdyp1xUstMWNbx4/qCCAE8F1Nkixuo4IMyOZPDpzoaRlI32Ak0=
X-Received: from pjbsr5.prod.google.com ([2002:a17:90b:4e85:b0:313:17cf:434f])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:90a:d647:b0:311:ad7f:329f
 with SMTP id 98e67ed59e1d1-313af231f38mr1524868a91.31.1749596279620; Tue, 10
 Jun 2025 15:57:59 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:16 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-12-seanjc@google.com>
Subject: [PATCH v2 11/32] KVM: nSVM: Omit SEV-ES specific passthrough MSRs
 from L0+L1 bitmap merge
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Don't merge bitmaps on nested VMRUN for MSRs that KVM passes through only
for SEV-ES guests.  KVM doesn't support nested virtualization for SEV-ES,
and likely never will.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
---
 arch/x86/kvm/svm/nested.c | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index 666469e11602..360dbd80a728 100644
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -194,7 +194,7 @@ void recalc_intercepts(struct vcpu_svm *svm)
  * Hardcode the capacity of the array based on the maximum number of _offs=
ets_.
  * MSRs are batched together, so there are fewer offsets than MSRs.
  */
-static int nested_svm_msrpm_merge_offsets[9] __ro_after_init;
+static int nested_svm_msrpm_merge_offsets[6] __ro_after_init;
 static int nested_svm_nr_msrpm_merge_offsets __ro_after_init;
=20
 int __init nested_svm_init_msrpm_merge_offsets(void)
@@ -219,13 +219,6 @@ int __init nested_svm_init_msrpm_merge_offsets(void)
 		MSR_IA32_LASTBRANCHTOIP,
 		MSR_IA32_LASTINTFROMIP,
 		MSR_IA32_LASTINTTOIP,
-
-		MSR_IA32_DEBUGCTLMSR,
-		MSR_IA32_XSS,
-		MSR_EFER,
-		MSR_IA32_CR_PAT,
-		MSR_AMD64_SEV_ES_GHCB,
-		MSR_TSC_AUX,
 	};
 	int i, j;
=20
--=20
2.50.0.rc0.642.g800a2b2222-goog
From nobody Sat Oct 11 08:30:54 2025
Received: from mail-pg1-f201.google.com (mail-pg1-f201.google.com
 [209.85.215.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id C90892D0274
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:58:01 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.215.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596283; cv=none;
 b=AV4Mq8s99yaIXZQgdWiws+hF/mcPUcyjoboUuCsAvNlSoUahgcwXjvS/hFu0L52kBlmpeBO3wpVMDw1RCt2i1fCyS4UBlBKPZXYKFU3b3VRmZBajRW+Hx5kiIMuEtlSYXxzwJlfnnVGXtX6ANKqJx+7s0ezlF6AjvPWvGqo5BOM=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596283; c=relaxed/simple;
	bh=Iqk+r0mkPS9wxZN6JLWccuqNll17FPxCguRXZbhZZL0=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=aAKhjSI+ZB/36qFJx3QZQue9whmbB0dGHgpwlUkG757tLUsPr2avqFExOMIBKzZt7P7MuaayzrBRGklTAq/G2W0G7ovB1rhOmI3FVYoldJwVmgT/jSeDjUCJzzhr0czSonHeCGZiS++4lZ84WRgFqdirMDYm3/zaX7MnN7dMAhU=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=P06Ybb3l; arc=none smtp.client-ip=209.85.215.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="P06Ybb3l"
Received: by mail-pg1-f201.google.com with SMTP id
 41be03b00d2f7-b2f5cb0c101so2944417a12.1
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:58:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596281; x=1750201081;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=LP6ms3d+pQenjptncaap9P6op8VHTzn1jsNbIWCvgs8=;
        b=P06Ybb3lGfZ3Xn36djdJSpj4xBkX2zAv/rfJf/9ET4PwhzoeBM40BW9+gGdx9HGbIJ
         WU44CUzeKt6xCavsYJGsvaVpSJkBPGGGKbQUfIHkaOXlV7qd8v3xczTOu5GnvSiujmqx
         WjusO/z6E9p7G7SR3C/+lAL4+ZJHH3zA9i72N+2z1QcWxnoVm3M4lcYP7mL04AHTjDk4
         uIbAoKWk8obMYMhxvTSbQ3n6DmWJDWB0YzHs7S98RKFs9qd4REFPIVRKUGs6lKTS3xU7
         uR7WE1Z6f7gU0TiyQjAE8kOiJdPXhxEuoOXBQiV4o+x3NPqU0Vxbcn3pKVUWVgkumEUM
         xSUA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596281; x=1750201081;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=LP6ms3d+pQenjptncaap9P6op8VHTzn1jsNbIWCvgs8=;
        b=n1Yt6eXWPU+M0pJ1LDz2/7JAuVKR+1YC/DtXg3ya4pQN2qF+E44QzX19j+osjVia3v
         fEmvnIYaCX6loIIzRCjbUPW+8XaEakkLiqC1TUDEg37DSw8LG5tQSk/dSMIdG/QYuEzB
         ENV5aa7Zl1b8WZF7r/4zgUgFtDNdaL+DfinbZ3k6/JkUzRc0l6HkyBICJUqGtoOYNIhF
         4zlG95bnbrOjYSfIioFOl2n31/iCc+HQp2bL3//Sf0f+SFxcvOWK2dbRIenKx7WU6F5O
         ku4W9tCe+w4QzRi5elv+5XM+8ytcdhG02SMXAC00YPH/xq6XgetY2ybq9L3mqxGDjJoI
         5MsA==
X-Forwarded-Encrypted: i=1;
 AJvYcCUrLTrXZn/S55WbKi3hBBncS1+4Trr0xS2Zq1f+kakOakZfD/ii3qXtKfEwsj2Hj2InED1UPc8g5/vqJjc=@vger.kernel.org
X-Gm-Message-State: AOJu0YxtMcBi24cpng3RT/sWQC5PkRsg07SQEkir0QFI8/ViF3x42bJf
	LXdbOH75v05ML1umBgZL7G9RFaA05JLvSEin8aGfSlIL64/vohI/iZJVhThP/V7Pt8sXRb6ygvf
	5+HgQoA==
X-Google-Smtp-Source: 
 AGHT+IGatc4mYFUGYlCFaTCgqzCToLvrm+7M2KdPuOsDwnyjeWw0K47ZaYSLGJVwirLkJy6Ajwg7/3iAeR8=
X-Received: from pffx7.prod.google.com ([2002:aa7:93a7:0:b0:73c:26eb:39b0])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6a21:9996:b0:216:60bc:2ca9
 with SMTP id adf61e73a8af0-21f86758622mr2105491637.40.1749596281282; Tue, 10
 Jun 2025 15:58:01 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:17 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-13-seanjc@google.com>
Subject: [PATCH v2 12/32] KVM: nSVM: Don't initialize vmcb02 MSRPM with
 vmcb01's "always passthrough"
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Don't initialize vmcb02's MSRPM with KVM's set of "always passthrough"
MSRs, as KVM always needs to consult L1's intercepts, i.e. needs to merge
vmcb01 with vmcb12 and write the result to vmcb02.  This will eventually
allow for the removal of svm_vcpu_init_msrpm().

Note, the bitmaps are truly initialized by svm_vcpu_alloc_msrpm() (default
to intercepting all MSRs), e.g. if there is a bug lurking elsewhere, the
worst case scenario from dropping the call to svm_vcpu_init_msrpm() should
be that KVM would fail to passthrough MSRs to L2.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
---
 arch/x86/kvm/svm/nested.c | 1 -
 arch/x86/kvm/svm/svm.c    | 5 +++--
 arch/x86/kvm/svm/svm.h    | 1 -
 3 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index 360dbd80a728..cf148f7db887 100644
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -1285,7 +1285,6 @@ int svm_allocate_nested(struct vcpu_svm *svm)
 	svm->nested.msrpm =3D svm_vcpu_alloc_msrpm();
 	if (!svm->nested.msrpm)
 		goto err_free_vmcb02;
-	svm_vcpu_init_msrpm(&svm->vcpu, svm->nested.msrpm);
=20
 	svm->nested.initialized =3D true;
 	return 0;
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 1ee936b8a6d0..798d33a76796 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -889,8 +889,9 @@ u32 *svm_vcpu_alloc_msrpm(void)
 	return msrpm;
 }
=20
-void svm_vcpu_init_msrpm(struct kvm_vcpu *vcpu, u32 *msrpm)
+static void svm_vcpu_init_msrpm(struct kvm_vcpu *vcpu)
 {
+	u32 *msrpm =3D to_svm(vcpu)->msrpm;
 	int i;
=20
 	for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) {
@@ -1402,7 +1403,7 @@ static void __svm_vcpu_reset(struct kvm_vcpu *vcpu)
 {
 	struct vcpu_svm *svm =3D to_svm(vcpu);
=20
-	svm_vcpu_init_msrpm(vcpu, svm->msrpm);
+	svm_vcpu_init_msrpm(vcpu);
=20
 	svm_init_osvw(vcpu);
=20
diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index 9f750b2399e9..bce66afafa11 100644
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -633,7 +633,6 @@ extern bool dump_invalid_vmcb;
=20
 u32 svm_msrpm_offset(u32 msr);
 u32 *svm_vcpu_alloc_msrpm(void);
-void svm_vcpu_init_msrpm(struct kvm_vcpu *vcpu, u32 *msrpm);
 void svm_vcpu_free_msrpm(u32 *msrpm);
 void svm_copy_lbrs(struct vmcb *to_vmcb, struct vmcb *from_vmcb);
 void svm_enable_lbrv(struct kvm_vcpu *vcpu);
--=20
2.50.0.rc0.642.g800a2b2222-goog
From nobody Sat Oct 11 08:30:54 2025
Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com
 [209.85.215.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 33F9A2D1F4A
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:58:03 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.215.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596284; cv=none;
 b=rUBCviuNezv7DG0Rlfb2n/qLTfx7z2JiBZuFmHBndmuZvOQxntgmStOGRvXICx9L5ZUdohAlT37mK5GyDs46yTZY4z//X8qh6d3NmMZrxu5A8qXIG8piUVvM/is9FpgQVhObpjpJazv42vFHKdEOAqEO+ETPgBZ+i68IrGTC0aI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596284; c=relaxed/simple;
	bh=F7byfDS1OPglN3Pg5TfkZNppi+cSONHtmO+WO68c9Zc=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=J91L6y+BCwm0zN7ppTrVm0oe2RPiC8yNqsbOdZMNeknjlPIg4nL2yNiuKq3RuHh8vXDY/I/KXiRo+tSKUnsAkkRh7y/p94hOpEb5sjQLY1xtO+d9gOOaKIh7YzB3tkwfpQySAYQg7MoR/zbILEqM4HtX2ZRxgy95mZe2Qz0WOys=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=2NlBr9S1; arc=none smtp.client-ip=209.85.215.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="2NlBr9S1"
Received: by mail-pg1-f202.google.com with SMTP id
 41be03b00d2f7-af59547f55bso3294510a12.0
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:58:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596282; x=1750201082;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=70EChDkss4iyISwb9qAdpZ1UkxLXALCTNQzkODa6bJw=;
        b=2NlBr9S1nLrxcCXAjppyggx5JuEIjC3EwmNAzkeVwDMXeeEQRYc8kaZ0oomsE7Y92h
         wSwRtMC99FTX5IFFASegNNXSbWmK1k1rNOH+ErHjefOKJxXfx15YUNYGEc5adt9Jg8hV
         egwy0NIUuYZMyRVciwgkQ1OYxVf50Y5YteK1R4L1YO/HFyXn5SzaQN4lnrbOiznkRrSZ
         ZXGC88w116qHbU6JvUwBPA/T8o6u50PpAUHgBL4yE5U6JKkU28pFE2BH7gL/sxtqRbRN
         z1GxCFGTqiA/fUCkD6kVBtFmv+5aLVgJpaXBwgpvqVrR9Y2BE65hQ4hb1YO5Qxi6FOvo
         6RWQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596282; x=1750201082;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=70EChDkss4iyISwb9qAdpZ1UkxLXALCTNQzkODa6bJw=;
        b=flkZ+SR0fLwFpA215webghocSMeyNrIWrUcGqo57PxrQ0d3Q8SNcsU0GnmOZ1+jSiO
         KZS/CmAcCdnAGcNn+zDQqEz70otI8H4UEnN27cRtg02klw892hsYYR9gotPpZvTnfOWO
         PXLdkRsav1s/7s/+HBPrhz5rqt5PeSU1qNcmea6FsKTUIV0qTe6I5hS+3IAVGtPT6Iaa
         874g2tDNXOHS8poi2MacT32vPRMCMo3siwx4LyzfEVnISTTEmyiAT9kFwrYpq1v5Ejcq
         TnyJkt6pzoeTOaMyMbo73tMWSMX0fpeMRNhXMw2LP5nhkznhbVho7ERrUKT3hCE8KIF2
         5sWA==
X-Forwarded-Encrypted: i=1;
 AJvYcCUHlOiZFFbizYHp9HqZuUhUWSbK1czfpvk8GYx9lWiYzh4gZfBcpIK4AOgwz/J8oN+yyxd8vu7V98IoD9s=@vger.kernel.org
X-Gm-Message-State: AOJu0YzPcrB7ltLi6lumirZUjnj+WL4jQG/HNss9wLe6+iWWYp6Ucgpz
	jUa9E7njSp+FTJkNHWB/E0MYd5RUCxY+12rWFerwDe+O3VvVoMqnrFSyySTHBoYD4qxyoW1GRzM
	ihP92Vw==
X-Google-Smtp-Source: 
 AGHT+IHCFx8oRZxcJqlQMY09Po25mVfvwzM98pO2svurXJMBSFUeg/uaVz9XPdxA6tzpfP1YBy+pnbR2ON8=
X-Received: from pga13.prod.google.com ([2002:a05:6a02:4f8d:b0:b2f:c26a:8705])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6a20:a121:b0:21a:d503:f47c
 with SMTP id adf61e73a8af0-21f890ea5eamr743170637.28.1749596282682; Tue, 10
 Jun 2025 15:58:02 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:18 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-14-seanjc@google.com>
Subject: [PATCH v2 13/32] KVM: SVM: Add helpers for accessing MSR bitmap that
 don't rely on offsets
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Add macro-built helpers for testing, setting, and clearing MSRPM entries
without relying on precomputed offsets.  This sets the stage for eventually
removing general KVM use of precomputed offsets, which are quite confusing
and rather inefficient for the vast majority of KVM's usage.

Outside of merging L0 and L1 bitmaps for nested SVM, using u32-indexed
offsets and accesses is at best unnecessary, and at worst introduces extra
operations to retrieve the individual bit from within the offset u32 value.
And simply calling them "offsets" is very confusing, as the "unit" of the
offset isn't immediately obvious.

Use the new helpers in set_msr_interception_bitmap() and
msr_write_intercepted() to verify the math and operations, but keep the
existing offset-based logic in set_msr_interception_bitmap() to sanity
check the "clear" and "set" operations.  Manipulating MSR interceptions
isn't a hot path and no kernel release is ever expected to contain this
specific version of set_msr_interception_bitmap() (it will be removed
entirely in the near future).

Signed-off-by: Sean Christopherson <seanjc@google.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
---
 arch/x86/kvm/svm/svm.c | 30 ++++++++++++++--------------
 arch/x86/kvm/svm/svm.h | 44 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 58 insertions(+), 16 deletions(-)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 798d33a76796..cd1e0ca964b0 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -802,11 +802,6 @@ static bool valid_msr_intercept(u32 index)
=20
 static bool msr_write_intercepted(struct kvm_vcpu *vcpu, u32 msr)
 {
-	u8 bit_write;
-	unsigned long tmp;
-	u32 offset;
-	u32 *msrpm;
-
 	/*
 	 * For non-nested case:
 	 * If the L01 MSR bitmap does not intercept the MSR, then we need to
@@ -816,17 +811,10 @@ static bool msr_write_intercepted(struct kvm_vcpu *vc=
pu, u32 msr)
 	 * If the L02 MSR bitmap does not intercept the MSR, then we need to
 	 * save it.
 	 */
-	msrpm =3D is_guest_mode(vcpu) ? to_svm(vcpu)->nested.msrpm:
-				      to_svm(vcpu)->msrpm;
+	void *msrpm =3D is_guest_mode(vcpu) ? to_svm(vcpu)->nested.msrpm :
+					    to_svm(vcpu)->msrpm;
=20
-	offset    =3D svm_msrpm_offset(msr);
-	if (KVM_BUG_ON(offset =3D=3D MSR_INVALID, vcpu->kvm))
-		return false;
-
-	bit_write =3D 2 * (msr & 0x0f) + 1;
-	tmp       =3D msrpm[offset];
-
-	return test_bit(bit_write, &tmp);
+	return svm_test_msr_bitmap_write(msrpm, msr);
 }
=20
 static void set_msr_interception_bitmap(struct kvm_vcpu *vcpu, u32 *msrpm,
@@ -861,7 +849,17 @@ static void set_msr_interception_bitmap(struct kvm_vcp=
u *vcpu, u32 *msrpm,
 	read  ? __clear_bit(bit_read,  &tmp) : __set_bit(bit_read,  &tmp);
 	write ? __clear_bit(bit_write, &tmp) : __set_bit(bit_write, &tmp);
=20
-	msrpm[offset] =3D tmp;
+	if (read)
+		svm_clear_msr_bitmap_read((void *)msrpm, msr);
+	else
+		svm_set_msr_bitmap_read((void *)msrpm, msr);
+
+	if (write)
+		svm_clear_msr_bitmap_write((void *)msrpm, msr);
+	else
+		svm_set_msr_bitmap_write((void *)msrpm, msr);
+
+	WARN_ON_ONCE(msrpm[offset] !=3D (u32)tmp);
=20
 	svm_hv_vmcb_dirty_nested_enlightenments(vcpu);
 	svm->nested.force_msr_bitmap_recalc =3D true;
diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index bce66afafa11..a2be18579e09 100644
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -623,9 +623,53 @@ static inline void svm_vmgexit_no_action(struct vcpu_s=
vm *svm, u64 data)
 #define SVM_MSRS_PER_BYTE (BITS_PER_BYTE / SVM_BITS_PER_MSR)
 #define SVM_MSRS_PER_RANGE (SVM_MSRPM_BYTES_PER_RANGE * SVM_MSRS_PER_BYTE)
 static_assert(SVM_MSRS_PER_RANGE =3D=3D 8192);
+#define SVM_MSRPM_OFFSET_MASK (SVM_MSRS_PER_RANGE - 1)
=20
 #define MSR_INVALID				0xffffffffU
=20
+static __always_inline u32 svm_msrpm_bit_nr(u32 msr)
+{
+	int range_nr;
+
+	switch (msr & ~SVM_MSRPM_OFFSET_MASK) {
+	case 0:
+		range_nr =3D 0;
+		break;
+	case 0xc0000000:
+		range_nr =3D 1;
+		break;
+	case 0xc0010000:
+		range_nr =3D 2;
+		break;
+	default:
+		return MSR_INVALID;
+	}
+
+	return range_nr * SVM_MSRPM_BYTES_PER_RANGE * BITS_PER_BYTE +
+	       (msr & SVM_MSRPM_OFFSET_MASK) * SVM_BITS_PER_MSR;
+}
+
+#define __BUILD_SVM_MSR_BITMAP_HELPER(rtype, action, bitop, access, bit_rw=
)	\
+static inline rtype svm_##action##_msr_bitmap_##access(unsigned long *bitm=
ap,	\
+						       u32 msr)			\
+{										\
+	u32 bit_nr;								\
+										\
+	bit_nr =3D svm_msrpm_bit_nr(msr);						\
+	if (bit_nr =3D=3D MSR_INVALID)								\
+		return (rtype)true;						\
+										\
+	return bitop##_bit(bit_nr + bit_rw, bitmap);				\
+}
+
+#define BUILD_SVM_MSR_BITMAP_HELPERS(ret_type, action, bitop)			\
+	__BUILD_SVM_MSR_BITMAP_HELPER(ret_type, action, bitop, read,  0)	\
+	__BUILD_SVM_MSR_BITMAP_HELPER(ret_type, action, bitop, write, 1)
+
+BUILD_SVM_MSR_BITMAP_HELPERS(bool, test, test)
+BUILD_SVM_MSR_BITMAP_HELPERS(void, clear, __clear)
+BUILD_SVM_MSR_BITMAP_HELPERS(void, set, __set)
+
 #define DEBUGCTL_RESERVED_BITS (~DEBUGCTLMSR_LBR)
=20
 /* svm.c */
--=20
2.50.0.rc0.642.g800a2b2222-goog
From nobody Sat Oct 11 08:30:54 2025
Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com
 [209.85.214.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id EDC4E2D0270
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:58:04 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.214.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596286; cv=none;
 b=kTq4xNGkjbOiwqyq+3xOYYlBepfbJAk4noYrrsvyumX8i6+jZIoemAV2YKXNUxBUo2bhUA2FXqL/8fa7BBjrDLM7E/ba3ldwbhLNGX0JuCPX2IJQ1Ww+1MNUZyhsYZ+h/j6k9LnoFfk+7uxlav/kzwa3N0Gp6YkDdlTVZhSvDYc=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596286; c=relaxed/simple;
	bh=N7h+A7D556/1VTlpmcJMLpYRql2HnNSQ8Sjk17RLkcg=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=Uq90h6DcW3+mdObSTWElltRQWxVP1H6So0noRi7eUuep5JCPA3yVMPDwRYwSNp4/3ZHpRVdtlkYKT/dgrVD3QlVR1jUPjMNILHZOroJt0a/HkWEC9hnwsaRcR6hDAaNNy3EChwg+LLM7DJYhySy4rVHuaPLk3tLiECqBE5OPKzI=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=Uwh8UfA9; arc=none smtp.client-ip=209.85.214.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="Uwh8UfA9"
Received: by mail-pl1-f202.google.com with SMTP id
 d9443c01a7336-235eefe6a8fso42017315ad.1
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:58:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596284; x=1750201084;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=DzbFvdj10j5BJCBLru7m8eiqLfdpYCuLPbQOkmNv8cA=;
        b=Uwh8UfA94Igyu7YU5uvU/RgfJ2mrIA/bYb6nGU88Cob96l5nyKowAw7EnOEh/F80zt
         VnrDwfdSaRYz/Iz2wRMDe4T8+GTImHasflvLammVN1DiCoCvYMkNOHQ5R8Zu/l6KKzW/
         CAbpPyYNCDZXpsM2TB2DLUiVY6+3PoYB3nK+fxDF+yioMmtmmX+G6xdA0Q8YCglGL8vN
         KFyW7bp2xs9fVF1PZptmwRfSq/WqNRO0LGnZxoe9sr11A+Bkb78GuWyfLtFvZfkCEHrh
         v0YX+Tzk8RORbGQLDAZZZfeEhZVQsJIV6p2JAzXeV/yKdODTL709hHJs7FpaUWaxjJKF
         vArA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596284; x=1750201084;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=DzbFvdj10j5BJCBLru7m8eiqLfdpYCuLPbQOkmNv8cA=;
        b=l8NL2GlvQ9qBhU2b7dXGFxZcLRGNVUmezM/HxfPo0kSjnPoY5i8XPxyr7rgUXay08h
         hMjoPzqDonk9mj52TVAOm+uoI+LX4yCFUappsYAw5K3Wjs9hhgbUDso7t/jb5eXRyy+A
         +N90u96OsssZ8E4XBN8e0OC30UFt8gz8sYODSC846YZrh1U8yyd1YmzUz2ZTKpwHd2+T
         EXR4SILI00X6MmooJJnRimwdQUbTL9Gj57o2FHBO3MmgAenLNHR7yCX1pI28jVZ4SGug
         0RZlNrPLfpE0V04+bxcztCo3mn675Da8dqi/4rKPZ2Znlq/WcRs2Rj+4V6hJi2cGn9Zl
         zbLw==
X-Forwarded-Encrypted: i=1;
 AJvYcCXFkM1rT3qaRHAlljpk0vqOWtm0BG8JZ7efChBF3k6gA6Hg6+6nLtlN0uW7lxMuTrUqkjE48XRP6VGxKgI=@vger.kernel.org
X-Gm-Message-State: AOJu0Yz8CcgZNZdun7m5vGeVv+5XMDkX6b+kmB/SOo64B38p+VNFsBjl
	roG9DIAiPHrx6TYYbhESNojTcSK8Gen0nA3uO3RvTG+pWyGxz1kY35c6hpQ2tpF+pBfW75wjlKj
	H30VcMQ==
X-Google-Smtp-Source: 
 AGHT+IFXA/JRLPUgGSkQhSU10/RA1tHURIrVbKSy0OG3M3Wcsi5hCzmlt7zZFZy04Rc9qMvsMNOyYzOQDSs=
X-Received: from pllo12.prod.google.com ([2002:a17:902:778c:b0:235:e734:e93e])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:902:cf46:b0:235:e1e4:ec5e
 with SMTP id d9443c01a7336-236426d5bd2mr4658765ad.49.1749596284299; Tue, 10
 Jun 2025 15:58:04 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:19 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-15-seanjc@google.com>
Subject: [PATCH v2 14/32] KVM: SVM: Implement and adopt VMX style MSR
 intercepts APIs
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Add and use SVM MSR interception APIs (in most paths) to match VMX's
APIs and nomenclature.  Specifically, add SVM variants of:

        vmx_disable_intercept_for_msr(vcpu, msr, type)
        vmx_enable_intercept_for_msr(vcpu, msr, type)
        vmx_set_intercept_for_msr(vcpu, msr, type, intercept)

to eventually replace SVM's single helper:

        set_msr_interception(vcpu, msrpm, msr, allow_read, allow_write)

which is awkward to use (in all cases, KVM either applies the same logic
for both reads and writes, or intercepts one of read or write), and is
unintuitive due to using '0' to indicate interception should be *set*.

Keep the guts of the old API for the moment to avoid churning the MSR
filter code, as that mess will be overhauled in the near future.  Leave
behind a temporary comment to call out that the shadow bitmaps have
inverted polarity relative to the bitmaps consumed by hardware.

No functional change intended.

Reviewed-by: Chao Gao <chao.gao@intel.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Binbin Wu <binbin.wu@linux.intel.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
---
 arch/x86/kvm/svm/sev.c | 18 ++++----
 arch/x86/kvm/svm/svm.c | 99 +++++++++++++++++++++++++++++-------------
 arch/x86/kvm/svm/svm.h | 12 +++++
 3 files changed, 90 insertions(+), 39 deletions(-)

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 6c2f840a0171..74dab69fb69e 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -4351,12 +4351,10 @@ static void sev_es_vcpu_after_set_cpuid(struct vcpu=
_svm *svm)
 {
 	struct kvm_vcpu *vcpu =3D &svm->vcpu;
=20
-	if (boot_cpu_has(X86_FEATURE_V_TSC_AUX)) {
-		bool v_tsc_aux =3D guest_cpu_cap_has(vcpu, X86_FEATURE_RDTSCP) ||
-				 guest_cpu_cap_has(vcpu, X86_FEATURE_RDPID);
-
-		set_msr_interception(vcpu, svm->msrpm, MSR_TSC_AUX, v_tsc_aux, v_tsc_aux=
);
-	}
+	if (boot_cpu_has(X86_FEATURE_V_TSC_AUX))
+		svm_set_intercept_for_msr(vcpu, MSR_TSC_AUX, MSR_TYPE_RW,
+					  !guest_cpu_cap_has(vcpu, X86_FEATURE_RDTSCP) &&
+					  !guest_cpu_cap_has(vcpu, X86_FEATURE_RDPID));
=20
 	/*
 	 * For SEV-ES, accesses to MSR_IA32_XSS should not be intercepted if
@@ -4372,9 +4370,9 @@ static void sev_es_vcpu_after_set_cpuid(struct vcpu_s=
vm *svm)
 	 */
 	if (guest_cpu_cap_has(vcpu, X86_FEATURE_XSAVES) &&
 	    guest_cpuid_has(vcpu, X86_FEATURE_XSAVES))
-		set_msr_interception(vcpu, svm->msrpm, MSR_IA32_XSS, 1, 1);
+		svm_disable_intercept_for_msr(vcpu, MSR_IA32_XSS, MSR_TYPE_RW);
 	else
-		set_msr_interception(vcpu, svm->msrpm, MSR_IA32_XSS, 0, 0);
+		svm_enable_intercept_for_msr(vcpu, MSR_IA32_XSS, MSR_TYPE_RW);
 }
=20
 void sev_vcpu_after_set_cpuid(struct vcpu_svm *svm)
@@ -4451,8 +4449,8 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm)
 	svm_clr_intercept(svm, INTERCEPT_XSETBV);
=20
 	/* Clear intercepts on selected MSRs */
-	set_msr_interception(vcpu, svm->msrpm, MSR_EFER, 1, 1);
-	set_msr_interception(vcpu, svm->msrpm, MSR_IA32_CR_PAT, 1, 1);
+	svm_disable_intercept_for_msr(vcpu, MSR_EFER, MSR_TYPE_RW);
+	svm_disable_intercept_for_msr(vcpu, MSR_IA32_CR_PAT, MSR_TYPE_RW);
 }
=20
 void sev_init_vmcb(struct vcpu_svm *svm)
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index cd1e0ca964b0..93d66109f495 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -865,11 +865,53 @@ static void set_msr_interception_bitmap(struct kvm_vc=
pu *vcpu, u32 *msrpm,
 	svm->nested.force_msr_bitmap_recalc =3D true;
 }
=20
-void set_msr_interception(struct kvm_vcpu *vcpu, u32 *msrpm, u32 msr,
-			  int read, int write)
+void svm_disable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int typ=
e)
 {
-	set_shadow_msr_intercept(vcpu, msr, read, write);
-	set_msr_interception_bitmap(vcpu, msrpm, msr, read, write);
+	struct vcpu_svm *svm =3D to_svm(vcpu);
+	void *msrpm =3D svm->msrpm;
+
+	/* Note, the shadow intercept bitmaps have inverted polarity. */
+	set_shadow_msr_intercept(vcpu, msr, type & MSR_TYPE_R, type & MSR_TYPE_W);
+
+	/* Don't disable interception for MSRs userspace wants to handle. */
+	if ((type & MSR_TYPE_R) &&
+	    !kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_READ)) {
+		svm_set_msr_bitmap_read(msrpm, msr);
+		type &=3D ~MSR_TYPE_R;
+	}
+
+	if ((type & MSR_TYPE_W) &&
+	    !kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_WRITE)) {
+		svm_set_msr_bitmap_write(msrpm, msr);
+		type &=3D ~MSR_TYPE_W;
+	}
+
+	if (type & MSR_TYPE_R)
+		svm_clear_msr_bitmap_read(msrpm, msr);
+
+	if (type & MSR_TYPE_W)
+		svm_clear_msr_bitmap_write(msrpm, msr);
+
+	svm_hv_vmcb_dirty_nested_enlightenments(vcpu);
+	svm->nested.force_msr_bitmap_recalc =3D true;
+}
+
+void svm_enable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type)
+{
+	struct vcpu_svm *svm =3D to_svm(vcpu);
+	void *msrpm =3D svm->msrpm;
+
+	set_shadow_msr_intercept(vcpu, msr,
+				 !(type & MSR_TYPE_R), !(type & MSR_TYPE_W));
+
+	if (type & MSR_TYPE_R)
+		svm_set_msr_bitmap_read(msrpm, msr);
+
+	if (type & MSR_TYPE_W)
+		svm_set_msr_bitmap_write(msrpm, msr);
+
+	svm_hv_vmcb_dirty_nested_enlightenments(vcpu);
+	svm->nested.force_msr_bitmap_recalc =3D true;
 }
=20
 u32 *svm_vcpu_alloc_msrpm(void)
@@ -889,13 +931,13 @@ u32 *svm_vcpu_alloc_msrpm(void)
=20
 static void svm_vcpu_init_msrpm(struct kvm_vcpu *vcpu)
 {
-	u32 *msrpm =3D to_svm(vcpu)->msrpm;
 	int i;
=20
 	for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) {
 		if (!direct_access_msrs[i].always)
 			continue;
-		set_msr_interception(vcpu, msrpm, direct_access_msrs[i].index, 1, 1);
+		svm_disable_intercept_for_msr(vcpu, direct_access_msrs[i].index,
+					      MSR_TYPE_RW);
 	}
 }
=20
@@ -915,8 +957,8 @@ void svm_set_x2apic_msr_interception(struct vcpu_svm *s=
vm, bool intercept)
 		if ((index < APIC_BASE_MSR) ||
 		    (index > APIC_BASE_MSR + 0xff))
 			continue;
-		set_msr_interception(&svm->vcpu, svm->msrpm, index,
-				     !intercept, !intercept);
+
+		svm_set_intercept_for_msr(&svm->vcpu, index, MSR_TYPE_RW, intercept);
 	}
=20
 	svm->x2avic_msrs_intercepted =3D intercept;
@@ -1004,13 +1046,13 @@ void svm_enable_lbrv(struct kvm_vcpu *vcpu)
 	struct vcpu_svm *svm =3D to_svm(vcpu);
=20
 	svm->vmcb->control.virt_ext |=3D LBR_CTL_ENABLE_MASK;
-	set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTBRANCHFROMIP, 1, 1);
-	set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTBRANCHTOIP, 1, 1);
-	set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTINTFROMIP, 1, 1);
-	set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTINTTOIP, 1, 1);
+	svm_disable_intercept_for_msr(vcpu, MSR_IA32_LASTBRANCHFROMIP, MSR_TYPE_R=
W);
+	svm_disable_intercept_for_msr(vcpu, MSR_IA32_LASTBRANCHTOIP, MSR_TYPE_RW);
+	svm_disable_intercept_for_msr(vcpu, MSR_IA32_LASTINTFROMIP, MSR_TYPE_RW);
+	svm_disable_intercept_for_msr(vcpu, MSR_IA32_LASTINTTOIP, MSR_TYPE_RW);
=20
 	if (sev_es_guest(vcpu->kvm))
-		set_msr_interception(vcpu, svm->msrpm, MSR_IA32_DEBUGCTLMSR, 1, 1);
+		svm_disable_intercept_for_msr(vcpu, MSR_IA32_DEBUGCTLMSR, MSR_TYPE_RW);
=20
 	/* Move the LBR msrs to the vmcb02 so that the guest can see them. */
 	if (is_guest_mode(vcpu))
@@ -1024,10 +1066,10 @@ static void svm_disable_lbrv(struct kvm_vcpu *vcpu)
 	KVM_BUG_ON(sev_es_guest(vcpu->kvm), vcpu->kvm);
=20
 	svm->vmcb->control.virt_ext &=3D ~LBR_CTL_ENABLE_MASK;
-	set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTBRANCHFROMIP, 0, 0);
-	set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTBRANCHTOIP, 0, 0);
-	set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTINTFROMIP, 0, 0);
-	set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTINTTOIP, 0, 0);
+	svm_enable_intercept_for_msr(vcpu, MSR_IA32_LASTBRANCHFROMIP, MSR_TYPE_RW=
);
+	svm_enable_intercept_for_msr(vcpu, MSR_IA32_LASTBRANCHTOIP, MSR_TYPE_RW);
+	svm_enable_intercept_for_msr(vcpu, MSR_IA32_LASTINTFROMIP, MSR_TYPE_RW);
+	svm_enable_intercept_for_msr(vcpu, MSR_IA32_LASTINTTOIP, MSR_TYPE_RW);
=20
 	/*
 	 * Move the LBR msrs back to the vmcb01 to avoid copying them
@@ -1219,8 +1261,8 @@ static inline void init_vmcb_after_set_cpuid(struct k=
vm_vcpu *vcpu)
 		svm_set_intercept(svm, INTERCEPT_VMSAVE);
 		svm->vmcb->control.virt_ext &=3D ~VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK;
=20
-		set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_EIP, 0, 0);
-		set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_ESP, 0, 0);
+		svm_enable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_EIP, MSR_TYPE_RW);
+		svm_enable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_ESP, MSR_TYPE_RW);
 	} else {
 		/*
 		 * If hardware supports Virtual VMLOAD VMSAVE then enable it
@@ -1232,8 +1274,8 @@ static inline void init_vmcb_after_set_cpuid(struct k=
vm_vcpu *vcpu)
 			svm->vmcb->control.virt_ext |=3D VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK;
 		}
 		/* No need to intercept these MSRs */
-		set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_EIP, 1, 1);
-		set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_ESP, 1, 1);
+		svm_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_EIP, MSR_TYPE_RW);
+		svm_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_ESP, MSR_TYPE_RW);
 	}
 }
=20
@@ -1367,9 +1409,8 @@ static void init_vmcb(struct kvm_vcpu *vcpu)
 	 * of SPEC_CTRL, without waiting for the guest to access the MSR.
 	 */
 	if (boot_cpu_has(X86_FEATURE_V_SPEC_CTRL))
-		set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SPEC_CTRL,
-				     guest_has_spec_ctrl_msr(vcpu),
-				     guest_has_spec_ctrl_msr(vcpu));
+		svm_set_intercept_for_msr(vcpu, MSR_IA32_SPEC_CTRL, MSR_TYPE_RW,
+					  !guest_has_spec_ctrl_msr(vcpu));
=20
 	if (kvm_vcpu_apicv_active(vcpu))
 		avic_init_vmcb(svm, vmcb);
@@ -3136,7 +3177,7 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct =
msr_data *msr)
 		 * We update the L1 MSR bit as well since it will end up
 		 * touching the MSR anyway now.
 		 */
-		set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SPEC_CTRL, 1, 1);
+		svm_disable_intercept_for_msr(vcpu, MSR_IA32_SPEC_CTRL, MSR_TYPE_RW);
 		break;
 	case MSR_AMD64_VIRT_SPEC_CTRL:
 		if (!msr->host_initiated &&
@@ -4640,12 +4681,12 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcp=
u *vcpu)
 	svm_recalc_instruction_intercepts(vcpu, svm);
=20
 	if (boot_cpu_has(X86_FEATURE_IBPB))
-		set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PRED_CMD, 0,
-				     !!guest_has_pred_cmd_msr(vcpu));
+		svm_set_intercept_for_msr(vcpu, MSR_IA32_PRED_CMD, MSR_TYPE_W,
+					  !guest_has_pred_cmd_msr(vcpu));
=20
 	if (boot_cpu_has(X86_FEATURE_FLUSH_L1D))
-		set_msr_interception(vcpu, svm->msrpm, MSR_IA32_FLUSH_CMD, 0,
-				     !!guest_cpu_cap_has(vcpu, X86_FEATURE_FLUSH_L1D));
+		svm_set_intercept_for_msr(vcpu, MSR_IA32_FLUSH_CMD, MSR_TYPE_W,
+					  !guest_cpu_cap_has(vcpu, X86_FEATURE_FLUSH_L1D));
=20
 	if (sev_guest(vcpu->kvm))
 		sev_vcpu_after_set_cpuid(svm);
diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index a2be18579e09..5d5805ab59a7 100644
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -697,6 +697,18 @@ void svm_set_x2apic_msr_interception(struct vcpu_svm *=
svm, bool disable);
 void svm_complete_interrupt_delivery(struct kvm_vcpu *vcpu, int delivery_m=
ode,
 				     int trig_mode, int vec);
=20
+void svm_enable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type=
);
+void svm_disable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int typ=
e);
+
+static inline void svm_set_intercept_for_msr(struct kvm_vcpu *vcpu, u32 ms=
r,
+					     int type, bool enable_intercept)
+{
+	if (enable_intercept)
+		svm_enable_intercept_for_msr(vcpu, msr, type);
+	else
+		svm_disable_intercept_for_msr(vcpu, msr, type);
+}
+
 /* nested.c */
=20
 #define NESTED_EXIT_HOST	0	/* Exit handled on host level */
--=20
2.50.0.rc0.642.g800a2b2222-goog
From nobody Sat Oct 11 08:30:54 2025
Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com
 [209.85.210.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id B39602D0274
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:58:06 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.210.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596288; cv=none;
 b=VqpcZTsv6vDnxuz29yvFjdKpgnsxawxphbon6yue8upBJPmVSQcCwTvwVcRLY72iGMCbR5lSY+5K0ZJOkar5s4p5BY8AET8qpol2v/4+7uFDdgnob5pmk33WfERSlb8C6cWtscv+GX5/d+9Bvs8vOxYipWLSEPMH0VjRSOZkxI0=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596288; c=relaxed/simple;
	bh=WyvxrUW0cLAtlzKfHBSk04hVbpED9wnvZwlJrQHf/jo=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=FCqEyfF6jUQWjIAymLhnK9Pk3nH0eiF5+vgDFNrD08bRFz0vQn//9W75hCnPwb583sB+VjfQU6k3M+ARsae5thkmEfE7oWErAsSMmdCW3igEsGk7nQvPOeqa1dERy9EaiFrWm+FuIFtO52OS+iHxErseX2otCeXLCQSV1iLBOt0=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=JWtDkqpT; arc=none smtp.client-ip=209.85.210.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="JWtDkqpT"
Received: by mail-pf1-f201.google.com with SMTP id
 d2e1a72fcca58-748475d2a79so2372960b3a.3
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:58:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596286; x=1750201086;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=L9AHHsZZFEY3JtnvHOf80Exk/6rqnszTyKb98S72dSw=;
        b=JWtDkqpTBJ7JHMLoYxdQ1/V6kAWOwHFRb/svV81P+2hiUteFa+7/yMOz2j1EtsN4F+
         PMwKw0JlQtXbrt6QXCO/5hdpZ4s8DPHUa74W5U+sacv/jVloefz5EPWIZ74iREOxJh2t
         d2Y6DigKXMa9I/6yhrYzkyZmDwhd3J3/vVkzTUEYS/Fx6hfSgO8AqhHrCrDsNpYa/Ib3
         4V3CCSJaQRQKky2DfylObE6z6rMB2UcvstfF4mbzpTarxzovYAWzrRZp1bqLNvhfTJ1W
         FddYz7WaBAu81XoYLGBBWfwIccZZSqUmHwqRYMWkN9X5djym+duREDuRAOkBKlZ6LrQa
         nw8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596286; x=1750201086;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=L9AHHsZZFEY3JtnvHOf80Exk/6rqnszTyKb98S72dSw=;
        b=p1m5fjrx1UyzQh9udY8/mNTvQIGAuQBITy7PkHpJAcGmWjS/sZWzPvB/tADAMogULy
         ketxoGu6yJlrakBDiRtIHLwhogvTgU/HHPqNCWJbEYxWD1RiQ+gHmuS8IET+ofEwf8gO
         3EZ11sMsJvFlmW3TTJrHyWCTF8L7vYmaezHhP/hC7Nx8WKt0s7K+IjQZKeSlWr+xRKUk
         MV+w3JP4NZ9MDUK3yi2BlVx6bTGlWs2KL7Xg56izmXisyM1ZhRlUQWDCKLw13B1lcyv7
         5mF248jC9o5fMPg70+4KAlL3PidhjGUwaTZ1X/PQbj59fLIKL1CTWNRxgegEOnRj+k8E
         YRzA==
X-Forwarded-Encrypted: i=1;
 AJvYcCU6xWz+su/Z0ZiQspT17dqL9BAkhXYIrLJVu3t9aDJHBjBqbrD0sAlF6fv9kiXjf0lK+vC4ky9iWDAuQvw=@vger.kernel.org
X-Gm-Message-State: AOJu0Yxp9x2fEajrNDNh0n1qNlhq2xf3TncS91HXr/jTzABdbXzJFcNR
	83JL8oNEVl/J1VnmdvaTVoLkFB+x6Zox17gCZe7hb/tomxqouJFygf5QooPy3TyYzlg0YUmXaJn
	svxbVPg==
X-Google-Smtp-Source: 
 AGHT+IFia0HrIGKRFAOQayknYEgvlxifUBSRoYzh/E4Z5DYAi7waoDf+mrtMSWocIZN2sN92+TeC14KpajU=
X-Received: from pfbgq46.prod.google.com
 ([2002:a05:6a00:3bee:b0:747:af58:72ca])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6a00:124c:b0:742:da7c:3f30
 with SMTP id d2e1a72fcca58-7486ce2a03fmr1763834b3a.19.1749596286001; Tue, 10
 Jun 2025 15:58:06 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:20 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-16-seanjc@google.com>
Subject: [PATCH v2 15/32] KVM: SVM: Pass through GHCB MSR if and only if VM is
 an SEV-ES guest
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Disable interception of the GHCB MSR if and only if the VM is an SEV-ES
guest.  While the exact behavior is completely undocumented in the APM,
common sense and testing on SEV-ES capable CPUs says that accesses to the
GHCB from non-SEV-ES guests will #GP.  I.e. from the guest's perspective,
no functional change intended.

Fixes: 376c6d285017 ("KVM: SVM: Provide support for SEV-ES vCPU creation/lo=
ading")
Signed-off-by: Sean Christopherson <seanjc@google.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
---
 arch/x86/kvm/svm/sev.c | 3 ++-
 arch/x86/kvm/svm/svm.c | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 74dab69fb69e..a020aa755a7e 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -4448,7 +4448,8 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm)
 	/* Can't intercept XSETBV, HV can't modify XCR0 directly */
 	svm_clr_intercept(svm, INTERCEPT_XSETBV);
=20
-	/* Clear intercepts on selected MSRs */
+	/* Clear intercepts on MSRs that are context switched by hardware. */
+	svm_disable_intercept_for_msr(vcpu, MSR_AMD64_SEV_ES_GHCB, MSR_TYPE_RW);
 	svm_disable_intercept_for_msr(vcpu, MSR_EFER, MSR_TYPE_RW);
 	svm_disable_intercept_for_msr(vcpu, MSR_IA32_CR_PAT, MSR_TYPE_RW);
 }
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 93d66109f495..7747f9bc3e9d 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -110,7 +110,7 @@ static const struct svm_direct_access_msrs {
 	{ .index =3D MSR_IA32_XSS,			.always =3D false },
 	{ .index =3D MSR_EFER,				.always =3D false },
 	{ .index =3D MSR_IA32_CR_PAT,			.always =3D false },
-	{ .index =3D MSR_AMD64_SEV_ES_GHCB,		.always =3D true  },
+	{ .index =3D MSR_AMD64_SEV_ES_GHCB,		.always =3D false },
 	{ .index =3D MSR_TSC_AUX,				.always =3D false },
 	{ .index =3D X2APIC_MSR(APIC_ID),			.always =3D false },
 	{ .index =3D X2APIC_MSR(APIC_LVR),		.always =3D false },
--=20
2.50.0.rc0.642.g800a2b2222-goog
From nobody Sat Oct 11 08:30:54 2025
Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com
 [209.85.210.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9DA5528C86E
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:58:08 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.210.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596290; cv=none;
 b=BRd8gVEatSqWkwefcbszrC5ox5Dqqm6G1A60PaZuUIoscaMPg53R45vNcaI6B33GbRVNW5XEs9vs3LWxtXkkOWJ6hQud3m88WXOQ+/yDM9iE2OBC/AZEtk66gshq+zUUQjCYbvWW+WVdoYUFxgrPKWX0r8HLoXi4v9qJJjHjx+o=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596290; c=relaxed/simple;
	bh=wYLpwmDtesBuFCExIUc711ksu3V78L4qfQX7Br6OoLU=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=I7fTXY75Q+gg3VkeIP4U3v5g9klLtotlZTooHx0j9AaDOav8IVhsJ3aepnXF2UVtVTa7rkFPNa7K7k9d8uHtK4QXXYCj4eg8ulvScj1AUULdyTRYYCvl2aduhyh7PTkH9uzECYyZT7Sjg08qtDZYiudh423nztk1hdCdTbO0JJU=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=O1YpCqGJ; arc=none smtp.client-ip=209.85.210.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="O1YpCqGJ"
Received: by mail-pf1-f201.google.com with SMTP id
 d2e1a72fcca58-742b6705a52so8883109b3a.1
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:58:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596288; x=1750201088;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=RDL4hQFiK+ASur5aaDJFnTccNINaia2n1YWKrBZy1is=;
        b=O1YpCqGJZF8U2kMl7qN3o8NCxfw2P7SK11mPObWiJu9Ydileuuutr7RoBoNZxMYqsV
         SnnDxjhJRuqucoaZnmJ6xZhl8rEhhK4ZKBAdy1FA9HxW+IuO+X7xHPsDW85hHMC9Ei+A
         KqXh0KBd+FAwY7TYKKLwniMQ0akCR0ZindIFGXCSDneU7dO1kMNb2F0lQJsdfbJfNrX7
         uxyTCAGNfBIdGBYBcZ0XxFIdZFbeyUnsQfTjDiJdbdU8qNe3BFMseQkJarcWqBHrksHW
         9KILVPhqV3XvZp12Y2s8N02k3kIWJ8hqywakAWzvSAGl9xD5qMKhXXOWqTJDImiQHk9m
         edpg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596288; x=1750201088;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=RDL4hQFiK+ASur5aaDJFnTccNINaia2n1YWKrBZy1is=;
        b=FPPIhjHkSb4RosmmrBKf5D0N2BW9rO46ilUvAeZ/D26tOh6JjxlkXm/Q3Pa+0x3mlJ
         //T2ZePzlCZs78SvWEOYupaTbj5zdqMuhuqc8DBJ5ePzJQBC41+qFMItx8xgVmDjAQMC
         EWKxsHsHVcorMh/U5+RLQive9bGd9Cm7HIdwTMUDy6so5mQumRa90qhrdCZ2IkJs/0k1
         aZj9m71JnqoHVI7mhMAcqrnk+JgMb/PjMVyT9XZK2GRATQebMyakWxUy9RU1Yc1Ozirb
         lL/nhcxDKVmuQF6dDo0wtDe7s2zuF94NZ7nJu0z10PCPKhSR0z47FTMt7L5ifmI+G3j6
         HcWw==
X-Forwarded-Encrypted: i=1;
 AJvYcCUjR4rWmEuUnHfN3jJynOnQDx5WuLd4U5CpTPfnxnDD0ytYxb1KKDTwCb33TdyKqkvlY5DRWWY579BK9Tw=@vger.kernel.org
X-Gm-Message-State: AOJu0YxZAG+glUy1UcwA8f8Z0BKTTXZXo2yjYljf1lL94bkUnipT1GR7
	AEPTJ1v5YmHrsCZg6K74nIFDS7FY3K5RCPhaRDqK1BNe3NkL98c7Ecc4kIT34ebQ/yDk1Ikmzzt
	DT8x+2g==
X-Google-Smtp-Source: 
 AGHT+IHZ/g6IkvQh+wtJNRTX/Z8bV3lPAyMKeTBSbjFw/87pPVIOdLl4wFCVuUsULL6TbhyNjR2oIf8cVRQ=
X-Received: from pfsq11.prod.google.com ([2002:a05:6a00:2ab:b0:73b:bbec:17e9])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6a20:244b:b0:1f5:9175:2596
 with SMTP id adf61e73a8af0-21f88feb7camr766854637.13.1749596287890; Tue, 10
 Jun 2025 15:58:07 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:21 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-17-seanjc@google.com>
Subject: [PATCH v2 16/32] KVM: SVM: Drop "always" flag from list of possible
 passthrough MSRs
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Drop the "always" flag from the array of possible passthrough MSRs, and
instead manually initialize the permissions for the handful of MSRs that
KVM passes through by default.  In addition to cutting down on boilerplate
copy+paste code and eliminating a misleading flag (the MSRs aren't always
passed through, e.g. thanks to MSR filters), this will allow for removing
the direct_access_msrs array entirely.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
---
 arch/x86/kvm/svm/svm.c | 124 ++++++++++++++++++++---------------------
 1 file changed, 62 insertions(+), 62 deletions(-)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 7747f9bc3e9d..4ee92e444dde 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -83,51 +83,48 @@ static DEFINE_PER_CPU(u64, current_tsc_ratio);
=20
 #define X2APIC_MSR(x)	(APIC_BASE_MSR + (x >> 4))
=20
-static const struct svm_direct_access_msrs {
-	u32 index;   /* Index of the MSR */
-	bool always; /* True if intercept is initially cleared */
-} direct_access_msrs[] =3D {
-	{ .index =3D MSR_STAR,				.always =3D true  },
-	{ .index =3D MSR_IA32_SYSENTER_CS,		.always =3D true  },
-	{ .index =3D MSR_IA32_SYSENTER_EIP,		.always =3D false },
-	{ .index =3D MSR_IA32_SYSENTER_ESP,		.always =3D false },
+static const u32 direct_access_msrs[] =3D {
+	MSR_STAR,
+	MSR_IA32_SYSENTER_CS,
+	MSR_IA32_SYSENTER_EIP,
+	MSR_IA32_SYSENTER_ESP,
 #ifdef CONFIG_X86_64
-	{ .index =3D MSR_GS_BASE,				.always =3D true  },
-	{ .index =3D MSR_FS_BASE,				.always =3D true  },
-	{ .index =3D MSR_KERNEL_GS_BASE,			.always =3D true  },
-	{ .index =3D MSR_LSTAR,				.always =3D true  },
-	{ .index =3D MSR_CSTAR,				.always =3D true  },
-	{ .index =3D MSR_SYSCALL_MASK,			.always =3D true  },
+	MSR_GS_BASE,
+	MSR_FS_BASE,
+	MSR_KERNEL_GS_BASE,
+	MSR_LSTAR,
+	MSR_CSTAR,
+	MSR_SYSCALL_MASK,
 #endif
-	{ .index =3D MSR_IA32_SPEC_CTRL,			.always =3D false },
-	{ .index =3D MSR_IA32_PRED_CMD,			.always =3D false },
-	{ .index =3D MSR_IA32_FLUSH_CMD,			.always =3D false },
-	{ .index =3D MSR_IA32_DEBUGCTLMSR,		.always =3D false },
-	{ .index =3D MSR_IA32_LASTBRANCHFROMIP,		.always =3D false },
-	{ .index =3D MSR_IA32_LASTBRANCHTOIP,		.always =3D false },
-	{ .index =3D MSR_IA32_LASTINTFROMIP,		.always =3D false },
-	{ .index =3D MSR_IA32_LASTINTTOIP,		.always =3D false },
-	{ .index =3D MSR_IA32_XSS,			.always =3D false },
-	{ .index =3D MSR_EFER,				.always =3D false },
-	{ .index =3D MSR_IA32_CR_PAT,			.always =3D false },
-	{ .index =3D MSR_AMD64_SEV_ES_GHCB,		.always =3D false },
-	{ .index =3D MSR_TSC_AUX,				.always =3D false },
-	{ .index =3D X2APIC_MSR(APIC_ID),			.always =3D false },
-	{ .index =3D X2APIC_MSR(APIC_LVR),		.always =3D false },
-	{ .index =3D X2APIC_MSR(APIC_TASKPRI),		.always =3D false },
-	{ .index =3D X2APIC_MSR(APIC_ARBPRI),		.always =3D false },
-	{ .index =3D X2APIC_MSR(APIC_PROCPRI),		.always =3D false },
-	{ .index =3D X2APIC_MSR(APIC_EOI),		.always =3D false },
-	{ .index =3D X2APIC_MSR(APIC_RRR),		.always =3D false },
-	{ .index =3D X2APIC_MSR(APIC_LDR),		.always =3D false },
-	{ .index =3D X2APIC_MSR(APIC_DFR),		.always =3D false },
-	{ .index =3D X2APIC_MSR(APIC_SPIV),		.always =3D false },
-	{ .index =3D X2APIC_MSR(APIC_ISR),		.always =3D false },
-	{ .index =3D X2APIC_MSR(APIC_TMR),		.always =3D false },
-	{ .index =3D X2APIC_MSR(APIC_IRR),		.always =3D false },
-	{ .index =3D X2APIC_MSR(APIC_ESR),		.always =3D false },
-	{ .index =3D X2APIC_MSR(APIC_ICR),		.always =3D false },
-	{ .index =3D X2APIC_MSR(APIC_ICR2),		.always =3D false },
+	MSR_IA32_SPEC_CTRL,
+	MSR_IA32_PRED_CMD,
+	MSR_IA32_FLUSH_CMD,
+	MSR_IA32_DEBUGCTLMSR,
+	MSR_IA32_LASTBRANCHFROMIP,
+	MSR_IA32_LASTBRANCHTOIP,
+	MSR_IA32_LASTINTFROMIP,
+	MSR_IA32_LASTINTTOIP,
+	MSR_IA32_XSS,
+	MSR_EFER,
+	MSR_IA32_CR_PAT,
+	MSR_AMD64_SEV_ES_GHCB,
+	MSR_TSC_AUX,
+	X2APIC_MSR(APIC_ID),
+	X2APIC_MSR(APIC_LVR),
+	X2APIC_MSR(APIC_TASKPRI),
+	X2APIC_MSR(APIC_ARBPRI),
+	X2APIC_MSR(APIC_PROCPRI),
+	X2APIC_MSR(APIC_EOI),
+	X2APIC_MSR(APIC_RRR),
+	X2APIC_MSR(APIC_LDR),
+	X2APIC_MSR(APIC_DFR),
+	X2APIC_MSR(APIC_SPIV),
+	X2APIC_MSR(APIC_ISR),
+	X2APIC_MSR(APIC_TMR),
+	X2APIC_MSR(APIC_IRR),
+	X2APIC_MSR(APIC_ESR),
+	X2APIC_MSR(APIC_ICR),
+	X2APIC_MSR(APIC_ICR2),
=20
 	/*
 	 * Note:
@@ -136,14 +133,14 @@ static const struct svm_direct_access_msrs {
 	 * the AVIC hardware would generate GP fault. Therefore, always
 	 * intercept the MSR 0x832, and do not setup direct_access_msr.
 	 */
-	{ .index =3D X2APIC_MSR(APIC_LVTTHMR),		.always =3D false },
-	{ .index =3D X2APIC_MSR(APIC_LVTPC),		.always =3D false },
-	{ .index =3D X2APIC_MSR(APIC_LVT0),		.always =3D false },
-	{ .index =3D X2APIC_MSR(APIC_LVT1),		.always =3D false },
-	{ .index =3D X2APIC_MSR(APIC_LVTERR),		.always =3D false },
-	{ .index =3D X2APIC_MSR(APIC_TMICT),		.always =3D false },
-	{ .index =3D X2APIC_MSR(APIC_TMCCT),		.always =3D false },
-	{ .index =3D X2APIC_MSR(APIC_TDCR),		.always =3D false },
+	X2APIC_MSR(APIC_LVTTHMR),
+	X2APIC_MSR(APIC_LVTPC),
+	X2APIC_MSR(APIC_LVT0),
+	X2APIC_MSR(APIC_LVT1),
+	X2APIC_MSR(APIC_LVTERR),
+	X2APIC_MSR(APIC_TMICT),
+	X2APIC_MSR(APIC_TMCCT),
+	X2APIC_MSR(APIC_TDCR),
 };
=20
 static_assert(ARRAY_SIZE(direct_access_msrs) =3D=3D
@@ -767,7 +764,7 @@ static int direct_access_msr_slot(u32 msr)
 	u32 i;
=20
 	for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) {
-		if (direct_access_msrs[i].index =3D=3D msr)
+		if (direct_access_msrs[i] =3D=3D msr)
 			return i;
 	}
=20
@@ -931,14 +928,17 @@ u32 *svm_vcpu_alloc_msrpm(void)
=20
 static void svm_vcpu_init_msrpm(struct kvm_vcpu *vcpu)
 {
-	int i;
+	svm_disable_intercept_for_msr(vcpu, MSR_STAR, MSR_TYPE_RW);
+	svm_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_CS, MSR_TYPE_RW);
=20
-	for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) {
-		if (!direct_access_msrs[i].always)
-			continue;
-		svm_disable_intercept_for_msr(vcpu, direct_access_msrs[i].index,
-					      MSR_TYPE_RW);
-	}
+#ifdef CONFIG_X86_64
+	svm_disable_intercept_for_msr(vcpu, MSR_GS_BASE, MSR_TYPE_RW);
+	svm_disable_intercept_for_msr(vcpu, MSR_FS_BASE, MSR_TYPE_RW);
+	svm_disable_intercept_for_msr(vcpu, MSR_KERNEL_GS_BASE, MSR_TYPE_RW);
+	svm_disable_intercept_for_msr(vcpu, MSR_LSTAR, MSR_TYPE_RW);
+	svm_disable_intercept_for_msr(vcpu, MSR_CSTAR, MSR_TYPE_RW);
+	svm_disable_intercept_for_msr(vcpu, MSR_SYSCALL_MASK, MSR_TYPE_RW);
+#endif
 }
=20
 void svm_set_x2apic_msr_interception(struct vcpu_svm *svm, bool intercept)
@@ -952,7 +952,7 @@ void svm_set_x2apic_msr_interception(struct vcpu_svm *s=
vm, bool intercept)
 		return;
=20
 	for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) {
-		int index =3D direct_access_msrs[i].index;
+		int index =3D direct_access_msrs[i];
=20
 		if ((index < APIC_BASE_MSR) ||
 		    (index > APIC_BASE_MSR + 0xff))
@@ -980,7 +980,7 @@ static void svm_msr_filter_changed(struct kvm_vcpu *vcp=
u)
 	 * back in sync after this.
 	 */
 	for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) {
-		u32 msr =3D direct_access_msrs[i].index;
+		u32 msr =3D direct_access_msrs[i];
 		u32 read =3D test_bit(i, svm->shadow_msr_intercept.read);
 		u32 write =3D test_bit(i, svm->shadow_msr_intercept.write);
=20
@@ -1020,7 +1020,7 @@ static __init int init_msrpm_offsets(void)
 	for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) {
 		u32 offset;
=20
-		offset =3D svm_msrpm_offset(direct_access_msrs[i].index);
+		offset =3D svm_msrpm_offset(direct_access_msrs[i]);
 		if (WARN_ON(offset =3D=3D MSR_INVALID))
 			return -EIO;
=20
--=20
2.50.0.rc0.642.g800a2b2222-goog
From nobody Sat Oct 11 08:30:54 2025
Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com
 [209.85.216.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id CD6262989B1
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:58:09 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596291; cv=none;
 b=j3uEpAa6sNXS33su9FvC6OMugeSX+z5RXOIqiZzYQ3JZnCxP95BczhNHd2xRsQuMrHskDNEv9rl1gi5tvIX1+S/bobRtMRxTUsW0ft+TYRhlT1EeZo8SbLjBbjBKofiqE33ndQtUHK7VFmU8gXy2HoIMvaH5SpnV05Gf2UuUFe0=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596291; c=relaxed/simple;
	bh=R4cTawn6FPBvedLrqxVNysJ0af/k1o1HGGxQjl1UZQ0=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=HksFnCITOIKyyVLPg+1WYQQ2VrwHaeZULlk8xkiRYxAtnCZEnOYHKpC3cBRmqv60Z8EN4tAgSabeZq1Pk2NjejN4epib+2UgI1Df5fJ4apTS0I2OKIxLRJPUkjFyAc8ldZ7lC8ZbdXayq52LqbKLwHC6FlzK9dEcIv3KQJTmsHY=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=MMUVUEn/; arc=none smtp.client-ip=209.85.216.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="MMUVUEn/"
Received: by mail-pj1-f73.google.com with SMTP id
 98e67ed59e1d1-31171a736b2so9993235a91.1
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:58:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596289; x=1750201089;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=cYslCc1aEse5AOWlTO9NEcAl50WRTRVtzpSVWqQhl98=;
        b=MMUVUEn/TI4tfUlLXvBbvTyjZJvRZABrdnO7XCt2KoQK8vzfZnZ5RbadUnhhALGfry
         T3lNyYQkCtHkOR/zC5uu8G7l1breg2JC8+PCF3iXIYJn0z3GsVJk9/XIpeh+G8gl8ygi
         +K4uum1JAjxoWHQh9Lehys+snWenChgcuF98n9dT7Cl8+xvbrA6ud1x5FQwyw2B3MRKJ
         WZUD2/RRK1HWmStvcJdIaLbPjYd11rOY5rs8wkJ2jaS+cJ94tMuHJJyC1e9tUoyH/jFM
         Im5+Nw7hgiibpU9FDJ/cl1d/KE0liwhfqfysDXnp2oVXvBn22pEG76SHEX3hZNLKGcRc
         Mnxg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596289; x=1750201089;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=cYslCc1aEse5AOWlTO9NEcAl50WRTRVtzpSVWqQhl98=;
        b=DyAd2OjVA3qJNpn2F1vr5x8z3dIo/4vVUV0mESfQ+YwHwT1vN8bGPqKyh1Mq8tMQpB
         pKTfGtovPEFUk84Doijh+uyLv5r8ab1N9Rn8r3IQcZGSyrzfk0j7sokL8UHrUz1zzbOL
         AWYuTROrJFgdnx40KTeBhcKSbqxNjabNSZV8L7uNgZJsnN0qIVVWdsb52JxaihPjRifg
         U9Ng52cN7Hw3bfJFvSLlIPHdh6Btpyzp3je7aSGkUuqtwuhCBdCirV/Aa2ZtiUuA+55S
         RdStXLrTvIjnCJ3dTfqudqnYyoZoyPItP9Mrp4MAoDybzIhNWLYrbkSMiX59Kc4M/me9
         o+3Q==
X-Forwarded-Encrypted: i=1;
 AJvYcCVwVUnX1xrY0kPA+7MJMXK03n+63/4fJRbcCa66kVZyCneg0XpUOmbCqZqgTF/tBg7bRqolq6pTBujkS1I=@vger.kernel.org
X-Gm-Message-State: AOJu0YzXyBn0QBGsLfuKdKXdzwE0+i1vYzq8hu680hpC2JYbHfvA0s0x
	RdjAjIDd1lO3K8GuxtawgDoFecV5OKR2bxyI7fqX6p1vwlS6x/aWoS55os6YZC5dTg7litbsGux
	BtbSpUg==
X-Google-Smtp-Source: 
 AGHT+IFMCxHrCFjA3fTBqnet51XeAQL96yY3myWBi4ZzqvgxQeZxtwfutpeMyQ4+ahm0ojHbTWI8frORyHw=
X-Received: from pjee8.prod.google.com ([2002:a17:90b:5788:b0:313:285a:5547])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:90b:584d:b0:311:c939:c859
 with SMTP id 98e67ed59e1d1-313af28d147mr1646696a91.30.1749596289376; Tue, 10
 Jun 2025 15:58:09 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:22 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-18-seanjc@google.com>
Subject: [PATCH v2 17/32] KVM: x86: Move definition of X2APIC_MSR() to lapic.h
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Dedup the definition of X2APIC_MSR and put it in the local APIC code
where it belongs.

No functional change intended.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Dapeng Mi <dapeng1.mi@linux.intel.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
---
 arch/x86/kvm/lapic.h   | 2 ++
 arch/x86/kvm/svm/svm.c | 2 --
 arch/x86/kvm/vmx/vmx.h | 2 --
 3 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h
index 4ce30db65828..4518b4e0552f 100644
--- a/arch/x86/kvm/lapic.h
+++ b/arch/x86/kvm/lapic.h
@@ -21,6 +21,8 @@
 #define APIC_BROADCAST			0xFF
 #define X2APIC_BROADCAST		0xFFFFFFFFul
=20
+#define X2APIC_MSR(r) (APIC_BASE_MSR + ((r) >> 4))
+
 enum lapic_mode {
 	LAPIC_MODE_DISABLED =3D 0,
 	LAPIC_MODE_INVALID =3D X2APIC_ENABLE,
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 4ee92e444dde..900a1303e0e7 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -81,8 +81,6 @@ static uint64_t osvw_len =3D 4, osvw_status;
=20
 static DEFINE_PER_CPU(u64, current_tsc_ratio);
=20
-#define X2APIC_MSR(x)	(APIC_BASE_MSR + (x >> 4))
-
 static const u32 direct_access_msrs[] =3D {
 	MSR_STAR,
 	MSR_IA32_SYSENTER_CS,
diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
index b5758c33c60f..0afe97e3478f 100644
--- a/arch/x86/kvm/vmx/vmx.h
+++ b/arch/x86/kvm/vmx/vmx.h
@@ -19,8 +19,6 @@
 #include "../mmu.h"
 #include "common.h"
=20
-#define X2APIC_MSR(r) (APIC_BASE_MSR + ((r) >> 4))
-
 #ifdef CONFIG_X86_64
 #define MAX_NR_USER_RETURN_MSRS	7
 #else
--=20
2.50.0.rc0.642.g800a2b2222-goog
From nobody Sat Oct 11 08:30:54 2025
Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com
 [209.85.214.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id C1DFD2DCBF6
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:58:11 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.214.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596293; cv=none;
 b=pXbRoWRX6OjLtwDKKimAExJ9CWfRmocntwdPW27doAaHGd8MWKQaXuOjBRwoaXCi1dES6eNL1boiDBRywFcxI4HoGaAjCZtOAN+/Ys1BCliGWjsUbyGB0KuvSrB2jT6arews6T7miuRu6fQMCI78mS2QqB+eiznwPzMIxEqcSxU=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596293; c=relaxed/simple;
	bh=ssD/VvfXryYkxfcwJ77I5aGWq07gsB3l/k7qm/ZKWsk=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=oFEgt50tbanT6zbJH8P8pOgK+KqLPy2sQSiPfGftw5evIKlx7U2cbnZEZkVB8kAJVURFgJlsF2C2xExiyAjVgxIY4iOXEFJ59HngGnuJIAx5CYm5r/rFxD47VP2JscXzAUIJnlqDQ8XzsLiaQwKNA49ycpv0CnmC1duAQf/PchI=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=x+G0AuBX; arc=none smtp.client-ip=209.85.214.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="x+G0AuBX"
Received: by mail-pl1-f202.google.com with SMTP id
 d9443c01a7336-2363bb41664so2017845ad.0
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:58:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596291; x=1750201091;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=3phPzAY9xoCLeO4kRFPS879rtp9iLcDc4NMcy31JRNs=;
        b=x+G0AuBXVSOhTiF39u1Xy/PR/AViXGsSk80OuTjfiY4HbR3nZ0xKNgUONITvKCJKUc
         AOSsVejjtTOXvvRkCBOZYhIVemfd020wN8G3PPRXVd0Q2MQkjTfd1sOHzk0o5osfAq47
         /Khh6Bebw/fT9+EWhFKu3gZg4oHwx+eOLSR5wiD3UgaKnlFUUni+9xZrwHA46Vtw87sN
         tGqXXTFc235TbdErWq6tYYSlHTI8vrBm9tS0x7HacQN6Ea9PSJacdUNfWCQ1YN7cDhMr
         kHyIOGBWGyLi0cfkzS/DwxVyzyh7txnqAEDKVHmxs3cCo98IG++rOclBrY0lF8HU/q2B
         JVlw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596291; x=1750201091;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=3phPzAY9xoCLeO4kRFPS879rtp9iLcDc4NMcy31JRNs=;
        b=Q3IrfVUbuCXswfyjMaNST71FTVjDiqPfOiXptu493llmqaeSb+53JU/WOXkdtl7wOW
         oX8FPsw3JPOCH+WqpJa3jPqbhNY0C7KiVgo0QgGzpQxN1J0ZDzfyA6QZjDGsnHHGFp18
         BldxHMZ0Ph/EPC3JHTS/hy/xnOuDfFLH2KBVADt8DSuH4+0YKV+W3C3QlfnO7zuTQsEp
         5dpHUFuKU1rVgwEl38uN756fW5TXgrb4jieb+aqdfFFN6yRmXASMUlzY5R3Gzf5f87MM
         QrkeG6m1N8zz/XgVJdXNy19uS90n3zAyIjnQZycqkMtqwf6XaKnPI4cFjM46ow60q4Bs
         4oaQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCWQGJBmsUiArsEMd9Vf0P3G2NYtO0dKSXpuBGNFDxv30fEOhRSbHBrxwCVoxh5ilhq/OOY1/mihQ7Oa2ss=@vger.kernel.org
X-Gm-Message-State: AOJu0YzP4YbuiqPdpqMrih2031ehDY33wleaPqGBWew1NmcCkJGRzW//
	F5b64jTStMd3lyf/2oV4tF0RnZzcowJirRoP1g/wiBuIuLLZc3YDJuvdwSVnTjVg7JjJuTK3aop
	VJzUwMw==
X-Google-Smtp-Source: 
 AGHT+IHsMWUutCGs/CxdBC/rqI1zjY9VjV++pNfWQTMJsf0LnXWNkeYetcRJ+4VBOeQQ4jnvzM8ik7+1+yo=
X-Received: from plhl11.prod.google.com ([2002:a17:903:120b:b0:231:de34:f9f6])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:903:288:b0:215:b1e3:c051
 with SMTP id d9443c01a7336-236416d6006mr13754145ad.11.1749596290920; Tue, 10
 Jun 2025 15:58:10 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:23 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-19-seanjc@google.com>
Subject: [PATCH v2 18/32] KVM: VMX: Manually recalc all MSR intercepts on
 userspace MSR filter change
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

On a userspace MSR filter change, recalculate all MSR intercepts using the
filter-agnostic logic instead of maintaining a "shadow copy" of KVM's
desired intercepts.  The shadow bitmaps add yet another point of failure,
are confusing (e.g. what does "handled specially" mean!?!?), an eyesore,
and a maintenance burden.

Given that KVM *must* be able to recalculate the correct intercepts at any
given time, and that MSR filter updates are not hot paths, there is zero
benefit to maintaining the shadow bitmaps.

Opportunistically switch from boot_cpu_has() to cpu_feature_enabled() as
appropriate.

Link: https://lore.kernel.org/all/aCdPbZiYmtni4Bjs@google.com
Link: https://lore.kernel.org/all/20241126180253.GAZ0YNTdXH1UGeqsu6@fat_cra=
te.local
Cc: Borislav Petkov <bp@alien8.de>
Reviewed-by: Chao Gao <chao.gao@intel.com>
Reviewed-by: Xin Li (Intel) <xin@zytor.com>
Reviewed-by: Dapeng Mi <dapeng1.mi@linux.intel.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Binbin Wu <binbin.wu@linux.intel.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
---
 arch/x86/kvm/vmx/vmx.c | 183 +++++++++++------------------------------
 arch/x86/kvm/vmx/vmx.h |   7 --
 2 files changed, 46 insertions(+), 144 deletions(-)

diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 8f7fe04a1998..ce7a1c07e402 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -166,31 +166,6 @@ module_param(allow_smaller_maxphyaddr, bool, S_IRUGO);
 	RTIT_STATUS_ERROR | RTIT_STATUS_STOPPED | \
 	RTIT_STATUS_BYTECNT))
=20
-/*
- * List of MSRs that can be directly passed to the guest.
- * In addition to these x2apic, PT and LBR MSRs are handled specially.
- */
-static u32 vmx_possible_passthrough_msrs[MAX_POSSIBLE_PASSTHROUGH_MSRS] =
=3D {
-	MSR_IA32_SPEC_CTRL,
-	MSR_IA32_PRED_CMD,
-	MSR_IA32_FLUSH_CMD,
-	MSR_IA32_TSC,
-#ifdef CONFIG_X86_64
-	MSR_FS_BASE,
-	MSR_GS_BASE,
-	MSR_KERNEL_GS_BASE,
-	MSR_IA32_XFD,
-	MSR_IA32_XFD_ERR,
-#endif
-	MSR_IA32_SYSENTER_CS,
-	MSR_IA32_SYSENTER_ESP,
-	MSR_IA32_SYSENTER_EIP,
-	MSR_CORE_C1_RES,
-	MSR_CORE_C3_RESIDENCY,
-	MSR_CORE_C6_RESIDENCY,
-	MSR_CORE_C7_RESIDENCY,
-};
-
 /*
  * These 2 parameters are used to config the controls for Pause-Loop Exiti=
ng:
  * ple_gap:    upper bound on the amount of time between two successive
@@ -672,40 +647,6 @@ static inline bool cpu_need_virtualize_apic_accesses(s=
truct kvm_vcpu *vcpu)
 	return flexpriority_enabled && lapic_in_kernel(vcpu);
 }
=20
-static int vmx_get_passthrough_msr_slot(u32 msr)
-{
-	int i;
-
-	switch (msr) {
-	case 0x800 ... 0x8ff:
-		/* x2APIC MSRs. These are handled in vmx_update_msr_bitmap_x2apic() */
-		return -ENOENT;
-	case MSR_IA32_RTIT_STATUS:
-	case MSR_IA32_RTIT_OUTPUT_BASE:
-	case MSR_IA32_RTIT_OUTPUT_MASK:
-	case MSR_IA32_RTIT_CR3_MATCH:
-	case MSR_IA32_RTIT_ADDR0_A ... MSR_IA32_RTIT_ADDR3_B:
-		/* PT MSRs. These are handled in pt_update_intercept_for_msr() */
-	case MSR_LBR_SELECT:
-	case MSR_LBR_TOS:
-	case MSR_LBR_INFO_0 ... MSR_LBR_INFO_0 + 31:
-	case MSR_LBR_NHM_FROM ... MSR_LBR_NHM_FROM + 31:
-	case MSR_LBR_NHM_TO ... MSR_LBR_NHM_TO + 31:
-	case MSR_LBR_CORE_FROM ... MSR_LBR_CORE_FROM + 8:
-	case MSR_LBR_CORE_TO ... MSR_LBR_CORE_TO + 8:
-		/* LBR MSRs. These are handled in vmx_update_intercept_for_lbr_msrs() */
-		return -ENOENT;
-	}
-
-	for (i =3D 0; i < ARRAY_SIZE(vmx_possible_passthrough_msrs); i++) {
-		if (vmx_possible_passthrough_msrs[i] =3D=3D msr)
-			return i;
-	}
-
-	WARN(1, "Invalid MSR %x, please adapt vmx_possible_passthrough_msrs[]", m=
sr);
-	return -ENOENT;
-}
-
 struct vmx_uret_msr *vmx_find_uret_msr(struct vcpu_vmx *vmx, u32 msr)
 {
 	int i;
@@ -4015,25 +3956,12 @@ void vmx_disable_intercept_for_msr(struct kvm_vcpu =
*vcpu, u32 msr, int type)
 {
 	struct vcpu_vmx *vmx =3D to_vmx(vcpu);
 	unsigned long *msr_bitmap =3D vmx->vmcs01.msr_bitmap;
-	int idx;
=20
 	if (!cpu_has_vmx_msr_bitmap())
 		return;
=20
 	vmx_msr_bitmap_l01_changed(vmx);
=20
-	/*
-	 * Mark the desired intercept state in shadow bitmap, this is needed
-	 * for resync when the MSR filters change.
-	 */
-	idx =3D vmx_get_passthrough_msr_slot(msr);
-	if (idx >=3D 0) {
-		if (type & MSR_TYPE_R)
-			__clear_bit(idx, vmx->shadow_msr_intercept.read);
-		if (type & MSR_TYPE_W)
-			__clear_bit(idx, vmx->shadow_msr_intercept.write);
-	}
-
 	if ((type & MSR_TYPE_R) &&
 	    !kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_READ)) {
 		vmx_set_msr_bitmap_read(msr_bitmap, msr);
@@ -4057,25 +3985,12 @@ void vmx_enable_intercept_for_msr(struct kvm_vcpu *=
vcpu, u32 msr, int type)
 {
 	struct vcpu_vmx *vmx =3D to_vmx(vcpu);
 	unsigned long *msr_bitmap =3D vmx->vmcs01.msr_bitmap;
-	int idx;
=20
 	if (!cpu_has_vmx_msr_bitmap())
 		return;
=20
 	vmx_msr_bitmap_l01_changed(vmx);
=20
-	/*
-	 * Mark the desired intercept state in shadow bitmap, this is needed
-	 * for resync when the MSR filter changes.
-	 */
-	idx =3D vmx_get_passthrough_msr_slot(msr);
-	if (idx >=3D 0) {
-		if (type & MSR_TYPE_R)
-			__set_bit(idx, vmx->shadow_msr_intercept.read);
-		if (type & MSR_TYPE_W)
-			__set_bit(idx, vmx->shadow_msr_intercept.write);
-	}
-
 	if (type & MSR_TYPE_R)
 		vmx_set_msr_bitmap_read(msr_bitmap, msr);
=20
@@ -4159,35 +4074,58 @@ void pt_update_intercept_for_msr(struct kvm_vcpu *v=
cpu)
 	}
 }
=20
-void vmx_msr_filter_changed(struct kvm_vcpu *vcpu)
+static void vmx_recalc_msr_intercepts(struct kvm_vcpu *vcpu)
 {
-	struct vcpu_vmx *vmx =3D to_vmx(vcpu);
-	u32 i;
-
 	if (!cpu_has_vmx_msr_bitmap())
 		return;
=20
-	/*
-	 * Redo intercept permissions for MSRs that KVM is passing through to
-	 * the guest.  Disabling interception will check the new MSR filter and
-	 * ensure that KVM enables interception if usersepace wants to filter
-	 * the MSR.  MSRs that KVM is already intercepting don't need to be
-	 * refreshed since KVM is going to intercept them regardless of what
-	 * userspace wants.
-	 */
-	for (i =3D 0; i < ARRAY_SIZE(vmx_possible_passthrough_msrs); i++) {
-		u32 msr =3D vmx_possible_passthrough_msrs[i];
-
-		if (!test_bit(i, vmx->shadow_msr_intercept.read))
-			vmx_disable_intercept_for_msr(vcpu, msr, MSR_TYPE_R);
-
-		if (!test_bit(i, vmx->shadow_msr_intercept.write))
-			vmx_disable_intercept_for_msr(vcpu, msr, MSR_TYPE_W);
+	vmx_disable_intercept_for_msr(vcpu, MSR_IA32_TSC, MSR_TYPE_R);
+#ifdef CONFIG_X86_64
+	vmx_disable_intercept_for_msr(vcpu, MSR_FS_BASE, MSR_TYPE_RW);
+	vmx_disable_intercept_for_msr(vcpu, MSR_GS_BASE, MSR_TYPE_RW);
+	vmx_disable_intercept_for_msr(vcpu, MSR_KERNEL_GS_BASE, MSR_TYPE_RW);
+#endif
+	vmx_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_CS, MSR_TYPE_RW);
+	vmx_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_ESP, MSR_TYPE_RW);
+	vmx_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_EIP, MSR_TYPE_RW);
+	if (kvm_cstate_in_guest(vcpu->kvm)) {
+		vmx_disable_intercept_for_msr(vcpu, MSR_CORE_C1_RES, MSR_TYPE_R);
+		vmx_disable_intercept_for_msr(vcpu, MSR_CORE_C3_RESIDENCY, MSR_TYPE_R);
+		vmx_disable_intercept_for_msr(vcpu, MSR_CORE_C6_RESIDENCY, MSR_TYPE_R);
+		vmx_disable_intercept_for_msr(vcpu, MSR_CORE_C7_RESIDENCY, MSR_TYPE_R);
 	}
=20
 	/* PT MSRs can be passed through iff PT is exposed to the guest. */
 	if (vmx_pt_mode_is_host_guest())
 		pt_update_intercept_for_msr(vcpu);
+
+	if (vcpu->arch.xfd_no_write_intercept)
+		vmx_disable_intercept_for_msr(vcpu, MSR_IA32_XFD, MSR_TYPE_RW);
+
+	vmx_set_intercept_for_msr(vcpu, MSR_IA32_SPEC_CTRL, MSR_TYPE_RW,
+				  !to_vmx(vcpu)->spec_ctrl);
+
+	if (kvm_cpu_cap_has(X86_FEATURE_XFD))
+		vmx_set_intercept_for_msr(vcpu, MSR_IA32_XFD_ERR, MSR_TYPE_R,
+					  !guest_cpu_cap_has(vcpu, X86_FEATURE_XFD));
+
+	if (cpu_feature_enabled(X86_FEATURE_IBPB))
+		vmx_set_intercept_for_msr(vcpu, MSR_IA32_PRED_CMD, MSR_TYPE_W,
+					  !guest_has_pred_cmd_msr(vcpu));
+
+	if (cpu_feature_enabled(X86_FEATURE_FLUSH_L1D))
+		vmx_set_intercept_for_msr(vcpu, MSR_IA32_FLUSH_CMD, MSR_TYPE_W,
+					  !guest_cpu_cap_has(vcpu, X86_FEATURE_FLUSH_L1D));
+
+	/*
+	 * x2APIC and LBR MSR intercepts are modified on-demand and cannot be
+	 * filtered by userspace.
+	 */
+}
+
+void vmx_msr_filter_changed(struct kvm_vcpu *vcpu)
+{
+	vmx_recalc_msr_intercepts(vcpu);
 }
=20
 static int vmx_deliver_nested_posted_interrupt(struct kvm_vcpu *vcpu,
@@ -7537,26 +7475,6 @@ int vmx_vcpu_create(struct kvm_vcpu *vcpu)
 		evmcs->hv_enlightenments_control.msr_bitmap =3D 1;
 	}
=20
-	/* The MSR bitmap starts with all ones */
-	bitmap_fill(vmx->shadow_msr_intercept.read, MAX_POSSIBLE_PASSTHROUGH_MSRS=
);
-	bitmap_fill(vmx->shadow_msr_intercept.write, MAX_POSSIBLE_PASSTHROUGH_MSR=
S);
-
-	vmx_disable_intercept_for_msr(vcpu, MSR_IA32_TSC, MSR_TYPE_R);
-#ifdef CONFIG_X86_64
-	vmx_disable_intercept_for_msr(vcpu, MSR_FS_BASE, MSR_TYPE_RW);
-	vmx_disable_intercept_for_msr(vcpu, MSR_GS_BASE, MSR_TYPE_RW);
-	vmx_disable_intercept_for_msr(vcpu, MSR_KERNEL_GS_BASE, MSR_TYPE_RW);
-#endif
-	vmx_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_CS, MSR_TYPE_RW);
-	vmx_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_ESP, MSR_TYPE_RW);
-	vmx_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_EIP, MSR_TYPE_RW);
-	if (kvm_cstate_in_guest(vcpu->kvm)) {
-		vmx_disable_intercept_for_msr(vcpu, MSR_CORE_C1_RES, MSR_TYPE_R);
-		vmx_disable_intercept_for_msr(vcpu, MSR_CORE_C3_RESIDENCY, MSR_TYPE_R);
-		vmx_disable_intercept_for_msr(vcpu, MSR_CORE_C6_RESIDENCY, MSR_TYPE_R);
-		vmx_disable_intercept_for_msr(vcpu, MSR_CORE_C7_RESIDENCY, MSR_TYPE_R);
-	}
-
 	vmx->loaded_vmcs =3D &vmx->vmcs01;
=20
 	if (cpu_need_virtualize_apic_accesses(vcpu)) {
@@ -7842,18 +7760,6 @@ void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu)
 		}
 	}
=20
-	if (kvm_cpu_cap_has(X86_FEATURE_XFD))
-		vmx_set_intercept_for_msr(vcpu, MSR_IA32_XFD_ERR, MSR_TYPE_R,
-					  !guest_cpu_cap_has(vcpu, X86_FEATURE_XFD));
-
-	if (boot_cpu_has(X86_FEATURE_IBPB))
-		vmx_set_intercept_for_msr(vcpu, MSR_IA32_PRED_CMD, MSR_TYPE_W,
-					  !guest_has_pred_cmd_msr(vcpu));
-
-	if (boot_cpu_has(X86_FEATURE_FLUSH_L1D))
-		vmx_set_intercept_for_msr(vcpu, MSR_IA32_FLUSH_CMD, MSR_TYPE_W,
-					  !guest_cpu_cap_has(vcpu, X86_FEATURE_FLUSH_L1D));
-
 	set_cr4_guest_host_mask(vmx);
=20
 	vmx_write_encls_bitmap(vcpu, NULL);
@@ -7869,6 +7775,9 @@ void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu)
 		vmx->msr_ia32_feature_control_valid_bits &=3D
 			~FEAT_CTL_SGX_LC_ENABLED;
=20
+	/* Recalc MSR interception to account for feature changes. */
+	vmx_recalc_msr_intercepts(vcpu);
+
 	/* Refresh #PF interception to account for MAXPHYADDR changes. */
 	vmx_update_exception_bitmap(vcpu);
 }
diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
index 0afe97e3478f..a26fe3d9e1d2 100644
--- a/arch/x86/kvm/vmx/vmx.h
+++ b/arch/x86/kvm/vmx/vmx.h
@@ -294,13 +294,6 @@ struct vcpu_vmx {
 	struct pt_desc pt_desc;
 	struct lbr_desc lbr_desc;
=20
-	/* Save desired MSR intercept (read: pass-through) state */
-#define MAX_POSSIBLE_PASSTHROUGH_MSRS	16
-	struct {
-		DECLARE_BITMAP(read, MAX_POSSIBLE_PASSTHROUGH_MSRS);
-		DECLARE_BITMAP(write, MAX_POSSIBLE_PASSTHROUGH_MSRS);
-	} shadow_msr_intercept;
-
 	/* ve_info must be page aligned. */
 	struct vmx_ve_information *ve_info;
 };
--=20
2.50.0.rc0.642.g800a2b2222-goog
From nobody Sat Oct 11 08:30:54 2025
Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com
 [209.85.214.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 820A02DCC1E
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:58:13 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.214.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596296; cv=none;
 b=apoujh3NPNL2c1Cxzaoo1BieaR5Dg/Ev2kJtaJ3OGKY9kNJk1eeccqPfcKK1/MeYJ+dJLCinrNpwE0OF5ku83DedkEIGs9VH9frCPHU/egrK4ipCNRPOSLbO0VxMD7bp36XpZM/jQ/qzb/Zs1F3T3VFL1J8aL3iRh5MKGAAbmc0=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596296; c=relaxed/simple;
	bh=S7VHXpHQvfNQYfaDgLUFSn0xAQvLg98Kt013BPz6oZk=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=DnG5MWI7OusF+DGwzQU0fKIPOjJBGTZScGaZslKytdcM9ZMKXXa54QPwxYYhaLY4jp/rr2MPMAsAFhbZTyrtae9cDRFIKAAThOg0f36tfM31WXFNdkn6RCIqtOtGLB+36Qg0ykWI367bG7ctJkwDKTGSn7jQxhGroAltTmdecK4=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=3ODqkFCJ; arc=none smtp.client-ip=209.85.214.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="3ODqkFCJ"
Received: by mail-pl1-f201.google.com with SMTP id
 d9443c01a7336-235e3f93687so92470185ad.2
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:58:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596293; x=1750201093;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=VEGjIN1nEHAhSdqU9D7mGkjJMNWjphFiAtoH3EI9Y/4=;
        b=3ODqkFCJYN40T7gBqf1LiSvbCa8A/7Zj0aOJdfZryZEQXkBexQgaAu+Pu4JFgGIyzs
         5XprbX9QEHeTb67Sq/FUsxiT/82KVY/1m6ifY2oLswyXQ2uJbBmCzMHvStZCPphZ8Wtj
         GVGh9ATI9MbEZpKJN5AFOgWs6LiI9XiTScD+2K1fGXJ2H51/gRIewFl4L0kn6yKE5EOh
         gi3rYLpJfHwcHtinto3KqJQX+1UWZgU5ledl1yq3obBvUx3ng67MSu6/ybOLIgviYw8c
         4wysvweKCEBf4BVhv8fNZsq+kPAahSGYphlwVMCb7ECuTqHdYLULZj2HLiahwC+bo6vT
         E55w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596293; x=1750201093;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=VEGjIN1nEHAhSdqU9D7mGkjJMNWjphFiAtoH3EI9Y/4=;
        b=m/lQB/DCF+oVPnQ7pD/GAyGFeP8xlAUENHovvvkYJ7UBNn8tSZbiWP5WpFW2dujSxF
         1LAXPVn42HStkejk7YUWBb6oaCyNsOwekQgEbDB+cfY9EvO2JjR1Xu/pnEP9kdx42reG
         C6BCFjxCHoSDfBTClauVGVXapIoIty6HR2Aav0gV358PMBdTDjj/kieHDXs/ugDhWnJS
         OGrahXZOy0Vhv1pFbG8dhgYwiVwV7ZsE1r3RQVeGf4HytmPXnxbbMvcoOV8n7/H5weU0
         z3OlmNyh5iAp1zjMq0jxSi476Crm93TpwI154TVz5SB5CZPNdJfKs4cayMaVOvG/bHZN
         3R+w==
X-Forwarded-Encrypted: i=1;
 AJvYcCWBH9L4SxYyy/l1sueZjDPyXRic9yMUFoFAowovozb2FVbFOTDVs064qnU7Eh1c2CctHXCXWrOQ9BPIPd0=@vger.kernel.org
X-Gm-Message-State: AOJu0Yw1CbNnn0t1fH0KV5xiGRuG5pdJBdqKyXJ52P7/o3Qooj++Rjoi
	CKDDBs1y6ALXOcIQrL5p3eaZq++NdqXFhL5WZMba9CAYbgYGa7+CE2b76RgOIR7Gh8ivHv6oLHK
	wu5aclA==
X-Google-Smtp-Source: 
 AGHT+IHUHfoKuxPlsPDHezLiK33AMSNM/yUxePZMR8daq/kIDIvYtI5298B5zplSwVgT8OrPc0xnrtN7d6I=
X-Received: from pjyp11.prod.google.com ([2002:a17:90a:e70b:b0:311:ff0f:6962])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:902:ec91:b0:234:bef7:e227
 with SMTP id d9443c01a7336-236426208c7mr6413385ad.18.1749596292809; Tue, 10
 Jun 2025 15:58:12 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:24 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-20-seanjc@google.com>
Subject: [PATCH v2 19/32] KVM: SVM: Manually recalc all MSR intercepts on
 userspace MSR filter change
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

On a userspace MSR filter change, recalculate all MSR intercepts using the
filter-agnostic logic instead of maintaining a "shadow copy" of KVM's
desired intercepts.  The shadow bitmaps add yet another point of failure,
are confusing (e.g. what does "handled specially" mean!?!?), an eyesore,
and a maintenance burden.

Given that KVM *must* be able to recalculate the correct intercepts at any
given time, and that MSR filter updates are not hot paths, there is zero
benefit to maintaining the shadow bitmaps.

Opportunistically switch from boot_cpu_has() to cpu_feature_enabled() as
appropriate.

Link: https://lore.kernel.org/all/aCdPbZiYmtni4Bjs@google.com
Link: https://lore.kernel.org/all/20241126180253.GAZ0YNTdXH1UGeqsu6@fat_cra=
te.local
Cc: Francesco Lavra <francescolavra.fl@gmail.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
---
 arch/x86/kvm/svm/sev.c |  16 +-
 arch/x86/kvm/svm/svm.c | 373 +++++++++++------------------------------
 arch/x86/kvm/svm/svm.h |  10 +-
 3 files changed, 108 insertions(+), 291 deletions(-)

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index a020aa755a7e..6282c2930cda 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -4347,9 +4347,12 @@ int sev_es_string_io(struct vcpu_svm *svm, int size,=
 unsigned int port, int in)
 				    count, in);
 }
=20
-static void sev_es_vcpu_after_set_cpuid(struct vcpu_svm *svm)
+void sev_es_recalc_msr_intercepts(struct kvm_vcpu *vcpu)
 {
-	struct kvm_vcpu *vcpu =3D &svm->vcpu;
+	/* Clear intercepts on MSRs that are context switched by hardware. */
+	svm_disable_intercept_for_msr(vcpu, MSR_AMD64_SEV_ES_GHCB, MSR_TYPE_RW);
+	svm_disable_intercept_for_msr(vcpu, MSR_EFER, MSR_TYPE_RW);
+	svm_disable_intercept_for_msr(vcpu, MSR_IA32_CR_PAT, MSR_TYPE_RW);
=20
 	if (boot_cpu_has(X86_FEATURE_V_TSC_AUX))
 		svm_set_intercept_for_msr(vcpu, MSR_TSC_AUX, MSR_TYPE_RW,
@@ -4384,16 +4387,12 @@ void sev_vcpu_after_set_cpuid(struct vcpu_svm *svm)
 	best =3D kvm_find_cpuid_entry(vcpu, 0x8000001F);
 	if (best)
 		vcpu->arch.reserved_gpa_bits &=3D ~(1UL << (best->ebx & 0x3f));
-
-	if (sev_es_guest(svm->vcpu.kvm))
-		sev_es_vcpu_after_set_cpuid(svm);
 }
=20
 static void sev_es_init_vmcb(struct vcpu_svm *svm)
 {
 	struct kvm_sev_info *sev =3D to_kvm_sev_info(svm->vcpu.kvm);
 	struct vmcb *vmcb =3D svm->vmcb01.ptr;
-	struct kvm_vcpu *vcpu =3D &svm->vcpu;
=20
 	svm->vmcb->control.nested_ctl |=3D SVM_NESTED_CTL_SEV_ES_ENABLE;
=20
@@ -4447,11 +4446,6 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm)
=20
 	/* Can't intercept XSETBV, HV can't modify XCR0 directly */
 	svm_clr_intercept(svm, INTERCEPT_XSETBV);
-
-	/* Clear intercepts on MSRs that are context switched by hardware. */
-	svm_disable_intercept_for_msr(vcpu, MSR_AMD64_SEV_ES_GHCB, MSR_TYPE_RW);
-	svm_disable_intercept_for_msr(vcpu, MSR_EFER, MSR_TYPE_RW);
-	svm_disable_intercept_for_msr(vcpu, MSR_IA32_CR_PAT, MSR_TYPE_RW);
 }
=20
 void sev_init_vmcb(struct vcpu_svm *svm)
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 900a1303e0e7..de3d59c71229 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -71,8 +71,6 @@ MODULE_DEVICE_TABLE(x86cpu, svm_cpu_id);
=20
 static bool erratum_383_found __read_mostly;
=20
-u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly;
-
 /*
  * Set osvw_len to higher value when updated Revision Guides
  * are published and we know what the new status bits are
@@ -81,70 +79,6 @@ static uint64_t osvw_len =3D 4, osvw_status;
=20
 static DEFINE_PER_CPU(u64, current_tsc_ratio);
=20
-static const u32 direct_access_msrs[] =3D {
-	MSR_STAR,
-	MSR_IA32_SYSENTER_CS,
-	MSR_IA32_SYSENTER_EIP,
-	MSR_IA32_SYSENTER_ESP,
-#ifdef CONFIG_X86_64
-	MSR_GS_BASE,
-	MSR_FS_BASE,
-	MSR_KERNEL_GS_BASE,
-	MSR_LSTAR,
-	MSR_CSTAR,
-	MSR_SYSCALL_MASK,
-#endif
-	MSR_IA32_SPEC_CTRL,
-	MSR_IA32_PRED_CMD,
-	MSR_IA32_FLUSH_CMD,
-	MSR_IA32_DEBUGCTLMSR,
-	MSR_IA32_LASTBRANCHFROMIP,
-	MSR_IA32_LASTBRANCHTOIP,
-	MSR_IA32_LASTINTFROMIP,
-	MSR_IA32_LASTINTTOIP,
-	MSR_IA32_XSS,
-	MSR_EFER,
-	MSR_IA32_CR_PAT,
-	MSR_AMD64_SEV_ES_GHCB,
-	MSR_TSC_AUX,
-	X2APIC_MSR(APIC_ID),
-	X2APIC_MSR(APIC_LVR),
-	X2APIC_MSR(APIC_TASKPRI),
-	X2APIC_MSR(APIC_ARBPRI),
-	X2APIC_MSR(APIC_PROCPRI),
-	X2APIC_MSR(APIC_EOI),
-	X2APIC_MSR(APIC_RRR),
-	X2APIC_MSR(APIC_LDR),
-	X2APIC_MSR(APIC_DFR),
-	X2APIC_MSR(APIC_SPIV),
-	X2APIC_MSR(APIC_ISR),
-	X2APIC_MSR(APIC_TMR),
-	X2APIC_MSR(APIC_IRR),
-	X2APIC_MSR(APIC_ESR),
-	X2APIC_MSR(APIC_ICR),
-	X2APIC_MSR(APIC_ICR2),
-
-	/*
-	 * Note:
-	 * AMD does not virtualize APIC TSC-deadline timer mode, but it is
-	 * emulated by KVM. When setting APIC LVTT (0x832) register bit 18,
-	 * the AVIC hardware would generate GP fault. Therefore, always
-	 * intercept the MSR 0x832, and do not setup direct_access_msr.
-	 */
-	X2APIC_MSR(APIC_LVTTHMR),
-	X2APIC_MSR(APIC_LVTPC),
-	X2APIC_MSR(APIC_LVT0),
-	X2APIC_MSR(APIC_LVT1),
-	X2APIC_MSR(APIC_LVTERR),
-	X2APIC_MSR(APIC_TMICT),
-	X2APIC_MSR(APIC_TMCCT),
-	X2APIC_MSR(APIC_TDCR),
-};
-
-static_assert(ARRAY_SIZE(direct_access_msrs) =3D=3D
-	      MAX_DIRECT_ACCESS_MSRS - 6 * !IS_ENABLED(CONFIG_X86_64));
-#undef MAX_DIRECT_ACCESS_MSRS
-
 /*
  * These 2 parameters are used to config the controls for Pause-Loop Exiti=
ng:
  * pause_filter_count: On processors that support Pause filtering(indicated
@@ -757,44 +691,6 @@ static void clr_dr_intercepts(struct vcpu_svm *svm)
 	recalc_intercepts(svm);
 }
=20
-static int direct_access_msr_slot(u32 msr)
-{
-	u32 i;
-
-	for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) {
-		if (direct_access_msrs[i] =3D=3D msr)
-			return i;
-	}
-
-	return -ENOENT;
-}
-
-static void set_shadow_msr_intercept(struct kvm_vcpu *vcpu, u32 msr, int r=
ead,
-				     int write)
-{
-	struct vcpu_svm *svm =3D to_svm(vcpu);
-	int slot =3D direct_access_msr_slot(msr);
-
-	if (slot =3D=3D -ENOENT)
-		return;
-
-	/* Set the shadow bitmaps to the desired intercept states */
-	if (read)
-		__set_bit(slot, svm->shadow_msr_intercept.read);
-	else
-		__clear_bit(slot, svm->shadow_msr_intercept.read);
-
-	if (write)
-		__set_bit(slot, svm->shadow_msr_intercept.write);
-	else
-		__clear_bit(slot, svm->shadow_msr_intercept.write);
-}
-
-static bool valid_msr_intercept(u32 index)
-{
-	return direct_access_msr_slot(index) !=3D -ENOENT;
-}
-
 static bool msr_write_intercepted(struct kvm_vcpu *vcpu, u32 msr)
 {
 	/*
@@ -812,62 +708,11 @@ static bool msr_write_intercepted(struct kvm_vcpu *vc=
pu, u32 msr)
 	return svm_test_msr_bitmap_write(msrpm, msr);
 }
=20
-static void set_msr_interception_bitmap(struct kvm_vcpu *vcpu, u32 *msrpm,
-					u32 msr, int read, int write)
-{
-	struct vcpu_svm *svm =3D to_svm(vcpu);
-	u8 bit_read, bit_write;
-	unsigned long tmp;
-	u32 offset;
-
-	/*
-	 * If this warning triggers extend the direct_access_msrs list at the
-	 * beginning of the file
-	 */
-	WARN_ON(!valid_msr_intercept(msr));
-
-	/* Enforce non allowed MSRs to trap */
-	if (read && !kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_READ))
-		read =3D 0;
-
-	if (write && !kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_WRITE))
-		write =3D 0;
-
-	offset    =3D svm_msrpm_offset(msr);
-	if (KVM_BUG_ON(offset =3D=3D MSR_INVALID, vcpu->kvm))
-		return;
-
-	bit_read  =3D 2 * (msr & 0x0f);
-	bit_write =3D 2 * (msr & 0x0f) + 1;
-	tmp       =3D msrpm[offset];
-
-	read  ? __clear_bit(bit_read,  &tmp) : __set_bit(bit_read,  &tmp);
-	write ? __clear_bit(bit_write, &tmp) : __set_bit(bit_write, &tmp);
-
-	if (read)
-		svm_clear_msr_bitmap_read((void *)msrpm, msr);
-	else
-		svm_set_msr_bitmap_read((void *)msrpm, msr);
-
-	if (write)
-		svm_clear_msr_bitmap_write((void *)msrpm, msr);
-	else
-		svm_set_msr_bitmap_write((void *)msrpm, msr);
-
-	WARN_ON_ONCE(msrpm[offset] !=3D (u32)tmp);
-
-	svm_hv_vmcb_dirty_nested_enlightenments(vcpu);
-	svm->nested.force_msr_bitmap_recalc =3D true;
-}
-
 void svm_disable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int typ=
e)
 {
 	struct vcpu_svm *svm =3D to_svm(vcpu);
 	void *msrpm =3D svm->msrpm;
=20
-	/* Note, the shadow intercept bitmaps have inverted polarity. */
-	set_shadow_msr_intercept(vcpu, msr, type & MSR_TYPE_R, type & MSR_TYPE_W);
-
 	/* Don't disable interception for MSRs userspace wants to handle. */
 	if ((type & MSR_TYPE_R) &&
 	    !kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_READ)) {
@@ -896,9 +741,6 @@ void svm_enable_intercept_for_msr(struct kvm_vcpu *vcpu=
, u32 msr, int type)
 	struct vcpu_svm *svm =3D to_svm(vcpu);
 	void *msrpm =3D svm->msrpm;
=20
-	set_shadow_msr_intercept(vcpu, msr,
-				 !(type & MSR_TYPE_R), !(type & MSR_TYPE_W));
-
 	if (type & MSR_TYPE_R)
 		svm_set_msr_bitmap_read(msrpm, msr);
=20
@@ -924,6 +766,19 @@ u32 *svm_vcpu_alloc_msrpm(void)
 	return msrpm;
 }
=20
+static void svm_recalc_lbr_msr_intercepts(struct kvm_vcpu *vcpu)
+{
+	bool intercept =3D !(to_svm(vcpu)->vmcb->control.virt_ext & LBR_CTL_ENABL=
E_MASK);
+
+	svm_set_intercept_for_msr(vcpu, MSR_IA32_LASTBRANCHFROMIP, MSR_TYPE_RW, i=
ntercept);
+	svm_set_intercept_for_msr(vcpu, MSR_IA32_LASTBRANCHTOIP, MSR_TYPE_RW, int=
ercept);
+	svm_set_intercept_for_msr(vcpu, MSR_IA32_LASTINTFROMIP, MSR_TYPE_RW, inte=
rcept);
+	svm_set_intercept_for_msr(vcpu, MSR_IA32_LASTINTTOIP, MSR_TYPE_RW, interc=
ept);
+
+	if (sev_es_guest(vcpu->kvm))
+		svm_set_intercept_for_msr(vcpu, MSR_IA32_DEBUGCTLMSR, MSR_TYPE_RW, inter=
cept);
+}
+
 static void svm_vcpu_init_msrpm(struct kvm_vcpu *vcpu)
 {
 	svm_disable_intercept_for_msr(vcpu, MSR_STAR, MSR_TYPE_RW);
@@ -941,6 +796,38 @@ static void svm_vcpu_init_msrpm(struct kvm_vcpu *vcpu)
=20
 void svm_set_x2apic_msr_interception(struct vcpu_svm *svm, bool intercept)
 {
+	static const u32 x2avic_passthrough_msrs[] =3D {
+		X2APIC_MSR(APIC_ID),
+		X2APIC_MSR(APIC_LVR),
+		X2APIC_MSR(APIC_TASKPRI),
+		X2APIC_MSR(APIC_ARBPRI),
+		X2APIC_MSR(APIC_PROCPRI),
+		X2APIC_MSR(APIC_EOI),
+		X2APIC_MSR(APIC_RRR),
+		X2APIC_MSR(APIC_LDR),
+		X2APIC_MSR(APIC_DFR),
+		X2APIC_MSR(APIC_SPIV),
+		X2APIC_MSR(APIC_ISR),
+		X2APIC_MSR(APIC_TMR),
+		X2APIC_MSR(APIC_IRR),
+		X2APIC_MSR(APIC_ESR),
+		X2APIC_MSR(APIC_ICR),
+		X2APIC_MSR(APIC_ICR2),
+
+		/*
+		 * Note!  Always intercept LVTT, as TSC-deadline timer mode
+		 * isn't virtualized by hardware, and the CPU will generate a
+		 * #GP instead of a #VMEXIT.
+		 */
+		X2APIC_MSR(APIC_LVTTHMR),
+		X2APIC_MSR(APIC_LVTPC),
+		X2APIC_MSR(APIC_LVT0),
+		X2APIC_MSR(APIC_LVT1),
+		X2APIC_MSR(APIC_LVTERR),
+		X2APIC_MSR(APIC_TMICT),
+		X2APIC_MSR(APIC_TMCCT),
+		X2APIC_MSR(APIC_TDCR),
+	};
 	int i;
=20
 	if (intercept =3D=3D svm->x2avic_msrs_intercepted)
@@ -949,15 +836,9 @@ void svm_set_x2apic_msr_interception(struct vcpu_svm *=
svm, bool intercept)
 	if (!x2avic_enabled)
 		return;
=20
-	for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) {
-		int index =3D direct_access_msrs[i];
-
-		if ((index < APIC_BASE_MSR) ||
-		    (index > APIC_BASE_MSR + 0xff))
-			continue;
-
-		svm_set_intercept_for_msr(&svm->vcpu, index, MSR_TYPE_RW, intercept);
-	}
+	for (i =3D 0; i < ARRAY_SIZE(x2avic_passthrough_msrs); i++)
+		svm_set_intercept_for_msr(&svm->vcpu, x2avic_passthrough_msrs[i],
+					  MSR_TYPE_RW, intercept);
=20
 	svm->x2avic_msrs_intercepted =3D intercept;
 }
@@ -967,65 +848,57 @@ void svm_vcpu_free_msrpm(u32 *msrpm)
 	__free_pages(virt_to_page(msrpm), get_order(MSRPM_SIZE));
 }
=20
+static void svm_recalc_msr_intercepts(struct kvm_vcpu *vcpu)
+{
+	struct vcpu_svm *svm =3D to_svm(vcpu);
+
+	svm_vcpu_init_msrpm(vcpu);
+
+	if (lbrv)
+		svm_recalc_lbr_msr_intercepts(vcpu);
+
+	if (cpu_feature_enabled(X86_FEATURE_IBPB))
+		svm_set_intercept_for_msr(vcpu, MSR_IA32_PRED_CMD, MSR_TYPE_W,
+					  !guest_has_pred_cmd_msr(vcpu));
+
+	if (cpu_feature_enabled(X86_FEATURE_FLUSH_L1D))
+		svm_set_intercept_for_msr(vcpu, MSR_IA32_FLUSH_CMD, MSR_TYPE_W,
+					  !guest_cpu_cap_has(vcpu, X86_FEATURE_FLUSH_L1D));
+
+	/*
+	 * Disable interception of SPEC_CTRL if KVM doesn't need to manually
+	 * context switch the MSR (SPEC_CTRL is virtualized by the CPU), or if
+	 * the guest has a non-zero SPEC_CTRL value, i.e. is likely actively
+	 * using SPEC_CTRL.
+	 */
+	if (cpu_feature_enabled(X86_FEATURE_V_SPEC_CTRL))
+		svm_set_intercept_for_msr(vcpu, MSR_IA32_SPEC_CTRL, MSR_TYPE_RW,
+					  !guest_has_spec_ctrl_msr(vcpu));
+	else
+		svm_set_intercept_for_msr(vcpu, MSR_IA32_SPEC_CTRL, MSR_TYPE_RW,
+					  !svm->spec_ctrl);
+
+	/*
+	 * Intercept SYSENTER_EIP and SYSENTER_ESP when emulating an Intel CPU,
+	 * as AMD hardware only store 32 bits, whereas Intel CPUs track 64 bits.
+	 */
+	svm_set_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_EIP, MSR_TYPE_RW,
+				  guest_cpuid_is_intel_compatible(vcpu));
+	svm_set_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_ESP, MSR_TYPE_RW,
+				  guest_cpuid_is_intel_compatible(vcpu));
+
+	if (sev_es_guest(vcpu->kvm))
+		sev_es_recalc_msr_intercepts(vcpu);
+
+	/*
+	 * x2APIC intercepts are modified on-demand and cannot be filtered by
+	 * userspace.
+	 */
+}
+
 static void svm_msr_filter_changed(struct kvm_vcpu *vcpu)
 {
-	struct vcpu_svm *svm =3D to_svm(vcpu);
-	u32 i;
-
-	/*
-	 * Set intercept permissions for all direct access MSRs again. They
-	 * will automatically get filtered through the MSR filter, so we are
-	 * back in sync after this.
-	 */
-	for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) {
-		u32 msr =3D direct_access_msrs[i];
-		u32 read =3D test_bit(i, svm->shadow_msr_intercept.read);
-		u32 write =3D test_bit(i, svm->shadow_msr_intercept.write);
-
-		set_msr_interception_bitmap(vcpu, svm->msrpm, msr, read, write);
-	}
-}
-
-static __init int add_msr_offset(u32 offset)
-{
-	int i;
-
-	for (i =3D 0; i < MSRPM_OFFSETS; ++i) {
-
-		/* Offset already in list? */
-		if (msrpm_offsets[i] =3D=3D offset)
-			return 0;
-
-		/* Slot used by another offset? */
-		if (msrpm_offsets[i] !=3D MSR_INVALID)
-			continue;
-
-		/* Add offset to list */
-		msrpm_offsets[i] =3D offset;
-
-		return 0;
-	}
-
-	return -ENOSPC;
-}
-
-static __init int init_msrpm_offsets(void)
-{
-	int i;
-
-	memset(msrpm_offsets, 0xff, sizeof(msrpm_offsets));
-
-	for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) {
-		u32 offset;
-
-		offset =3D svm_msrpm_offset(direct_access_msrs[i]);
-		if (WARN_ON(offset =3D=3D MSR_INVALID))
-			return -EIO;
-
-		if (WARN_ON_ONCE(add_msr_offset(offset)))
-			return -EIO;
-	}
-	return 0;
+	svm_recalc_msr_intercepts(vcpu);
 }
=20
 void svm_copy_lbrs(struct vmcb *to_vmcb, struct vmcb *from_vmcb)
@@ -1044,13 +917,7 @@ void svm_enable_lbrv(struct kvm_vcpu *vcpu)
 	struct vcpu_svm *svm =3D to_svm(vcpu);
=20
 	svm->vmcb->control.virt_ext |=3D LBR_CTL_ENABLE_MASK;
-	svm_disable_intercept_for_msr(vcpu, MSR_IA32_LASTBRANCHFROMIP, MSR_TYPE_R=
W);
-	svm_disable_intercept_for_msr(vcpu, MSR_IA32_LASTBRANCHTOIP, MSR_TYPE_RW);
-	svm_disable_intercept_for_msr(vcpu, MSR_IA32_LASTINTFROMIP, MSR_TYPE_RW);
-	svm_disable_intercept_for_msr(vcpu, MSR_IA32_LASTINTTOIP, MSR_TYPE_RW);
-
-	if (sev_es_guest(vcpu->kvm))
-		svm_disable_intercept_for_msr(vcpu, MSR_IA32_DEBUGCTLMSR, MSR_TYPE_RW);
+	svm_recalc_lbr_msr_intercepts(vcpu);
=20
 	/* Move the LBR msrs to the vmcb02 so that the guest can see them. */
 	if (is_guest_mode(vcpu))
@@ -1064,10 +931,7 @@ static void svm_disable_lbrv(struct kvm_vcpu *vcpu)
 	KVM_BUG_ON(sev_es_guest(vcpu->kvm), vcpu->kvm);
=20
 	svm->vmcb->control.virt_ext &=3D ~LBR_CTL_ENABLE_MASK;
-	svm_enable_intercept_for_msr(vcpu, MSR_IA32_LASTBRANCHFROMIP, MSR_TYPE_RW=
);
-	svm_enable_intercept_for_msr(vcpu, MSR_IA32_LASTBRANCHTOIP, MSR_TYPE_RW);
-	svm_enable_intercept_for_msr(vcpu, MSR_IA32_LASTINTFROMIP, MSR_TYPE_RW);
-	svm_enable_intercept_for_msr(vcpu, MSR_IA32_LASTINTTOIP, MSR_TYPE_RW);
+	svm_recalc_lbr_msr_intercepts(vcpu);
=20
 	/*
 	 * Move the LBR msrs back to the vmcb01 to avoid copying them
@@ -1250,17 +1114,9 @@ static inline void init_vmcb_after_set_cpuid(struct =
kvm_vcpu *vcpu)
 	struct vcpu_svm *svm =3D to_svm(vcpu);
=20
 	if (guest_cpuid_is_intel_compatible(vcpu)) {
-		/*
-		 * We must intercept SYSENTER_EIP and SYSENTER_ESP
-		 * accesses because the processor only stores 32 bits.
-		 * For the same reason we cannot use virtual VMLOAD/VMSAVE.
-		 */
 		svm_set_intercept(svm, INTERCEPT_VMLOAD);
 		svm_set_intercept(svm, INTERCEPT_VMSAVE);
 		svm->vmcb->control.virt_ext &=3D ~VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK;
-
-		svm_enable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_EIP, MSR_TYPE_RW);
-		svm_enable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_ESP, MSR_TYPE_RW);
 	} else {
 		/*
 		 * If hardware supports Virtual VMLOAD VMSAVE then enable it
@@ -1271,10 +1127,9 @@ static inline void init_vmcb_after_set_cpuid(struct =
kvm_vcpu *vcpu)
 			svm_clr_intercept(svm, INTERCEPT_VMSAVE);
 			svm->vmcb->control.virt_ext |=3D VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK;
 		}
-		/* No need to intercept these MSRs */
-		svm_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_EIP, MSR_TYPE_RW);
-		svm_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_ESP, MSR_TYPE_RW);
 	}
+
+	svm_recalc_msr_intercepts(vcpu);
 }
=20
 static void init_vmcb(struct kvm_vcpu *vcpu)
@@ -1401,15 +1256,6 @@ static void init_vmcb(struct kvm_vcpu *vcpu)
=20
 	svm_recalc_instruction_intercepts(vcpu, svm);
=20
-	/*
-	 * If the CPU virtualizes MSR_IA32_SPEC_CTRL, i.e. KVM doesn't need to
-	 * manually context switch the MSR, immediately configure interception
-	 * of SPEC_CTRL, without waiting for the guest to access the MSR.
-	 */
-	if (boot_cpu_has(X86_FEATURE_V_SPEC_CTRL))
-		svm_set_intercept_for_msr(vcpu, MSR_IA32_SPEC_CTRL, MSR_TYPE_RW,
-					  !guest_has_spec_ctrl_msr(vcpu));
-
 	if (kvm_vcpu_apicv_active(vcpu))
 		avic_init_vmcb(svm, vmcb);
=20
@@ -1440,8 +1286,6 @@ static void __svm_vcpu_reset(struct kvm_vcpu *vcpu)
 {
 	struct vcpu_svm *svm =3D to_svm(vcpu);
=20
-	svm_vcpu_init_msrpm(vcpu);
-
 	svm_init_osvw(vcpu);
=20
 	if (kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_STUFF_FEATURE_MSRS))
@@ -3241,8 +3085,7 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct =
msr_data *msr)
=20
 		/*
 		 * TSC_AUX is usually changed only during boot and never read
-		 * directly.  Intercept TSC_AUX instead of exposing it to the
-		 * guest via direct_access_msrs, and switch it via user return.
+		 * directly.  Intercept TSC_AUX and switch it via user return.
 		 */
 		preempt_disable();
 		ret =3D kvm_set_user_return_msr(tsc_aux_uret_slot, data, -1ull);
@@ -4678,14 +4521,6 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu=
 *vcpu)
=20
 	svm_recalc_instruction_intercepts(vcpu, svm);
=20
-	if (boot_cpu_has(X86_FEATURE_IBPB))
-		svm_set_intercept_for_msr(vcpu, MSR_IA32_PRED_CMD, MSR_TYPE_W,
-					  !guest_has_pred_cmd_msr(vcpu));
-
-	if (boot_cpu_has(X86_FEATURE_FLUSH_L1D))
-		svm_set_intercept_for_msr(vcpu, MSR_IA32_FLUSH_CMD, MSR_TYPE_W,
-					  !guest_cpu_cap_has(vcpu, X86_FEATURE_FLUSH_L1D));
-
 	if (sev_guest(vcpu->kvm))
 		sev_vcpu_after_set_cpuid(svm);
=20
@@ -5544,10 +5379,6 @@ static __init int svm_hardware_setup(void)
 	}
 	kvm_enable_efer_bits(EFER_NX);
=20
-	r =3D init_msrpm_offsets();
-	if (r)
-		return r;
-
 	kvm_caps.supported_xcr0 &=3D ~(XFEATURE_MASK_BNDREGS |
 				     XFEATURE_MASK_BNDCSR);
=20
diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index 5d5805ab59a7..91c4eb2232e0 100644
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -44,9 +44,6 @@ static inline struct page *__sme_pa_to_page(unsigned long=
 pa)
 #define	IOPM_SIZE PAGE_SIZE * 3
 #define	MSRPM_SIZE PAGE_SIZE * 2
=20
-#define MAX_DIRECT_ACCESS_MSRS	47
-#define MSRPM_OFFSETS	32
-extern u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly;
 extern bool npt_enabled;
 extern int nrips;
 extern int vgif;
@@ -318,12 +315,6 @@ struct vcpu_svm {
 	struct list_head ir_list;
 	spinlock_t ir_list_lock;
=20
-	/* Save desired MSR intercept (read: pass-through) state */
-	struct {
-		DECLARE_BITMAP(read, MAX_DIRECT_ACCESS_MSRS);
-		DECLARE_BITMAP(write, MAX_DIRECT_ACCESS_MSRS);
-	} shadow_msr_intercept;
-
 	struct vcpu_sev_es_state sev_es;
=20
 	bool guest_state_loaded;
@@ -820,6 +811,7 @@ void sev_init_vmcb(struct vcpu_svm *svm);
 void sev_vcpu_after_set_cpuid(struct vcpu_svm *svm);
 int sev_es_string_io(struct vcpu_svm *svm, int size, unsigned int port, in=
t in);
 void sev_es_vcpu_reset(struct vcpu_svm *svm);
+void sev_es_recalc_msr_intercepts(struct kvm_vcpu *vcpu);
 void sev_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector);
 void sev_es_prepare_switch_to_guest(struct vcpu_svm *svm, struct sev_es_sa=
ve_area *hostsa);
 void sev_es_unmap_ghcb(struct vcpu_svm *svm);
--=20
2.50.0.rc0.642.g800a2b2222-goog
From nobody Sat Oct 11 08:30:54 2025
Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com
 [209.85.214.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2E5642DFA48
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:58:15 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.214.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596296; cv=none;
 b=qWDl2H8Oe+zM9umaQqCpTs5Dj1lI7AUQ6SsEbOYGh2NxPO7si50yr3rJNQhzJxSWxrBXHbevGX9KJttIxKeAtzIceaSZ4KxfLi/4zHDiPgpv1045f9XwaS0kI0qMxcau6mCpjeKNX9Jp0UYETBgEZDag6EFW+zO1PIrCZs5rW6o=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596296; c=relaxed/simple;
	bh=F1FCxA6Fmfycf87sm7Fnlumr/JZJilN6wmcgrzRL8Uc=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=kT4ep56gfFNCdegU3iL9jDXkIpLKhtBzuGPcjZe36M+lVUoU+VdY7Ul68c9QIBh6Ha4Pf9IntA4nEYZoYUQF01MoOqfx2IpdoHR57E3zAOE0/fAWoCPyXFdDH/WyRsV/br/bRtviDlO8B0gHXgZlAbtAhbk+fF+T9vDeoom01zE=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=BAMuzYbg; arc=none smtp.client-ip=209.85.214.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="BAMuzYbg"
Received: by mail-pl1-f201.google.com with SMTP id
 d9443c01a7336-2358ddcb1e3so89630075ad.3
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:58:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596294; x=1750201094;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=FaEfE2/QvzirXwC0gtWq1LyfGrvWT+i42kXYYAECDHg=;
        b=BAMuzYbg7MlWh8P+nhgfHvQjfqhiPf3DiLtNijLgtk97Ee+7bTP990RcRiaauv9dKa
         fjiEZIAXtGVwoASiSTAh51wfgTamzkH4yb94sRAL4u/9uzqOnCbMz2D+r1sj1LLcU2SB
         uklFR2996IOvaSIazZUK2Io8HsCediUKL3Z2q9g5LJLBES/0ulANsPDiD/qzk015XxMu
         ESltmRWvYvmmNObd+98nlWRiPLfhBfWeNgA6XxM95CrqRRx8vcXUvf6DlOsXpmCsDKpi
         iWLAN9c48jfZXzJPzw/VTLR8kNI9AIFvXLCsckCecpYmxWyOm2uXep6+B4AYRJiW/9wc
         y1+A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596294; x=1750201094;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=FaEfE2/QvzirXwC0gtWq1LyfGrvWT+i42kXYYAECDHg=;
        b=QVXbAvIUiqXEsQINsh7Sl7ROsAc/Cwyi+HAT3bA8wAnggHw+ddM3EcmU8sqXoZ73DJ
         VhEWUKwL757Erw/xxyrwe3S40Ygnr1NP4E5NZuSNxbci3lkjc3gGWXTN95mQXJJ28OXM
         QTDHfvUgIeEf+jLlClzTVwV0Sats+ymqc3RX4KDI+E+kiMHDDnvhpyjM1oN8vd2OuAhC
         piTA0pgf44CNYxlTu92wssqUqUktKzz8sYp3mnu8IHHNr6/KfglFnxD262gC3BwPK7FG
         BekXr1eU+lmwg62XLfdMJ6Vw4XoPrWRs1zQElKjDSWMiY5oYU0F0eG3PsWdLmEqEgT1j
         4LTw==
X-Forwarded-Encrypted: i=1;
 AJvYcCVS7s/9Er9lPmMp5AbzOUgx9ALOgig5Nv0+AhaIhf/lmv6jldI+TxekbIpPpL0+0Gt66226yDrJk9JSR2o=@vger.kernel.org
X-Gm-Message-State: AOJu0YwiyVu9BwG0k/JxdvRAMAOwUrEXUNrk86PDn6V4g9MbDLEUHnbE
	S012Wfq8g7eK5vvaw0+nZDi3sM1aImmcRGsvDvJ+/6f4yKK8lhM1i/JdBTYnX0ZeOQTRC4mwoiu
	QmrJZUQ==
X-Google-Smtp-Source: 
 AGHT+IGvLjIOPk/iwEA2IyYT/UJ3dmbJ5ebXkhSDXZ8vMZLoG14BPZbaaTS3vZ80RE1HOv23dnW3r07AQ/s=
X-Received: from plbkk7.prod.google.com ([2002:a17:903:707:b0:234:e3a2:5b21])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:903:1b26:b0:235:ea29:28da
 with SMTP id d9443c01a7336-236426208bbmr6439855ad.17.1749596294579; Tue, 10
 Jun 2025 15:58:14 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:25 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-21-seanjc@google.com>
Subject: [PATCH v2 20/32] KVM: x86: Rename msr_filter_changed() =>
 recalc_msr_intercepts()
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Rename msr_filter_changed() to recalc_msr_intercepts() and drop the
trampoline wrapper now that both SVM and VMX use a filter-agnostic recalc
helper to react to the new userspace filter.

No functional change intended.

Reviewed-by: Xin Li (Intel) <xin@zytor.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Binbin Wu <binbin.wu@linux.intel.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
---
 arch/x86/include/asm/kvm-x86-ops.h | 2 +-
 arch/x86/include/asm/kvm_host.h    | 2 +-
 arch/x86/kvm/svm/svm.c             | 8 +-------
 arch/x86/kvm/vmx/main.c            | 6 +++---
 arch/x86/kvm/vmx/vmx.c             | 7 +------
 arch/x86/kvm/vmx/x86_ops.h         | 2 +-
 arch/x86/kvm/x86.c                 | 8 +++++++-
 7 files changed, 15 insertions(+), 20 deletions(-)

diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-=
x86-ops.h
index 8d50e3e0a19b..19a6735d6dd8 100644
--- a/arch/x86/include/asm/kvm-x86-ops.h
+++ b/arch/x86/include/asm/kvm-x86-ops.h
@@ -139,7 +139,7 @@ KVM_X86_OP(check_emulate_instruction)
 KVM_X86_OP(apic_init_signal_blocked)
 KVM_X86_OP_OPTIONAL(enable_l2_tlb_flush)
 KVM_X86_OP_OPTIONAL(migrate_timers)
-KVM_X86_OP(msr_filter_changed)
+KVM_X86_OP(recalc_msr_intercepts)
 KVM_X86_OP(complete_emulated_msr)
 KVM_X86_OP(vcpu_deliver_sipi_vector)
 KVM_X86_OP_OPTIONAL_RET0(vcpu_get_apicv_inhibit_reasons);
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_hos=
t.h
index 330cdcbed1a6..89a626e5b80f 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1885,7 +1885,7 @@ struct kvm_x86_ops {
 	int (*enable_l2_tlb_flush)(struct kvm_vcpu *vcpu);
=20
 	void (*migrate_timers)(struct kvm_vcpu *vcpu);
-	void (*msr_filter_changed)(struct kvm_vcpu *vcpu);
+	void (*recalc_msr_intercepts)(struct kvm_vcpu *vcpu);
 	int (*complete_emulated_msr)(struct kvm_vcpu *vcpu, int err);
=20
 	void (*vcpu_deliver_sipi_vector)(struct kvm_vcpu *vcpu, u8 vector);
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index de3d59c71229..710bc5f965dc 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -896,11 +896,6 @@ static void svm_recalc_msr_intercepts(struct kvm_vcpu =
*vcpu)
 	 */
 }
=20
-static void svm_msr_filter_changed(struct kvm_vcpu *vcpu)
-{
-	svm_recalc_msr_intercepts(vcpu);
-}
-
 void svm_copy_lbrs(struct vmcb *to_vmcb, struct vmcb *from_vmcb)
 {
 	to_vmcb->save.dbgctl		=3D from_vmcb->save.dbgctl;
@@ -929,7 +924,6 @@ static void svm_disable_lbrv(struct kvm_vcpu *vcpu)
 	struct vcpu_svm *svm =3D to_svm(vcpu);
=20
 	KVM_BUG_ON(sev_es_guest(vcpu->kvm), vcpu->kvm);
-
 	svm->vmcb->control.virt_ext &=3D ~LBR_CTL_ENABLE_MASK;
 	svm_recalc_lbr_msr_intercepts(vcpu);
=20
@@ -5227,7 +5221,7 @@ static struct kvm_x86_ops svm_x86_ops __initdata =3D {
=20
 	.apic_init_signal_blocked =3D svm_apic_init_signal_blocked,
=20
-	.msr_filter_changed =3D svm_msr_filter_changed,
+	.recalc_msr_intercepts =3D svm_recalc_msr_intercepts,
 	.complete_emulated_msr =3D svm_complete_emulated_msr,
=20
 	.vcpu_deliver_sipi_vector =3D svm_vcpu_deliver_sipi_vector,
diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c
index d1e02e567b57..b3c58731a2f5 100644
--- a/arch/x86/kvm/vmx/main.c
+++ b/arch/x86/kvm/vmx/main.c
@@ -220,7 +220,7 @@ static int vt_get_msr(struct kvm_vcpu *vcpu, struct msr=
_data *msr_info)
 	return vmx_get_msr(vcpu, msr_info);
 }
=20
-static void vt_msr_filter_changed(struct kvm_vcpu *vcpu)
+static void vt_recalc_msr_intercepts(struct kvm_vcpu *vcpu)
 {
 	/*
 	 * TDX doesn't allow VMM to configure interception of MSR accesses.
@@ -231,7 +231,7 @@ static void vt_msr_filter_changed(struct kvm_vcpu *vcpu)
 	if (is_td_vcpu(vcpu))
 		return;
=20
-	vmx_msr_filter_changed(vcpu);
+	vmx_recalc_msr_intercepts(vcpu);
 }
=20
 static int vt_complete_emulated_msr(struct kvm_vcpu *vcpu, int err)
@@ -1034,7 +1034,7 @@ struct kvm_x86_ops vt_x86_ops __initdata =3D {
 	.apic_init_signal_blocked =3D vt_op(apic_init_signal_blocked),
 	.migrate_timers =3D vmx_migrate_timers,
=20
-	.msr_filter_changed =3D vt_op(msr_filter_changed),
+	.recalc_msr_intercepts =3D vt_op(recalc_msr_intercepts),
 	.complete_emulated_msr =3D vt_op(complete_emulated_msr),
=20
 	.vcpu_deliver_sipi_vector =3D kvm_vcpu_deliver_sipi_vector,
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index ce7a1c07e402..bdff81f8288d 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -4074,7 +4074,7 @@ void pt_update_intercept_for_msr(struct kvm_vcpu *vcp=
u)
 	}
 }
=20
-static void vmx_recalc_msr_intercepts(struct kvm_vcpu *vcpu)
+void vmx_recalc_msr_intercepts(struct kvm_vcpu *vcpu)
 {
 	if (!cpu_has_vmx_msr_bitmap())
 		return;
@@ -4123,11 +4123,6 @@ static void vmx_recalc_msr_intercepts(struct kvm_vcp=
u *vcpu)
 	 */
 }
=20
-void vmx_msr_filter_changed(struct kvm_vcpu *vcpu)
-{
-	vmx_recalc_msr_intercepts(vcpu);
-}
-
 static int vmx_deliver_nested_posted_interrupt(struct kvm_vcpu *vcpu,
 						int vector)
 {
diff --git a/arch/x86/kvm/vmx/x86_ops.h b/arch/x86/kvm/vmx/x86_ops.h
index b4596f651232..34c6e683e321 100644
--- a/arch/x86/kvm/vmx/x86_ops.h
+++ b/arch/x86/kvm/vmx/x86_ops.h
@@ -52,7 +52,7 @@ void vmx_deliver_interrupt(struct kvm_lapic *apic, int de=
livery_mode,
 			   int trig_mode, int vector);
 void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu);
 bool vmx_has_emulated_msr(struct kvm *kvm, u32 index);
-void vmx_msr_filter_changed(struct kvm_vcpu *vcpu);
+void vmx_recalc_msr_intercepts(struct kvm_vcpu *vcpu);
 void vmx_prepare_switch_to_guest(struct kvm_vcpu *vcpu);
 void vmx_update_exception_bitmap(struct kvm_vcpu *vcpu);
 int vmx_get_feature_msr(u32 msr, u64 *data);
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index dd34a2ec854c..cc9a01b6dbc8 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -10926,8 +10926,14 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
 			kvm_vcpu_update_apicv(vcpu);
 		if (kvm_check_request(KVM_REQ_APF_READY, vcpu))
 			kvm_check_async_pf_completion(vcpu);
+
+		/*
+		 * Recalc MSR intercepts as userspace may want to intercept
+		 * accesses to MSRs that KVM would otherwise pass through to
+		 * the guest.
+		 */
 		if (kvm_check_request(KVM_REQ_MSR_FILTER_CHANGED, vcpu))
-			kvm_x86_call(msr_filter_changed)(vcpu);
+			kvm_x86_call(recalc_msr_intercepts)(vcpu);
=20
 		if (kvm_check_request(KVM_REQ_UPDATE_CPU_DIRTY_LOGGING, vcpu))
 			kvm_x86_call(update_cpu_dirty_logging)(vcpu);
--=20
2.50.0.rc0.642.g800a2b2222-goog
From nobody Sat Oct 11 08:30:54 2025
Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com
 [209.85.210.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id EC99A2DFA5D
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:58:16 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.210.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596298; cv=none;
 b=FVm0fFKEjlbRL72TrotBmUzm3ghPvM0+PB7KGJo7V/+WLqHEloFfSLtx86pTOs90o4zhyoFB8ADIYqOS+UfZ8pQvGoYM9bv3QeC3dE8t406F8a1D+Ww5QhCsifmGbz0DNC1zcyZAwRqPr2+VD/9cuvh9SetSxTI+YleQow0Zxu0=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596298; c=relaxed/simple;
	bh=mf4dGNQEE8Vf3ZN6CsMJb1C98fQ9dcsST+qQnEYPAdU=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=DOEiFKEQrxUJYeNqic1WJ0hmSA/xMLuuoKyAMFaayszC8KHbyMoPig8HwIzRL+DRsK1kaRR0EwfoiI8WgGZ3WKjVQkwmgcAg6j7jjsKFAtnrjy0eemt3mYG4UB2aeQQFzjIyMYQr0oH9Qo2XSs5Gv2dyvI1UYfsR7V6h5p6tYz8=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=TYFxWtZh; arc=none smtp.client-ip=209.85.210.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="TYFxWtZh"
Received: by mail-pf1-f201.google.com with SMTP id
 d2e1a72fcca58-742b6705a52so8883221b3a.1
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:58:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596296; x=1750201096;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=INqA6pUbqyUB4M6DLfIPSDW1OsxCHPz49HW15Ivf0MI=;
        b=TYFxWtZhS3UkwVoUHispTjmFhiytbSw1yoLwYsSG8jq9oCyDdDTVbYt1ku00dzAJaH
         FDzOgJUB7PeX3tfUwisjQPCI44moy/z8o34SVYW5k2hK2O5ZMvZxht9k/TYXCCFmEUYO
         a2iUVY9Gt+g7R4YIKfn59y7KEwgkbuZDKBZGjdn3h3WnmwzDCYopWvegT54crGMQka9F
         /sf75/eVg1mhl1/B6J/6YJc7ugn9zjSbVheUXKVVunIHwCxWNVV+QvcCM4rIODyZL1gw
         2vb+6ALvzIX0bsAoFtevs6fKwSJ8vxSwQqdrsYAxBb/Dpg/97pLekMxq2cqSioBU66+x
         ci4g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596296; x=1750201096;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=INqA6pUbqyUB4M6DLfIPSDW1OsxCHPz49HW15Ivf0MI=;
        b=vn47ZB6CzDhrDUQA3RUuaSHAi/+DSfaz8hxpDv3IjrDywtuk+PZzp1JCCvrahZrP5u
         u10/yMVUO6/7bfZe2ZB4qrW/b7Ut0ruVuPPlumb0M+20jrLm6Jr1Zz/NbyY3uzVkM6a+
         7l5UBLnUsaUHcOsxyyyjd6QpfUoNnMlbB0KUlAheHW4/5Yo8/5/xxiY4X6pOkCT5ZLSg
         j0qeU/RkSAp4f0wc1Qn5x9Uc2/tFwpgayjdAlUJwj+Lotzc+nl5Sfinkg1JODrSb8dI3
         gNx1PBIOJ3O1HtStTxV/xqClB0XmYxpaiQU0i7ioxW2hN0b0y65Z+Dpa5jli5zTy1zEG
         JKvg==
X-Forwarded-Encrypted: i=1;
 AJvYcCW9THaBm4uUn15Q+4qBesGseKl5taFprX+H35ki4W/baT4D6V+BMl6cbhGSgZDGYB924bd1BwR+uaE4QAE=@vger.kernel.org
X-Gm-Message-State: AOJu0YxF1m6W/cfApaUUu2SHZ3jn2futVMF2hTfyKOrlzy4QiXSCAZTM
	8b4ttGJN20hsvy1S0th44A/vRY49qaROS/mL2DqBMbRzwKlpKL5bRKCsp24Rn66laegnoK36SNl
	UtooTKg==
X-Google-Smtp-Source: 
 AGHT+IHMOEDiNlakcTKi0BqXOdIFD8cp9FnOaD9FdZ/5gIz3n4JAB+77v2pAu2xRBZ27EtExAHgRcKJEqgA=
X-Received: from pfnj12.prod.google.com ([2002:aa7:83cc:0:b0:746:32ee:a305])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6a21:9993:b0:21d:3635:548b
 with SMTP id adf61e73a8af0-21f890eac3cmr787123637.32.1749596296356; Tue, 10
 Jun 2025 15:58:16 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:26 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-22-seanjc@google.com>
Subject: [PATCH v2 21/32] KVM: SVM: Rename init_vmcb_after_set_cpuid() to make
 it intercepts specific
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Rename init_vmcb_after_set_cpuid() to svm_recalc_intercepts_after_set_cpuid=
()
to more precisely describe its role.  Strictly speaking, the name isn't
perfect as toggling virtual VM{LOAD,SAVE} is arguably not recalculating an
intercept, but practically speaking it's close enough.

No functional change intended.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
---
 arch/x86/kvm/svm/svm.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 710bc5f965dc..1e3250ed2954 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -1103,7 +1103,7 @@ static void svm_recalc_instruction_intercepts(struct =
kvm_vcpu *vcpu,
 	}
 }
=20
-static inline void init_vmcb_after_set_cpuid(struct kvm_vcpu *vcpu)
+static void svm_recalc_intercepts_after_set_cpuid(struct kvm_vcpu *vcpu)
 {
 	struct vcpu_svm *svm =3D to_svm(vcpu);
=20
@@ -1269,7 +1269,8 @@ static void init_vmcb(struct kvm_vcpu *vcpu)
 		sev_init_vmcb(svm);
=20
 	svm_hv_init_vmcb(vmcb);
-	init_vmcb_after_set_cpuid(vcpu);
+
+	svm_recalc_intercepts_after_set_cpuid(vcpu);
=20
 	vmcb_mark_all_dirty(vmcb);
=20
@@ -4518,7 +4519,7 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu =
*vcpu)
 	if (sev_guest(vcpu->kvm))
 		sev_vcpu_after_set_cpuid(svm);
=20
-	init_vmcb_after_set_cpuid(vcpu);
+	svm_recalc_intercepts_after_set_cpuid(vcpu);
 }
=20
 static bool svm_has_wbinvd_exit(void)
--=20
2.50.0.rc0.642.g800a2b2222-goog
From nobody Sat Oct 11 08:30:54 2025
Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com
 [209.85.214.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 579602E62A1
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:58:18 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.214.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596301; cv=none;
 b=J/xw6vlsi7QuGxf1MZgvQ3TA1FuGWd5Rxx8nhuQyg6I9eDYd7ngfGYTbu36vcMfbDGRO9tb2wayk3UBjY65mix5G2oQimCQKO34Y72zc1fQTxPleqNFCpOVWOTvjDovEQ7UGZ5SWlAwnMEP70E9l9kLRc2SCGib/Qfedx9MT2To=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596301; c=relaxed/simple;
	bh=nUK0SeMAHpZWR9VEMLwQ2wHnXQVmswQ/I2nW72+0fj8=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=a2fmkcJbHsOGiIXbOAyzM+H+Eo7ahJP9bKxDqpiyEKO0ziDCSGI27IIzFw09HSfDH/ZY5gZN+6ONwAWrzMlPC+Ox497xRpQEn1Mh6dhD/2NNQqCKx70uctnf4S21DzRibldF3p48AhoZu0gX3HrpzjYs/A9bSaRVDbCO91LKI2k=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=UFJG4Hlu; arc=none smtp.client-ip=209.85.214.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="UFJG4Hlu"
Received: by mail-pl1-f201.google.com with SMTP id
 d9443c01a7336-23632fd6248so15694775ad.3
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:58:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596298; x=1750201098;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=ac+Cbfu6uBI7SW7IA1xemqMCAvuIHQqDioO25y7DkVY=;
        b=UFJG4HlupvmTJXPvl9ioUEXDcH3GsIgUJLhr437NCPT+WU+fMT8FLm8ZcWurur4xtd
         uG9Gc0YRWKGQa3vKhxAuJ188nNVyRUdrdBjh4iOpilByDBUC6N+wE8pYH+esH7csYfZf
         VGGCSTxQifI1UR/zwhIDeowd+ttcxKkzEEkdKXJ+TzykUwjXlGf1Kek5nwqy8W+BaHi4
         wv8X32KD5fzflPWJCnoIYZStwh0SpnkgvSm8JQfBPEsNaCfR3td8QSDXGK1h7ggNYTOr
         q0PpAv44Gy/AmDhRe5qrbv7fQijixligN/8s7CKQJuufHjndHTJSPqeDv4CndL8zW5W1
         QMSQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596298; x=1750201098;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=ac+Cbfu6uBI7SW7IA1xemqMCAvuIHQqDioO25y7DkVY=;
        b=ULnjj/wCe4Gy7ZyH/2r98G7Yx/DEwoi30UEMy/s2T9CSgmZtcCfaqXxmPHqkelfIV5
         Z6xrcpXVzS0czHeIO3j9A/ex9dAyytj4u/GCfbdZXXC8xzfc7znGyCPg+zb+1biyvGbj
         B1GJGCl/o7kAWLCE8iYzGkQeg3GLbdgD1QJN1Osmw5zD8KJoHF1KwBMP5smci7LAo0t7
         Z199BKVkCh6EOlIZOTXicHql2W5/XDyxGhOPJQwRNR+IqbEiMKL+N2MfmPZwToBghFmp
         0WLlWRv6xcZ1lz60wsglpebJmoBm9wXAKuXTNP8GqEvQB1TMnDEWCBT9v2Sar7pKI5aM
         dtsw==
X-Forwarded-Encrypted: i=1;
 AJvYcCXlbQRqKYPa6VAer/95XrpuBpFMrh85hc1M8JXleaLmjGeaHPtR+GukJ/uRsRJNkznMyh1YgtP8girrs90=@vger.kernel.org
X-Gm-Message-State: AOJu0YyvXc1xWPR+iSEZ00aAP5pUFoE29/+CMJWd+MTNoGh/sHH9Yeah
	6ksDEjZq2KFAudje0gRi8W8KbLAO+kHfIFl3dPZpidr7bHYmuaF6E0oNogU7N7XAtB9QkeNzlJb
	GzSk0Ug==
X-Google-Smtp-Source: 
 AGHT+IFvfEiSl9bbSkg4PnNv9/YyrCUYvpHRFr097xwXo2xZysRVCZpLBkRJGDENwp9UGHQRHq010H7iJ0I=
X-Received: from pjl7.prod.google.com ([2002:a17:90b:2f87:b0:312:1dae:6bf0])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:903:1cf:b0:234:a139:11ec
 with SMTP id d9443c01a7336-2364260edadmr7589675ad.20.1749596298103; Tue, 10
 Jun 2025 15:58:18 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:27 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-23-seanjc@google.com>
Subject: [PATCH v2 22/32] KVM: SVM: Fold svm_vcpu_init_msrpm() into its sole
 caller
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Fold svm_vcpu_init_msrpm() into svm_recalc_msr_intercepts() now that there
is only the one caller (and because the "init" misnomer is even more
misleading than it was in the past).

No functional change intended.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
---
 arch/x86/kvm/svm/svm.c | 27 +++++++++++----------------
 1 file changed, 11 insertions(+), 16 deletions(-)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 1e3250ed2954..be2e6914e9d9 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -779,21 +779,6 @@ static void svm_recalc_lbr_msr_intercepts(struct kvm_v=
cpu *vcpu)
 		svm_set_intercept_for_msr(vcpu, MSR_IA32_DEBUGCTLMSR, MSR_TYPE_RW, inter=
cept);
 }
=20
-static void svm_vcpu_init_msrpm(struct kvm_vcpu *vcpu)
-{
-	svm_disable_intercept_for_msr(vcpu, MSR_STAR, MSR_TYPE_RW);
-	svm_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_CS, MSR_TYPE_RW);
-
-#ifdef CONFIG_X86_64
-	svm_disable_intercept_for_msr(vcpu, MSR_GS_BASE, MSR_TYPE_RW);
-	svm_disable_intercept_for_msr(vcpu, MSR_FS_BASE, MSR_TYPE_RW);
-	svm_disable_intercept_for_msr(vcpu, MSR_KERNEL_GS_BASE, MSR_TYPE_RW);
-	svm_disable_intercept_for_msr(vcpu, MSR_LSTAR, MSR_TYPE_RW);
-	svm_disable_intercept_for_msr(vcpu, MSR_CSTAR, MSR_TYPE_RW);
-	svm_disable_intercept_for_msr(vcpu, MSR_SYSCALL_MASK, MSR_TYPE_RW);
-#endif
-}
-
 void svm_set_x2apic_msr_interception(struct vcpu_svm *svm, bool intercept)
 {
 	static const u32 x2avic_passthrough_msrs[] =3D {
@@ -852,7 +837,17 @@ static void svm_recalc_msr_intercepts(struct kvm_vcpu =
*vcpu)
 {
 	struct vcpu_svm *svm =3D to_svm(vcpu);
=20
-	svm_vcpu_init_msrpm(vcpu);
+	svm_disable_intercept_for_msr(vcpu, MSR_STAR, MSR_TYPE_RW);
+	svm_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_CS, MSR_TYPE_RW);
+
+#ifdef CONFIG_X86_64
+	svm_disable_intercept_for_msr(vcpu, MSR_GS_BASE, MSR_TYPE_RW);
+	svm_disable_intercept_for_msr(vcpu, MSR_FS_BASE, MSR_TYPE_RW);
+	svm_disable_intercept_for_msr(vcpu, MSR_KERNEL_GS_BASE, MSR_TYPE_RW);
+	svm_disable_intercept_for_msr(vcpu, MSR_LSTAR, MSR_TYPE_RW);
+	svm_disable_intercept_for_msr(vcpu, MSR_CSTAR, MSR_TYPE_RW);
+	svm_disable_intercept_for_msr(vcpu, MSR_SYSCALL_MASK, MSR_TYPE_RW);
+#endif
=20
 	if (lbrv)
 		svm_recalc_lbr_msr_intercepts(vcpu);
--=20
2.50.0.rc0.642.g800a2b2222-goog
From nobody Sat Oct 11 08:30:54 2025
Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com
 [209.85.216.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 581002E62BE
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:58:20 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596301; cv=none;
 b=rrX6EG1dpbCWoUeGO5QqJZSvAE8G/y/VdsQlxXiR1YqFbWtg0t22HgzYjdzwV4Yf9lRtmzP1eRBzZ0PwdfmdFH2pMA5VN6QMWFh+718wQtrV1/x7yahpGf3yZvsabjlzr6keKt+7YCA9YLk87ips1+JSfOgbFpSqC6L/ZL44KLg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596301; c=relaxed/simple;
	bh=f/EAWvczmGlis0EJoXnBgZhe5pWyfnEdUlP3dM2tmoI=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=jCFQ78psTG2Xez8FfCl8Uol5Ub2VXaePX6GWyTuZ45lEJCdEK3yMzjNDb1pOYSE4Ki8ZULTXJH8ewKcE4v3cJvOrpovJCDZDwkbeVaTK5bXiaJiAQQI7Neu4Gv4b72Fm7kAhANBCrV4yP45eEsZST9/KtU8u+qodHoZ/HhF3yOY=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=yZbxzrb0; arc=none smtp.client-ip=209.85.216.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="yZbxzrb0"
Received: by mail-pj1-f73.google.com with SMTP id
 98e67ed59e1d1-3138e671316so206066a91.0
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:58:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596300; x=1750201100;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=3aERknNfpUpnNzDb0X+4tA2Uq/yHJSwlZpcjPIafQX0=;
        b=yZbxzrb0adQtaSiov8OAj4ZH0bk7vrG2GiPM5mvtug6hiviaIj0t+51NVnU1VcoP2c
         zF72wdWL5Lv32ogv50+7gKbnEj2czJyHT2ZMYa7be+MJAoEQ5CuAmxTHrzcSEtNgjpZe
         BHY2aJuFQmKSfsd690Ph69LWHUc/Mpntc42iJc7VohL9HiA/Gs2DtgE+UsgpJRLuM95C
         m9WvD39M64ocFbnvZg9jlzvEe7oFx/qSYWuwmS3wuC8pUsszFJWEV4GBWtviACiwpwUX
         8Q7r9FoCx7QURzEs3LU/qCs4xfqckRZzQWyUppOV8WaZepUmu0z0oo2w0n38BwlEwND/
         /7HQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596300; x=1750201100;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=3aERknNfpUpnNzDb0X+4tA2Uq/yHJSwlZpcjPIafQX0=;
        b=mPk8WVoAQzPNXaf7JmQwxGwwkS8lm+y5Fhmxc5zEx7IR/SXwigMj+tfYRJKWAu49n+
         Vt0JjO5dtU7AHQYuB6KYWSKm7iRWNYMM4czqX/CdQ2F8AAjDF4AhSt/Xmi9k/C75t+Zo
         232dg2Aq10LF0XxiuBZCio3IPxCQk3XKWWKOVRbfuZm0vOLaii+6V1OsSS1fk2IUYLXx
         e5dfW8EDV7+IFSuUoc97ptQjXXWH2wAxRR1icFF1gJZz3X7efLsAbeFiLMnYpxqDshfH
         4BoCxiHkrTDaud0ahLsnIbtHSqLN7CHynL014Q8TxrtEIkm6mi95kSTBwieW2WLA7RHS
         pGqg==
X-Forwarded-Encrypted: i=1;
 AJvYcCUzkBYc6pOweMtNrHwNparAKECvKnf0Af7W7zJEN1M/cQ9Cc427sRSDa0T+TRHxhSEM7YwXvi1XtQFQw60=@vger.kernel.org
X-Gm-Message-State: AOJu0YyCV/MslgKBCm1hU/KCGyerG7UbeLtK9l+XTZgwUD+sRzfDpVQQ
	uXttNoXvyoAciSIaU5v/yRC4UwCzeaaa8id8ph0cQSsJOuP/rNnO9roofnkVa5XKyWpcGgmPIot
	f0flI3A==
X-Google-Smtp-Source: 
 AGHT+IGlzYkxdQ3jNmoKIUKmRdKv/2EfCT350E/6eTwy54a2Ok9AGh8+muDwBdz1XTmZyCV98h6a07IqxRU=
X-Received: from pjbsz14.prod.google.com
 ([2002:a17:90b:2d4e:b0:311:d264:6f5d])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:90b:1dcc:b0:30e:6a9d:d78b
 with SMTP id 98e67ed59e1d1-313af941543mr1391860a91.12.1749596299766; Tue, 10
 Jun 2025 15:58:19 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:28 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-24-seanjc@google.com>
Subject: [PATCH v2 23/32] KVM: SVM: Merge "after set CPUID" intercept recalc
 helpers
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Merge svm_recalc_intercepts_after_set_cpuid() and
svm_recalc_instruction_intercepts() such that the "after set CPUID" helper
simply invokes the type-specific helpers (MSRs vs. instructions), i.e.
make svm_recalc_intercepts_after_set_cpuid() a single entry point for all
intercept updates that need to be performed after a CPUID change.

No functional change intended.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
---
 arch/x86/kvm/svm/svm.c | 18 +++++++-----------
 1 file changed, 7 insertions(+), 11 deletions(-)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index be2e6914e9d9..59088f68c557 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -1075,9 +1075,10 @@ void svm_write_tsc_multiplier(struct kvm_vcpu *vcpu)
 }
=20
 /* Evaluate instruction intercepts that depend on guest CPUID features. */
-static void svm_recalc_instruction_intercepts(struct kvm_vcpu *vcpu,
-					      struct vcpu_svm *svm)
+static void svm_recalc_instruction_intercepts(struct kvm_vcpu *vcpu)
 {
+	struct vcpu_svm *svm =3D to_svm(vcpu);
+
 	/*
 	 * Intercept INVPCID if shadow paging is enabled to sync/free shadow
 	 * roots, or if INVPCID is disabled in the guest to inject #UD.
@@ -1096,11 +1097,6 @@ static void svm_recalc_instruction_intercepts(struct=
 kvm_vcpu *vcpu,
 		else
 			svm_set_intercept(svm, INTERCEPT_RDTSCP);
 	}
-}
-
-static void svm_recalc_intercepts_after_set_cpuid(struct kvm_vcpu *vcpu)
-{
-	struct vcpu_svm *svm =3D to_svm(vcpu);
=20
 	if (guest_cpuid_is_intel_compatible(vcpu)) {
 		svm_set_intercept(svm, INTERCEPT_VMLOAD);
@@ -1117,7 +1113,11 @@ static void svm_recalc_intercepts_after_set_cpuid(st=
ruct kvm_vcpu *vcpu)
 			svm->vmcb->control.virt_ext |=3D VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK;
 		}
 	}
+}
=20
+static void svm_recalc_intercepts_after_set_cpuid(struct kvm_vcpu *vcpu)
+{
+	svm_recalc_instruction_intercepts(vcpu);
 	svm_recalc_msr_intercepts(vcpu);
 }
=20
@@ -1243,8 +1243,6 @@ static void init_vmcb(struct kvm_vcpu *vcpu)
 		svm_clr_intercept(svm, INTERCEPT_PAUSE);
 	}
=20
-	svm_recalc_instruction_intercepts(vcpu, svm);
-
 	if (kvm_vcpu_apicv_active(vcpu))
 		avic_init_vmcb(svm, vmcb);
=20
@@ -4509,8 +4507,6 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu =
*vcpu)
 	if (guest_cpuid_is_intel_compatible(vcpu))
 		guest_cpu_cap_clear(vcpu, X86_FEATURE_V_VMSAVE_VMLOAD);
=20
-	svm_recalc_instruction_intercepts(vcpu, svm);
-
 	if (sev_guest(vcpu->kvm))
 		sev_vcpu_after_set_cpuid(svm);
=20
--=20
2.50.0.rc0.642.g800a2b2222-goog
From nobody Sat Oct 11 08:30:54 2025
Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com
 [209.85.216.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id E3BCD260565
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:58:21 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596303; cv=none;
 b=uasWn1bnibmH8mmbmz3qLWaKLtDWPU8VjRviFUUjP3ZWj6rQMAMC052KobOAS8lU7qTOOHLR3gtHRWmFOs2An8Mwfe9iZ8+yGA/YVXU59KY0DssT9prOEZgiEPY66vhdJGoBCjN+HqFvRWWtlxb2Tb4gEZCLxhdIpSUTUGL3KPs=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596303; c=relaxed/simple;
	bh=IB7MuUnuIgiPbLKi3Tq9cVagh02TXhUkYhDO6XH5nEY=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=HKC5uyp4FopJJ49g16f6BjqJPYs5x5SkbJaMPB4h2QBsN6T0sVokM+Vc7mlgXC7pNe1WfmCQsyhgMPCc4kka2uZ8Tjha7iI8H23HwgKdpf+tgJb6oaGpln/ELwPgROKGQCXi9LJsZexrA530MNKWuQtXPjX730PS7vGs2Q+wRA4=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=C4Fqr/kR; arc=none smtp.client-ip=209.85.216.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="C4Fqr/kR"
Received: by mail-pj1-f73.google.com with SMTP id
 98e67ed59e1d1-3138e65efe2so2290448a91.1
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:58:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596301; x=1750201101;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=ruy+gu6RGSeT+f9/V4uicP7PXhGDQAcKPy/FYrm3WvE=;
        b=C4Fqr/kRJdqxMEecE2E0xEkGRqIwa7/i3f1wI9Ls/PqS5TLpkg6pYNYLBsh+YJETNz
         PgLKI6fb2rFk30KE5PorEv7000XAzg2ISa1TUYXopsZ7/dTSSpF8ZfJtxLsLWjjVOG9E
         qYiOwb2mIkRJtC3ay23JG9VQtnH7t3s1witPr8h+0Qml06vAGhCsD/WRz3GsEmxn/Vo9
         a79taufW/k6H7XVSzFg3nkGzIec75SEnBaqxO2+9Ui5N70+lZAWfEsJgCwvqbDhQf3Ja
         nkiulmK49vd9Gp+DoXvvM4GzewTkPTdnWwnsvoyIW5KHofdEw0XOhUxx1TLqDXkVmjgr
         Q3ZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596301; x=1750201101;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=ruy+gu6RGSeT+f9/V4uicP7PXhGDQAcKPy/FYrm3WvE=;
        b=JKcQvLNBdtFFDL9gnJyA5D28njaLVRw0Bb0aCg5XBUxc2LbVMyvwzoMfGSIJ70/SdY
         IuBHhNCFpjE13HZ1tVp3j13jPVFFQEXZEWZL4HBpXsAeLC4rrVSh3Lcs9p7/vnofhLzN
         Yi4V+DAXZ9OZZf0dXsICzbs0QnlKUeqKmhrSldWp22YccvnWLLb9Sgydvy3gekr6u6CQ
         JBJB8YzhFphVzDhSWP0p1F4VobnC2RC63+PvYVRQosNog/wa3Su97xavhY9xmmpWJW0v
         NgJidbEMzLxL83ZJ7HebPGksq1Hr1AtCZvDlV3ZUHAkU8xJrV3aPzkrG/7iXWSnl9Ljm
         v07A==
X-Forwarded-Encrypted: i=1;
 AJvYcCWzpATuoyuE1KX2wHHHA5jyGXUttm9BdPec57ov1YZTN7IxVwOiXtjs4TF+2mIx5jBRbpGLuI6y8DY/OAQ=@vger.kernel.org
X-Gm-Message-State: AOJu0YyERLsCItdjTww59A9Yi0P7gWaZKz7JvcF+6pvwYWOrNYpy2Nsj
	WLjH2ev5IBVfsieYe1qAxjFQbi/lFDmNo5xNrauqlqzJ3qkpOf0WBcmrLnPtZXxiyfYOc2i1M0q
	b4Im2Lg==
X-Google-Smtp-Source: 
 AGHT+IFbea8RU8Wa7FlWpADnbF097Ndh4OlVRSMm3Srv7lWxi5ffWqJcVZoxQ6p+4c7SYNx97eTifIhcUmA=
X-Received: from pjz3.prod.google.com ([2002:a17:90b:56c3:b0:312:e914:4548])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:90b:50:b0:311:c1ec:7d03
 with SMTP id 98e67ed59e1d1-313b2011f52mr491202a91.32.1749596301442; Tue, 10
 Jun 2025 15:58:21 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:29 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-25-seanjc@google.com>
Subject: [PATCH v2 24/32] KVM: SVM: Drop explicit check on MSRPM offset when
 emulating SEV-ES accesses
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Now that msr_write_intercepted() defaults to true, i.e. accurately reflects
hardware behavior for out-of-range MSRs, and doesn't WARN (or BUG) on an
out-of-range MSR, drop sev_es_prevent_msr_access()'s svm_msrpm_offset()
check that guarded against calling msr_write_intercepted() with a "bad"
index.

Opportunistically clean up the helper's formatting.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
---
 arch/x86/kvm/svm/svm.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 59088f68c557..9e4d08dba5f8 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -2767,12 +2767,11 @@ static int svm_get_feature_msr(u32 msr, u64 *data)
 	return 0;
 }
=20
-static bool
-sev_es_prevent_msr_access(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
+static bool sev_es_prevent_msr_access(struct kvm_vcpu *vcpu,
+				      struct msr_data *msr_info)
 {
 	return sev_es_guest(vcpu->kvm) &&
 	       vcpu->arch.guest_state_protected &&
-	       svm_msrpm_offset(msr_info->index) !=3D MSR_INVALID &&
 	       !msr_write_intercepted(vcpu, msr_info->index);
 }
=20
--=20
2.50.0.rc0.642.g800a2b2222-goog
From nobody Sat Oct 11 08:30:54 2025
Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com
 [209.85.214.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id CFBCE26E716
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:58:26 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.214.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596308; cv=none;
 b=IeApAygdDMEeMO7BdHBF9Jr9RcVxKu+hP89b8JoJjUJA9g3LR3krlqN58EXoLvCD4o/06w8poj0u6VDsozWO8QclCYHpMvUVFRclSA0LMcgFrWRN1SSEPC6kuTKGShF6ViZboEpFwd12uTLVpcSJi9GgxOAd6n7TPbC57IBeDGc=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596308; c=relaxed/simple;
	bh=c5jtKerqKCl4XHYQy4zQoY0B/Fac2DEBJ4FzYctBNv0=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=HmWu5Tri/G62SdaX3uj2XWvWoWVKB/dPL8Hi1BJPS6AzqieDSspK0kJROEA0GL61/pj/JFG7lP8QRNlBGCm/wDUk+DMuHJlT7sRG9fXj2PnWv6NMZK4IsezHL5wLW04MNpmUPKymVghtBh+KNfMcN+Z83P/1XI/jqIehi0YLPM4=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=WEC70Sw6; arc=none smtp.client-ip=209.85.214.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="WEC70Sw6"
Received: by mail-pl1-f201.google.com with SMTP id
 d9443c01a7336-235089528a0so1985945ad.1
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:58:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596306; x=1750201106;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=ngowtUk0pmcEMi5JuRIJTHwRoFQ1ps0rBy51903B/GI=;
        b=WEC70Sw6l2/trSw5KHeqyRbZXI05VN4Q4WCWggSf3r7fAxicEdDtyWUkiq6UzlPJBw
         5NSdu3ptn1MRLK3VboDghQoMZdmcqAY6i6WoIrvjzb0p5Cr3Gd+0SClc1nbposU9e3sx
         zMaqPCaI7OBM98MxbJEvIk3oqyEXjTGB0SBcxL0VtT9YZPFJL1Vmro0KqejTHbhEB8l1
         g9BvbIAuOYb6M2y8uWnh1h/rrID8F3FfdV7q9rskQ6PWpzNRFRvfYH1JTaoD0YXaVPCA
         pLEidnBHfinYSn294seyDfH0gkhH86IoEHEtdP5w6iuxjRmdxIwsWMZRnY2AltVC3Kwk
         8Pmg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596306; x=1750201106;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=ngowtUk0pmcEMi5JuRIJTHwRoFQ1ps0rBy51903B/GI=;
        b=lc75fWwrYaRwWUs/LwncwUNKM/M6G8A7ZZJpyY0eXuaN8ejEi5X+KkTmnjqETI4Lwz
         LeKy0EZhdwWulO4on3JCSKZx0PeePIxLUm52PZy3SUQof/V0BmvYHIPZl0WWgA3+a+Zj
         u68LeWcbYEdxcb/eO1+NPJ664+FttgkU+elj9+BhHWUoEmllqChwoofE5hSosUjGtV63
         1RhAqMANYAD/hV3yqTir0PnH6rtA2GeardDlTqeR5cbH7h/yrgdAynXc/cEsQm2jCzcD
         IH9iz1U7AfZ5G3U+ldT9drRiIrIQKHc5Nrt6WncaC4xpsUZJi9kPew7dzMT7QBvvptOa
         uawg==
X-Forwarded-Encrypted: i=1;
 AJvYcCXUPP/JXoKsE4DLLkva3EaQvVt1QqSXEzKK+c7aZf9T5DvsN2YMTpfUIJmc5eJf/EzAHY2SumbAbe4bktg=@vger.kernel.org
X-Gm-Message-State: AOJu0Yxy5t/aLrrRzCeNw62h2q9xlYxhD1desAqTqwMzphSBmbvkjhWA
	xn3yB8DuYv3Ndi24+DGS9jJYMn3uZ3y0B5tcygOY/hMEMitapsvR3MFGGPFi1phheZDaHAnUltq
	rFHtpUA==
X-Google-Smtp-Source: 
 AGHT+IE8f4mjqFSxcWHB/Sxh/pqjjROaBQQ9c1q90hSKtUQsBQheucaQE9iY6C+1XXLQyaspE5G0Cxh4kFM=
X-Received: from pjbpx2.prod.google.com ([2002:a17:90b:2702:b0:313:230:89ed])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:90b:3908:b0:311:ab20:1591
 with SMTP id 98e67ed59e1d1-313af9711a2mr1372038a91.15.1749596303034; Tue, 10
 Jun 2025 15:58:23 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:30 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-26-seanjc@google.com>
Subject: [PATCH v2 25/32] KVM: SVM: Move svm_msrpm_offset() to nested.c
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Move svm_msrpm_offset() from svm.c to nested.c now that all usage of the
u32-index offsets is nested virtualization specific.

No functional change intended.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
---
 arch/x86/kvm/svm/nested.c | 23 +++++++++++++++++++++++
 arch/x86/kvm/svm/svm.c    | 23 -----------------------
 arch/x86/kvm/svm/svm.h    |  1 -
 3 files changed, 23 insertions(+), 24 deletions(-)

diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index cf148f7db887..13de4f63a9c2 100644
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -197,6 +197,29 @@ void recalc_intercepts(struct vcpu_svm *svm)
 static int nested_svm_msrpm_merge_offsets[6] __ro_after_init;
 static int nested_svm_nr_msrpm_merge_offsets __ro_after_init;
=20
+static const u32 msrpm_ranges[] =3D {0, 0xc0000000, 0xc0010000};
+
+static u32 svm_msrpm_offset(u32 msr)
+{
+	u32 offset;
+	int i;
+
+	for (i =3D 0; i < ARRAY_SIZE(msrpm_ranges); i++) {
+		if (msr < msrpm_ranges[i] ||
+		    msr >=3D msrpm_ranges[i] + SVM_MSRS_PER_RANGE)
+			continue;
+
+		offset  =3D (msr - msrpm_ranges[i]) / SVM_MSRS_PER_BYTE;
+		offset +=3D (i * SVM_MSRPM_BYTES_PER_RANGE);  /* add range offset */
+
+		/* Now we have the u8 offset - but need the u32 offset */
+		return offset / 4;
+	}
+
+	/* MSR not in any range */
+	return MSR_INVALID;
+}
+
 int __init nested_svm_init_msrpm_merge_offsets(void)
 {
 	static const u32 merge_msrs[] __initconst =3D {
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 9e4d08dba5f8..5008e929b1a5 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -195,29 +195,6 @@ static DEFINE_MUTEX(vmcb_dump_mutex);
  */
 static int tsc_aux_uret_slot __read_mostly =3D -1;
=20
-static const u32 msrpm_ranges[] =3D {0, 0xc0000000, 0xc0010000};
-
-u32 svm_msrpm_offset(u32 msr)
-{
-	u32 offset;
-	int i;
-
-	for (i =3D 0; i < ARRAY_SIZE(msrpm_ranges); i++) {
-		if (msr < msrpm_ranges[i] ||
-		    msr >=3D msrpm_ranges[i] + SVM_MSRS_PER_RANGE)
-			continue;
-
-		offset  =3D (msr - msrpm_ranges[i]) / SVM_MSRS_PER_BYTE;
-		offset +=3D (i * SVM_MSRPM_BYTES_PER_RANGE);  /* add range offset */
-
-		/* Now we have the u8 offset - but need the u32 offset */
-		return offset / 4;
-	}
-
-	/* MSR not in any range */
-	return MSR_INVALID;
-}
-
 static int get_npt_level(void)
 {
 #ifdef CONFIG_X86_64
diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index 91c4eb2232e0..a0c14256cc56 100644
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -666,7 +666,6 @@ BUILD_SVM_MSR_BITMAP_HELPERS(void, set, __set)
 /* svm.c */
 extern bool dump_invalid_vmcb;
=20
-u32 svm_msrpm_offset(u32 msr);
 u32 *svm_vcpu_alloc_msrpm(void);
 void svm_vcpu_free_msrpm(u32 *msrpm);
 void svm_copy_lbrs(struct vmcb *to_vmcb, struct vmcb *from_vmcb);
--=20
2.50.0.rc0.642.g800a2b2222-goog
From nobody Sat Oct 11 08:30:55 2025
Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com
 [209.85.210.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7025C26E6FA
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:58:25 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.210.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596306; cv=none;
 b=D3R5CDPRrHRl0+F2bsZQWnxiagnOdYuvolDyo4OlE8TC8T7bi/JTG5bABbevZ5kYIr7iE5XD2fi+oGoMhYgICRUmfs1FO7iqHDo42TVbOpkIBRiWHnPiW7XH6ceUNwrpVRXVu3Ba/dOCgfaxzEIay3dm+BzTzkInbxNXAjOvi7Y=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596306; c=relaxed/simple;
	bh=ZMrkmpCRHBNEmqTXy2uAR5fh6WPPiHvvzXeNcQCC0eI=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=UWu0+j1G+o/haeq/bDLYOnQLex1gLR64xrkaM+N4UxKS3XLRSU/gqjNa3/NbhOeM1lqBEVCedXoN2g6jzT+ORW5ZuxEiQIKWPp2+o5VFmHs7/LbJ90rtTjZCnacszJJrbWKu+4FEjNhIcFJt4b/FnQr3lfzl7kW1hXsmvFOSsKM=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=pJvmIVlT; arc=none smtp.client-ip=209.85.210.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="pJvmIVlT"
Received: by mail-pf1-f201.google.com with SMTP id
 d2e1a72fcca58-747adea6ddbso3907337b3a.0
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:58:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596305; x=1750201105;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=iMsn/XCpk3SvMnv5TdPAcg1wTJ8i5wLPr3bJ43LVwSc=;
        b=pJvmIVlTFa5tVZm0GNyiMHxDSyqHoFCmkK4jNJ6VIK9fVuGbuy7mszd0p6ToK04fzc
         dp5L44H0p2K/0Xx8UrYQQxWXhyKiXv0hE92FCAE8X2iWWPfams78Sm0fLxLGwEDskHLo
         Ve8iw0TJRdoL6gyh/vVfSnO03M7aX0YfltRqUM4HvaXlGhPmn/X29ddXSBpEMBBtTvPh
         lZPiyCGdRkmVMceTFC4fw2WDZ3SoQWiEsLrSEH+CQn6VQYrIK/XnxpJL32lEs7ni4HrN
         9aC3JSHHcZLYlWOtXm+p1yzMrnspKmkJPv3ddihIMudqKIhzF1TGIwfI1lfTncmtAO7Y
         XvUQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596305; x=1750201105;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=iMsn/XCpk3SvMnv5TdPAcg1wTJ8i5wLPr3bJ43LVwSc=;
        b=ZcWlNlznskobl8GmyUlJTl73Q4OPeJbycVNcBvJXMhq0NOBkQsN7K1tOWXDU/CUy38
         lHyY4MdZU9L41/mNsrF3E4m9PZl/LJ3yTnftm6g+qAKoH6Ahjd3edNQ5QKoFgx/qDtrJ
         lMxN5oqle7NzVq6ykPpWF/OuwX1ijtQrhP5lsob4LPE7py4qeOv+3WjbiXX0odTcQJcr
         xuFSwla4wL8ht3DagpUIOsakcmNeBB5ibVhkyz22iOYzgaG7mGzA20M7IyaHg3vE6l3G
         Trb+RjXb4TT6BwG0wwXXSBCHnk+eXr1VuW205iap4+yEzPsW8j5U7y9VtsuNJzQWITtG
         LohQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCXmI76U8X7Bw3RXCQeywN8kknlR9WSxKtoSI/1MPklULxtoFA6Eq6gN8+GrYhJGR9Y3F93v9ez94BAZHoY=@vger.kernel.org
X-Gm-Message-State: AOJu0YxWEXsdDB2G4gMZ8lNb1ewdhpieXsFMBKMBGye5Fqy7w2rPchE3
	70LnM59mqe3ngXISNnUtWrFsxL81UAt/M0UpfolWStujI9Dc87GZpBiAgCYsCxM6+hdb/urnmD4
	9CXBoFQ==
X-Google-Smtp-Source: 
 AGHT+IE0kK/JdurOn2YSGpKLeGkBXQuZuXlLOBNcSKRwobgbYBfija/k/FnwePHxSxLV3CrEwUySJM0qVwE=
X-Received: from pgbda4.prod.google.com
 ([2002:a05:6a02:2384:b0:b2f:1e09:528b])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6a21:7a46:b0:218:bcd3:6d2e
 with SMTP id adf61e73a8af0-21f867474e5mr1981438637.36.1749596304697; Tue, 10
 Jun 2025 15:58:24 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:31 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-27-seanjc@google.com>
Subject: [PATCH v2 26/32] KVM: SVM: Store MSRPM pointer as "void *" instead of
 "u32 *"
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Store KVM's MSRPM pointers as "void *" instead of "u32 *" to guard against
directly accessing the bitmaps outside of code that is explicitly written
to access the bitmaps with a specific type.

Opportunistically use svm_vcpu_free_msrpm() in svm_vcpu_free() instead of
open coding an equivalent.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
---
 arch/x86/kvm/svm/nested.c |  4 +++-
 arch/x86/kvm/svm/svm.c    |  8 ++++----
 arch/x86/kvm/svm/svm.h    | 13 ++++++++-----
 3 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index 13de4f63a9c2..f9bda148273e 100644
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -277,6 +277,8 @@ int __init nested_svm_init_msrpm_merge_offsets(void)
 static bool nested_svm_merge_msrpm(struct kvm_vcpu *vcpu)
 {
 	struct vcpu_svm *svm =3D to_svm(vcpu);
+	u32 *msrpm02 =3D svm->nested.msrpm;
+	u32 *msrpm01 =3D svm->msrpm;
 	int i;
=20
 	/*
@@ -311,7 +313,7 @@ static bool nested_svm_merge_msrpm(struct kvm_vcpu *vcp=
u)
 		if (kvm_vcpu_read_guest(vcpu, offset, &value, 4))
 			return false;
=20
-		svm->nested.msrpm[p] =3D svm->msrpm[p] | value;
+		msrpm02[p] =3D msrpm01[p] | value;
 	}
=20
 	svm->nested.force_msr_bitmap_recalc =3D false;
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 5008e929b1a5..fc41ec70b6de 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -728,11 +728,11 @@ void svm_enable_intercept_for_msr(struct kvm_vcpu *vc=
pu, u32 msr, int type)
 	svm->nested.force_msr_bitmap_recalc =3D true;
 }
=20
-u32 *svm_vcpu_alloc_msrpm(void)
+void *svm_vcpu_alloc_msrpm(void)
 {
 	unsigned int order =3D get_order(MSRPM_SIZE);
 	struct page *pages =3D alloc_pages(GFP_KERNEL_ACCOUNT, order);
-	u32 *msrpm;
+	void *msrpm;
=20
 	if (!pages)
 		return NULL;
@@ -805,7 +805,7 @@ void svm_set_x2apic_msr_interception(struct vcpu_svm *s=
vm, bool intercept)
 	svm->x2avic_msrs_intercepted =3D intercept;
 }
=20
-void svm_vcpu_free_msrpm(u32 *msrpm)
+void svm_vcpu_free_msrpm(void *msrpm)
 {
 	__free_pages(virt_to_page(msrpm), get_order(MSRPM_SIZE));
 }
@@ -1353,7 +1353,7 @@ static void svm_vcpu_free(struct kvm_vcpu *vcpu)
 	sev_free_vcpu(vcpu);
=20
 	__free_page(__sme_pa_to_page(svm->vmcb01.pa));
-	__free_pages(virt_to_page(svm->msrpm), get_order(MSRPM_SIZE));
+	svm_vcpu_free_msrpm(svm->msrpm);
 }
=20
 #ifdef CONFIG_CPU_MITIGATIONS
diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index a0c14256cc56..e078df15f1d8 100644
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -186,8 +186,11 @@ struct svm_nested_state {
 	u64 vmcb12_gpa;
 	u64 last_vmcb12_gpa;
=20
-	/* These are the merged vectors */
-	u32 *msrpm;
+	/*
+	 * The MSR permissions map used for vmcb02, which is the merge result
+	 * of vmcb01 and vmcb12
+	 */
+	void *msrpm;
=20
 	/* A VMRUN has started but has not yet been performed, so
 	 * we cannot inject a nested vmexit yet.  */
@@ -268,7 +271,7 @@ struct vcpu_svm {
 	 */
 	u64 virt_spec_ctrl;
=20
-	u32 *msrpm;
+	void *msrpm;
=20
 	ulong nmi_iret_rip;
=20
@@ -666,8 +669,8 @@ BUILD_SVM_MSR_BITMAP_HELPERS(void, set, __set)
 /* svm.c */
 extern bool dump_invalid_vmcb;
=20
-u32 *svm_vcpu_alloc_msrpm(void);
-void svm_vcpu_free_msrpm(u32 *msrpm);
+void *svm_vcpu_alloc_msrpm(void);
+void svm_vcpu_free_msrpm(void *msrpm);
 void svm_copy_lbrs(struct vmcb *to_vmcb, struct vmcb *from_vmcb);
 void svm_enable_lbrv(struct kvm_vcpu *vcpu);
 void svm_update_lbrv(struct kvm_vcpu *vcpu);
--=20
2.50.0.rc0.642.g800a2b2222-goog
From nobody Sat Oct 11 08:30:55 2025
Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com
 [209.85.216.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1CFE026E71D
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:58:26 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596308; cv=none;
 b=qjB/dE2IeVgbKo/WLBZecF2NkDEGN6uAMuZJOPpPU5YfvXDjljhye7WRsSsjiTFLQBYzqMX52cVIeniULcBZHHDhuSp3YSzLEbx3DYkzivl+qORb07amlcFYWZcoxjPUL2QpK9vwDTQokwGUsBL0ylTYzdwIInyknrG6nKwc04A=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596308; c=relaxed/simple;
	bh=P1pYBfHF2a5ydPVAMJU32CoMov4t0z22YxjWawa50TY=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=mTk3f9GLYrQViezGlzuH1A83W4rMDTswLdeyP/B1OOeX7b5OP4dX9/GXvzXXqGkRejMuQ140BBtJw7hzKMbl1jDPjnk6jHySD0DS0uDWOcvZEV+f1FN3b0IBULtYZkoaUWy+GPXwCqCr/2+pXlku3998TJD2n6GWpLsQyf1mjgI=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=ds+ZHTUt; arc=none smtp.client-ip=209.85.216.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="ds+ZHTUt"
Received: by mail-pj1-f74.google.com with SMTP id
 98e67ed59e1d1-311e98ee3fcso220242a91.0
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:58:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596306; x=1750201106;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=UBsTjzl7rWzHa9vyXcqPpj89ZJOq4S35hhetc8s+5dU=;
        b=ds+ZHTUtMyMk/xnGPftiRFCc+hVPZENikG0M6ZoQfT/vB0Ni/N+K70NQ3pt7XuWgJw
         3JxLyqpVcs1cFbF42loiCSjwxOtXVy+lcnsAL41dnGzPBTsDKR/mq4eR2XXhJI2Trq8A
         6OsNY1BN1v+UPPHdouQCxZXxsWcj5IA4Iw90vAggOASIiFH8lDP901+uJsWkEVE0vJTg
         GO4aZ7jFXYHVevhlfMPCw6jJKJ1ATphtuwFpdFGojYeYEiSrdgNJ5FCl8E2mX4y9+F44
         CzZ23oxB+zrS1cewyxsyUUYUt7e5tUFxlV5kaY0bCWkVMm8LeQZRfrWm2oVdnsaYj2xu
         ExIA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596306; x=1750201106;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=UBsTjzl7rWzHa9vyXcqPpj89ZJOq4S35hhetc8s+5dU=;
        b=nTmM9DXIwzQCKp/6n1tEFmByxTKQQkz3b1wFzjtgJNF2omVm5IuuQ162/olsAsCjox
         yV1I9uGX6Q32COwBYXWHDimUp0vn/VRE4XwjjjsP5jatZqQTrK3J1MaQ+e+c7qTIAeyP
         DJ5hAzT+QbWBePhd+l/pzH7Sx4Ovog1xRmSdnryVJYFAko4I8GRrugfIOW9ef2dkdVAL
         ocovj8A8bgB1yi4M+vJpOylb8YI4eYcGC+C+tx2eMLckza7sidpqvdnmjgQaeP3S3mCQ
         Y/Iy/gcWQiu5nGBkVAjI3mQnde62/W7y8YTmJM/oJLINP51R1JvwmsvOfzb2/o85nHFV
         /m+w==
X-Forwarded-Encrypted: i=1;
 AJvYcCUu7hdgQbhMb0yjqJz+QJzo01sao9+as03OiNakE8T3qOh3ZKzbNa8eNshK42/G+bv73Dt6cM/tGOd0yq8=@vger.kernel.org
X-Gm-Message-State: AOJu0YxUgHJBSKdPmyXFQDDXVRSY/pDT+ZztMzOvvnNiTyPjhbbTbQIM
	7NhuvfU61wyMULHHvBF/FTMgNGY0HNYopT0mzVWDRttlVNTgzN1L78S4ODrj+jAoevcxjF4q7lL
	BwBz+Ng==
X-Google-Smtp-Source: 
 AGHT+IHIEeDEmRbbQzBBL26ejUGuQhwpUOlD0o9JSQhXoZ81alSjpxx8PrzXd+pLsmbSkXNxRqBchUhv5vM=
X-Received: from pjqq12.prod.google.com ([2002:a17:90b:584c:b0:312:ea08:fa64])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:90a:d410:b0:312:e73e:cded
 with SMTP id 98e67ed59e1d1-313af99193bmr1323185a91.16.1749596306408; Tue, 10
 Jun 2025 15:58:26 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:32 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-28-seanjc@google.com>
Subject: [PATCH v2 27/32] KVM: nSVM: Access MSRPM in 4-byte chunks only for
 merging L0 and L1 bitmaps
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Access the MSRPM using u32/4-byte chunks (and appropriately adjusted
offsets) only when merging L0 and L1 bitmaps as part of emulating VMRUN.
The only reason to batch accesses to MSRPMs is to avoid the overhead of
uaccess operations (e.g. STAC/CLAC and bounds checks) when reading L1's
bitmap pointed at by vmcb12.  For all other uses, either per-bit accesses
are more than fast enough (no uaccess), or KVM is only accessing a single
bit (nested_svm_exit_handled_msr()) and so there's nothing to batch.

In addition to (hopefully) documenting the uniqueness of the merging code,
restricting chunked access to _just_ the merging code will allow for
increasing the chunk size (to unsigned long) with minimal risk.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
---
 arch/x86/kvm/svm/nested.c | 52 ++++++++++++++-------------------------
 1 file changed, 18 insertions(+), 34 deletions(-)

diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index f9bda148273e..fb0ac87df00a 100644
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -197,29 +197,6 @@ void recalc_intercepts(struct vcpu_svm *svm)
 static int nested_svm_msrpm_merge_offsets[6] __ro_after_init;
 static int nested_svm_nr_msrpm_merge_offsets __ro_after_init;
=20
-static const u32 msrpm_ranges[] =3D {0, 0xc0000000, 0xc0010000};
-
-static u32 svm_msrpm_offset(u32 msr)
-{
-	u32 offset;
-	int i;
-
-	for (i =3D 0; i < ARRAY_SIZE(msrpm_ranges); i++) {
-		if (msr < msrpm_ranges[i] ||
-		    msr >=3D msrpm_ranges[i] + SVM_MSRS_PER_RANGE)
-			continue;
-
-		offset  =3D (msr - msrpm_ranges[i]) / SVM_MSRS_PER_BYTE;
-		offset +=3D (i * SVM_MSRPM_BYTES_PER_RANGE);  /* add range offset */
-
-		/* Now we have the u8 offset - but need the u32 offset */
-		return offset / 4;
-	}
-
-	/* MSR not in any range */
-	return MSR_INVALID;
-}
-
 int __init nested_svm_init_msrpm_merge_offsets(void)
 {
 	static const u32 merge_msrs[] __initconst =3D {
@@ -246,11 +223,18 @@ int __init nested_svm_init_msrpm_merge_offsets(void)
 	int i, j;
=20
 	for (i =3D 0; i < ARRAY_SIZE(merge_msrs); i++) {
-		u32 offset =3D svm_msrpm_offset(merge_msrs[i]);
+		u32 bit_nr =3D svm_msrpm_bit_nr(merge_msrs[i]);
+		u32 offset;
=20
-		if (WARN_ON(offset =3D=3D MSR_INVALID))
+		if (WARN_ON(bit_nr =3D=3D MSR_INVALID))
 			return -EIO;
=20
+		/*
+		 * Merging is done in 32-bit chunks to reduce the number of
+		 * accesses to L1's bitmap.
+		 */
+		offset =3D bit_nr / BITS_PER_BYTE / sizeof(u32);
+
 		for (j =3D 0; j < nested_svm_nr_msrpm_merge_offsets; j++) {
 			if (nested_svm_msrpm_merge_offsets[j] =3D=3D offset)
 				break;
@@ -1369,26 +1353,26 @@ void svm_leave_nested(struct kvm_vcpu *vcpu)
=20
 static int nested_svm_exit_handled_msr(struct vcpu_svm *svm)
 {
-	u32 offset, msr, value;
-	int write, mask;
+	gpa_t base =3D svm->nested.ctl.msrpm_base_pa;
+	u32 msr, bit_nr;
+	u8 value, mask;
+	int write;
=20
 	if (!(vmcb12_is_intercept(&svm->nested.ctl, INTERCEPT_MSR_PROT)))
 		return NESTED_EXIT_HOST;
=20
 	msr    =3D svm->vcpu.arch.regs[VCPU_REGS_RCX];
-	offset =3D svm_msrpm_offset(msr);
+	bit_nr =3D svm_msrpm_bit_nr(msr);
 	write  =3D svm->vmcb->control.exit_info_1 & 1;
-	mask   =3D 1 << ((2 * (msr & 0xf)) + write);
=20
-	if (offset =3D=3D MSR_INVALID)
+	if (bit_nr =3D=3D MSR_INVALID)
 		return NESTED_EXIT_DONE;
=20
-	/* Offset is in 32 bit units but need in 8 bit units */
-	offset *=3D 4;
-
-	if (kvm_vcpu_read_guest(&svm->vcpu, svm->nested.ctl.msrpm_base_pa + offse=
t, &value, 4))
+	if (kvm_vcpu_read_guest(&svm->vcpu, base + bit_nr / BITS_PER_BYTE,
+				&value, sizeof(value)))
 		return NESTED_EXIT_DONE;
=20
+	mask =3D BIT(write) << (bit_nr & (BITS_PER_BYTE - 1));
 	return (value & mask) ? NESTED_EXIT_DONE : NESTED_EXIT_HOST;
 }
=20
--=20
2.50.0.rc0.642.g800a2b2222-goog
From nobody Sat Oct 11 08:30:55 2025
Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com
 [209.85.214.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id C003C2728C1
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:58:28 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.214.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596311; cv=none;
 b=Q7kjHvZp33X+++nN+n6lptc5dwmfKIJs8uNSmvV0TKRzc2Iutrkfv5H3f9+eaPz15PPNZ5A485ac1tXcsMc82rXpn2fhVDB0wSQGDZJpX46KXvd+KlSCA4MktDEUYlyCoJKr9eK3bx2PCI9dv5P7+iHCE6O+7+wkTfaOmH+la0E=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596311; c=relaxed/simple;
	bh=3W8zBfO4us4fjeyfCjy2wBE++xyIbNCjBla8RMXLlM0=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=c1TBuYboMkpHjjoHKgGRXXz3CC6oUofVxd2Cv9m0fR0kvzi6aSZQmcqUywRKiEZa+Wa34I4HwtTignkiCQLb8W/96OEmS6Vy9ZYhMEc2eeaRQlfSDIveINJyXNn67LiTEKVvZHZMe86hnad8PHxyqeGm/HPW9rPoxJIttSacA/M=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=BKo7RoIF; arc=none smtp.client-ip=209.85.214.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="BKo7RoIF"
Received: by mail-pl1-f202.google.com with SMTP id
 d9443c01a7336-234b133b428so40455995ad.3
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:58:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596308; x=1750201108;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=ZO7RReyW+IQoV593Vs023wxtAUsIe6zgC5GuAJ1RIgA=;
        b=BKo7RoIFVtMtDO/60TnK4KznJ6iOAkd6Pbu7oFzMpjYN+EbuAslLHtxY5aMdbtCe8O
         FQmU7kT6tZWNe04kiUlck3/Y8AM9hS9G+5Nwx0GmNaitvSUVtIYHqmkOvA3dP7iswdKU
         x/4ve1GDENxLHWKbBZz4qGqz9COsC/lTS+YouD3dVS4JGekInIUMTVlY7tzL/PuJauSc
         FVjx0zvyhji7qSTm8Q1YeHNvltsqRhe6h7VxGTMiB2d5/E3ek+ex5oKDepy5b3VFQzd5
         weCQSXhpV3tolFji8joyx63CplhLwwsh5PoS5kLBJ5kGMsDlIFcbgjskxhVYwHvnQw58
         Hxqg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596308; x=1750201108;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=ZO7RReyW+IQoV593Vs023wxtAUsIe6zgC5GuAJ1RIgA=;
        b=JSDBBl0A67TXoLrBksgLmLM3erR+mnLsoVFgEKJCpDl8KiThg2xOiicREsYxdM5ZSI
         Yxkjsexp53OJJeqDk9ueN2q9dRUfGul8BtdIVOxa9zipU6hFQdSUBG4/TPFXV35KZqIR
         3/iP7XZgSsgcpEhX1+rst/Mc1nQMEHVfFe9OEKI7KUNLAbYUlcAQEoxlnvQZbmBqMtRe
         IiCXwZNC6HKuBEjvvyWVUFupKvjR2F3sRSijc+XfsHGJF6aMErukYmW8CN1w1BiqSbES
         5lBVfjwFzCPUliFGZkztCE8XoeLfSyNr7eptvzzyf5lX7uz/5gYTQw2TUKEErqunvRNc
         m2Sg==
X-Forwarded-Encrypted: i=1;
 AJvYcCXZG+1DztjQfuSrleatP6///MX2f4UAMORmSIfD4WgVBC3XAJpOf1A+dXvaPA2YbV0bav3uU8yfK2nq8O0=@vger.kernel.org
X-Gm-Message-State: AOJu0YztAH8ekOinhsgwg09KPB71NctVulaS48h0TUFSfh1mN0dpOCCY
	6GU+uO53lo1noh7wKwDCxjqRUSNLH8OK0zRX9q3FPJ0lLQ3QWtPPlnxTCk6PQ3YVufDn01DZLsW
	WUrGNKg==
X-Google-Smtp-Source: 
 AGHT+IECfBJPvJrhVy9Guqg7jU3P/g39SPPVnfYnG0L9bVcS+Y2ydmzBHa3Br5U+Ll8/B2E54P8107oDqQU=
X-Received: from plbb20.prod.google.com ([2002:a17:903:c14:b0:235:7e3:203])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:902:ecc7:b0:235:e309:7dec
 with SMTP id d9443c01a7336-23641b19920mr12346965ad.26.1749596308098; Tue, 10
 Jun 2025 15:58:28 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:33 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-29-seanjc@google.com>
Subject: [PATCH v2 28/32] KVM: SVM: Return -EINVAL instead of MSR_INVALID to
 signal out-of-range MSR
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Return -EINVAL instead of MSR_INVALID from svm_msrpm_bit_nr() to indicate
that the MSR isn't covered by one of the (currently) three MSRPM ranges,
and delete the MSR_INVALID macro now that all users are gone.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
---
 arch/x86/kvm/svm/nested.c | 10 +++++-----
 arch/x86/kvm/svm/svm.h    | 10 ++++------
 2 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index fb0ac87df00a..7ca45361ced3 100644
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -223,10 +223,10 @@ int __init nested_svm_init_msrpm_merge_offsets(void)
 	int i, j;
=20
 	for (i =3D 0; i < ARRAY_SIZE(merge_msrs); i++) {
-		u32 bit_nr =3D svm_msrpm_bit_nr(merge_msrs[i]);
+		int bit_nr =3D svm_msrpm_bit_nr(merge_msrs[i]);
 		u32 offset;
=20
-		if (WARN_ON(bit_nr =3D=3D MSR_INVALID))
+		if (WARN_ON(bit_nr < 0))
 			return -EIO;
=20
 		/*
@@ -1354,9 +1354,9 @@ void svm_leave_nested(struct kvm_vcpu *vcpu)
 static int nested_svm_exit_handled_msr(struct vcpu_svm *svm)
 {
 	gpa_t base =3D svm->nested.ctl.msrpm_base_pa;
-	u32 msr, bit_nr;
+	int write, bit_nr;
 	u8 value, mask;
-	int write;
+	u32 msr;
=20
 	if (!(vmcb12_is_intercept(&svm->nested.ctl, INTERCEPT_MSR_PROT)))
 		return NESTED_EXIT_HOST;
@@ -1365,7 +1365,7 @@ static int nested_svm_exit_handled_msr(struct vcpu_sv=
m *svm)
 	bit_nr =3D svm_msrpm_bit_nr(msr);
 	write  =3D svm->vmcb->control.exit_info_1 & 1;
=20
-	if (bit_nr =3D=3D MSR_INVALID)
+	if (bit_nr < 0)
 		return NESTED_EXIT_DONE;
=20
 	if (kvm_vcpu_read_guest(&svm->vcpu, base + bit_nr / BITS_PER_BYTE,
diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index e078df15f1d8..489adc2ca3f5 100644
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -619,9 +619,7 @@ static inline void svm_vmgexit_no_action(struct vcpu_sv=
m *svm, u64 data)
 static_assert(SVM_MSRS_PER_RANGE =3D=3D 8192);
 #define SVM_MSRPM_OFFSET_MASK (SVM_MSRS_PER_RANGE - 1)
=20
-#define MSR_INVALID				0xffffffffU
-
-static __always_inline u32 svm_msrpm_bit_nr(u32 msr)
+static __always_inline int svm_msrpm_bit_nr(u32 msr)
 {
 	int range_nr;
=20
@@ -636,7 +634,7 @@ static __always_inline u32 svm_msrpm_bit_nr(u32 msr)
 		range_nr =3D 2;
 		break;
 	default:
-		return MSR_INVALID;
+		return -EINVAL;
 	}
=20
 	return range_nr * SVM_MSRPM_BYTES_PER_RANGE * BITS_PER_BYTE +
@@ -647,10 +645,10 @@ static __always_inline u32 svm_msrpm_bit_nr(u32 msr)
 static inline rtype svm_##action##_msr_bitmap_##access(unsigned long *bitm=
ap,	\
 						       u32 msr)			\
 {										\
-	u32 bit_nr;								\
+	int bit_nr;								\
 										\
 	bit_nr =3D svm_msrpm_bit_nr(msr);						\
-	if (bit_nr =3D=3D MSR_INVALID)								\
+	if (bit_nr < 0)								\
 		return (rtype)true;						\
 										\
 	return bitop##_bit(bit_nr + bit_rw, bitmap);				\
--=20
2.50.0.rc0.642.g800a2b2222-goog
From nobody Sat Oct 11 08:30:55 2025
Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com
 [209.85.216.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3ABB42728EA
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:58:30 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596311; cv=none;
 b=Hphmrns/dWSu1NGLkuz9ytjVwFwwn+lG7ZKmlNIPU4tYEN0BEckjcUvkdenOpwNaYCACd8ujAb6E7NLc717z6/h5pecTCI7v0xKpytZ/FNWuaL+aGUyVfFHGbX4fZqOkP3HJ2fo2dROXQ4aewtXsMl+YcqUIYgCjxQZh0TmCk8g=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596311; c=relaxed/simple;
	bh=8NMBQOCUZTnUF9bMbeLcv+0oeOUiSq+zhN1NQGpaPdI=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=klwIVZXAtG3awhERErdPeyEwVdLmAEXdQXLwf9Fde4NbwULI1zPux5eVTQCA4GaCbYqt8BpFBoARtdnF2z2/eSjKu51b5BIDrxj6F/kw8cZJXwRh37NflJD8eQhFzWq5xXjyb9398N12VaIDk5lDVpiaWcADfIX+cAI6lkjTUYs=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=H08fBhPl; arc=none smtp.client-ip=209.85.216.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="H08fBhPl"
Received: by mail-pj1-f73.google.com with SMTP id
 98e67ed59e1d1-30a39fa0765so8614681a91.3
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:58:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596310; x=1750201110;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=ercvOy9gSaz/2KYqxyQat5mFHIbfugbgpQQnPekIEBg=;
        b=H08fBhPlhd/gYyBg/27O+2e/reVllsvC/hx5HQGAM7yvx21igWobfKLzOMvbbMKeVd
         5QSA6cXXZA1CYjl3bJjZStpDW4VC+ydHwdQDUwB+5VT54Fx4zs6TY3JkdDv0uckbt+IV
         Y2Da7PYm0DPqR3+J6Zfw1qDDRcUFpqp0wQxYl/xXx/EOj5d0//HadkaX3yp9P67koGcq
         0l1ItOcYE3MDaiVIOqZxERFJEyqeGlCCEihe5CHXWlp/PsLg5TitUF+nCl4ZvzQ1pl97
         RWQoD1R0OWlibF4NduDh/ey0iebvBJlGCaAMj0bX4hyKkiB7tNaDZfkjLIL/Vcqsj5Nj
         11fA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596310; x=1750201110;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=ercvOy9gSaz/2KYqxyQat5mFHIbfugbgpQQnPekIEBg=;
        b=nHaA0+tusg4WnEsOnBNQiO20YFQbiUIyafcQLA1X1pTBojYHyoUvaKpytz0/8eTDrQ
         CEWRutkGVAtU+6kZ/YyqLT6Y/Lb1H6yy1xuCaVTgYLtyXJoG4GCbIcgqxZ4EEipBnx5a
         ahUleht46ai+Vb6qovbye9ihzkoIyueJgKGSfA5Vss85mnrQew6DuFQovwVer2wzvhue
         +4E9nH5cYlcVhZykMS9XGRMVOqi4LTy93d58VWedeyK2MmAzHNfLJewXwuF9BlubqLWN
         jiOh3Mz3KAX04MnX6cFblyq6tKehmiaYOcFTXhSjHmVUkqtiQXYazoOyx9fyX/oaA2Jj
         W3/w==
X-Forwarded-Encrypted: i=1;
 AJvYcCUW3yR9XYeu5ZkmoYCXucdKClZ9mXtXHxv4LVvSDQdUX6ROZPe74poXLHfs5NnCDmXS9kfeD44td8B66oc=@vger.kernel.org
X-Gm-Message-State: AOJu0YzDN+b6dEqDBF2T3umDIPMi8VQux49Ctbl0+1RaQ0bztXK9Upk9
	b4QnzqFn+JMjoLjeMk3ofQyK3f+ojfPkGO5g1P8eYeuNjqSyFrv5i0T7+sXbbTIaIE/6J4BEV5y
	IMLFE6A==
X-Google-Smtp-Source: 
 AGHT+IEmRs2SQrVc9GLzODa7Y2S+4DXyFTYFnYNrEP6EPnF+UanD+KwvLvf3wI3VyrpU1ZlG6ydbLvn4nsI=
X-Received: from pjbos6.prod.google.com ([2002:a17:90b:1cc6:b0:313:245:8921])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:90b:2809:b0:311:fde5:e224
 with SMTP id 98e67ed59e1d1-313af0fd089mr1614276a91.6.1749596309756; Tue, 10
 Jun 2025 15:58:29 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:34 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-30-seanjc@google.com>
Subject: [PATCH v2 29/32] KVM: nSVM: Merge MSRPM in 64-bit chunks on 64-bit
 kernels
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

When merging L0 and L1 MSRPMs as part of nested VMRUN emulation, access
the bitmaps using "unsigned long" chunks, i.e. use 8-byte access for
64-bit kernels instead of arbitrarily working on 4-byte chunks.

Opportunistically rename local variables in nested_svm_merge_msrpm() to
more precisely/accurately reflect their purpose ("offset" in particular is
extremely ambiguous).

Signed-off-by: Sean Christopherson <seanjc@google.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
---
 arch/x86/kvm/svm/nested.c | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index 7ca45361ced3..749f7b866ac8 100644
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -196,6 +196,7 @@ void recalc_intercepts(struct vcpu_svm *svm)
  */
 static int nested_svm_msrpm_merge_offsets[6] __ro_after_init;
 static int nested_svm_nr_msrpm_merge_offsets __ro_after_init;
+typedef unsigned long nsvm_msrpm_merge_t;
=20
 int __init nested_svm_init_msrpm_merge_offsets(void)
 {
@@ -230,10 +231,10 @@ int __init nested_svm_init_msrpm_merge_offsets(void)
 			return -EIO;
=20
 		/*
-		 * Merging is done in 32-bit chunks to reduce the number of
-		 * accesses to L1's bitmap.
+		 * Merging is done in chunks to reduce the number of accesses
+		 * to L1's bitmap.
 		 */
-		offset =3D bit_nr / BITS_PER_BYTE / sizeof(u32);
+		offset =3D bit_nr / BITS_PER_BYTE / sizeof(nsvm_msrpm_merge_t);
=20
 		for (j =3D 0; j < nested_svm_nr_msrpm_merge_offsets; j++) {
 			if (nested_svm_msrpm_merge_offsets[j] =3D=3D offset)
@@ -261,8 +262,8 @@ int __init nested_svm_init_msrpm_merge_offsets(void)
 static bool nested_svm_merge_msrpm(struct kvm_vcpu *vcpu)
 {
 	struct vcpu_svm *svm =3D to_svm(vcpu);
-	u32 *msrpm02 =3D svm->nested.msrpm;
-	u32 *msrpm01 =3D svm->msrpm;
+	nsvm_msrpm_merge_t *msrpm02 =3D svm->nested.msrpm;
+	nsvm_msrpm_merge_t *msrpm01 =3D svm->msrpm;
 	int i;
=20
 	/*
@@ -289,15 +290,15 @@ static bool nested_svm_merge_msrpm(struct kvm_vcpu *v=
cpu)
=20
 	for (i =3D 0; i < nested_svm_nr_msrpm_merge_offsets; i++) {
 		const int p =3D nested_svm_msrpm_merge_offsets[i];
-		u32 value;
-		u64 offset;
+		nsvm_msrpm_merge_t l1_val;
+		gpa_t gpa;
=20
-		offset =3D svm->nested.ctl.msrpm_base_pa + (p * 4);
+		gpa =3D svm->nested.ctl.msrpm_base_pa + (p * sizeof(l1_val));
=20
-		if (kvm_vcpu_read_guest(vcpu, offset, &value, 4))
+		if (kvm_vcpu_read_guest(vcpu, gpa, &l1_val, sizeof(l1_val)))
 			return false;
=20
-		msrpm02[p] =3D msrpm01[p] | value;
+		msrpm02[p] =3D msrpm01[p] | l1_val;
 	}
=20
 	svm->nested.force_msr_bitmap_recalc =3D false;
--=20
2.50.0.rc0.642.g800a2b2222-goog
From nobody Sat Oct 11 08:30:55 2025
Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com
 [209.85.210.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 26FE82D1034
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:58:32 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.210.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596313; cv=none;
 b=V6UmlkFodxEjAxVwhKaeLCNiz6rBBX97FLHHpLMoIgkUhpl3jgcyi7grhP5Wkpd50jKwcxo8BhoQzkmW1qLUrshxUOGbfw65PS7irto+YinnzDVfC1lSWFafJGD+JIOORsDMd2JZm1F5x0sO3J8Duf9aYtY0aX3qpyQuazWYCGc=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596313; c=relaxed/simple;
	bh=VH8WRfFFUUs5JJlTZjXJW3PCCeZLDh78G1qzdoW4OoU=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=Z23+zhtItxcYoOcN9gn4ctbrXP4AtBjbFlCcVf5NVkO5GHtgqoALfKrbT0gG88lKrK7z92fypdAXzxR11xAFqnNTgeGsy72PWUVf3b6r6q5+SlPg/o2V/vVbHJMmRDEWEHMJOMH+ioQUoLXsrPsbntCC0xGEwM86CwwvyQobPO8=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=W3ymdE3r; arc=none smtp.client-ip=209.85.210.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="W3ymdE3r"
Received: by mail-pf1-f202.google.com with SMTP id
 d2e1a72fcca58-74620e98ec8so234842b3a.1
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:58:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596312; x=1750201112;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=A6jp+MxEVwUWr2OGrLLa/UhZgsS9fBawhSOksR6+SUo=;
        b=W3ymdE3rUHwwtQmNBZETi7DM3KoU9YnjkteSoOKFM+6okzOk1vj+YKx9fwTXkYmyC+
         qZRE3w8+1pJESZwwI8OuYzvWXCs6HstBnzGFinNDUfmtydKdXoIBjRLwg006fpi+k8LO
         urhVWp1a6zUVVY4a81EhddGrzl3W2wDHxI215NvdRSx3mbX4/OEVS2tGTUMSwwVlEBVe
         /tynQa/9tAODoAy0r9Gn8hDpMfQ1HEyCMe8hMg2K+EbEzx3Pf0KKtW2x2RQ36sAG0is7
         eN9+nsNEhs/tMgtIjV7UPuQqFfnfQjvpJan74G/9A3winCZj4DaULQV+zHooGvsomCdr
         +0CQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596312; x=1750201112;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=A6jp+MxEVwUWr2OGrLLa/UhZgsS9fBawhSOksR6+SUo=;
        b=un93o14yUwQ/ipMGZS44BuMbrRP9sZsc6BhJmTmR8vDq8G8ILVueTKm8RdEdPqt37C
         wEYxwkQJ1C6dtBl4QCwqGdP1RJykH9pAPn+GcEjzoPP2BkG1/i8Dk9WtRuN+6AyG9gdn
         MpXpZnSJZP3hkASV/FlZhP+v6FVvgOjmVQOHw7yJcOFVVxjaSIMHOacDuiIhMZd8+ThW
         763D+1R2JVz4A5ByVQqkXJ4Zi3CRDgRtLy/L9KbJQ99KpUtOD6SA3NoFCemj5Zh5VDr7
         1ihzbF0jBy1UX4aeUth1PE4iXW/x+kQjGn5w2NpO9qJedFEw1DNl5FkEAzgj+DWiXfAJ
         NOMg==
X-Forwarded-Encrypted: i=1;
 AJvYcCXdiuNn49p062XiEGFr6epjlXIF6V25mMjms4tYGWrF4ON3jOeerAdseJXN3OY2AahS6lvC4//VxZTciqM=@vger.kernel.org
X-Gm-Message-State: AOJu0YzrWCo8fgqrUisAOHv7l6ezIpXnR5iLLJUdEMho4iA1CZYUEYU9
	RBf8i8LH3gkQzpNhF5FUxHHSGBn0BwaIFGf276lKo6xYaUv2dbdBTrch+bC6TnT0cfBxWi2irLC
	5oDUvgA==
X-Google-Smtp-Source: 
 AGHT+IHUbTWEMdxOysQIgDGJSqdbtnuSvVC/t8qT8y4a8ukS+CVQAVwHYn3Az15lUwMqTPo8MV2aPVRifBI=
X-Received: from pfax8.prod.google.com ([2002:aa7:9188:0:b0:746:fd4c:1fd0])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6a00:17a3:b0:748:6a12:1b47
 with SMTP id d2e1a72fcca58-7486d3729a9mr1291570b3a.10.1749596311602; Tue, 10
 Jun 2025 15:58:31 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:35 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-31-seanjc@google.com>
Subject: [PATCH v2 30/32] KVM: SVM: Add a helper to allocate and initialize
 permissions bitmaps
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Add a helper to allocate and initialize an MSR or I/O permissions map, as
the logic is identical between the two map types, the only difference is
the size of the bitmap.  Opportunistically add a comment to explain why
the bitmaps are initialized with 0xff, e.g. instead of the more common
zero-initialized behavior, which is the main motivation for deduplicating
the code.

No functional change intended.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
---
 arch/x86/kvm/svm/svm.c | 31 +++++++++++++++----------------
 arch/x86/kvm/svm/svm.h |  8 +++++++-
 2 files changed, 22 insertions(+), 17 deletions(-)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index fc41ec70b6de..e3c49c763225 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -728,19 +728,23 @@ void svm_enable_intercept_for_msr(struct kvm_vcpu *vc=
pu, u32 msr, int type)
 	svm->nested.force_msr_bitmap_recalc =3D true;
 }
=20
-void *svm_vcpu_alloc_msrpm(void)
+void *svm_alloc_permissions_map(unsigned long size, gfp_t gfp_mask)
 {
-	unsigned int order =3D get_order(MSRPM_SIZE);
-	struct page *pages =3D alloc_pages(GFP_KERNEL_ACCOUNT, order);
-	void *msrpm;
+	unsigned int order =3D get_order(size);
+	struct page *pages =3D alloc_pages(gfp_mask, order);
+	void *pm;
=20
 	if (!pages)
 		return NULL;
=20
-	msrpm =3D page_address(pages);
-	memset(msrpm, 0xff, PAGE_SIZE * (1 << order));
+	/*
+	 * Set all bits in the permissions map so that all MSR and I/O accesses
+	 * are intercepted by default.
+	 */
+	pm =3D page_address(pages);
+	memset(pm, 0xff, PAGE_SIZE * (1 << order));
=20
-	return msrpm;
+	return pm;
 }
=20
 static void svm_recalc_lbr_msr_intercepts(struct kvm_vcpu *vcpu)
@@ -5325,11 +5329,8 @@ static __init void svm_set_cpu_caps(void)
=20
 static __init int svm_hardware_setup(void)
 {
-	int cpu;
-	struct page *iopm_pages;
 	void *iopm_va;
-	int r;
-	unsigned int order =3D get_order(IOPM_SIZE);
+	int cpu, r;
=20
 	/*
 	 * NX is required for shadow paging and for NPT if the NX huge pages
@@ -5410,13 +5411,11 @@ static __init int svm_hardware_setup(void)
 			pr_info("LBR virtualization supported\n");
 	}
=20
-	iopm_pages =3D alloc_pages(GFP_KERNEL, order);
-	if (!iopm_pages)
+	iopm_va =3D svm_alloc_permissions_map(IOPM_SIZE, GFP_KERNEL);
+	if (!iopm_va)
 		return -ENOMEM;
=20
-	iopm_va =3D page_address(iopm_pages);
-	memset(iopm_va, 0xff, PAGE_SIZE * (1 << order));
-	iopm_base =3D __sme_page_pa(iopm_pages);
+	iopm_base =3D __sme_set(__pa(iopm_va));
=20
 	/*
 	 * Note, SEV setup consumes npt_enabled and enable_mmio_caching (which
diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index 489adc2ca3f5..8d3279563261 100644
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -667,7 +667,13 @@ BUILD_SVM_MSR_BITMAP_HELPERS(void, set, __set)
 /* svm.c */
 extern bool dump_invalid_vmcb;
=20
-void *svm_vcpu_alloc_msrpm(void);
+void *svm_alloc_permissions_map(unsigned long size, gfp_t gfp_mask);
+
+static inline void *svm_vcpu_alloc_msrpm(void)
+{
+	return svm_alloc_permissions_map(MSRPM_SIZE, GFP_KERNEL_ACCOUNT);
+}
+
 void svm_vcpu_free_msrpm(void *msrpm);
 void svm_copy_lbrs(struct vmcb *to_vmcb, struct vmcb *from_vmcb);
 void svm_enable_lbrv(struct kvm_vcpu *vcpu);
--=20
2.50.0.rc0.642.g800a2b2222-goog
From nobody Sat Oct 11 08:30:55 2025
Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com
 [209.85.214.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D622F26E716
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:58:33 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.214.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596315; cv=none;
 b=tRv23WpbSAIBrN5dsmI6L5zeHZS3GbWAu2Bd2BJOf84YyMlDEp9ujtJ39p5zQ/b15yvf0SGTIw70CElIZtFEMJzIFr67q1Vi5OvBJ0t0B2/6QI4gEyetgqVkEA/bvkSK429BU2XNrRaT9oLTxHK6k7no8kHYWTZnS+SmoQyjglI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596315; c=relaxed/simple;
	bh=jiZmlQeeZHjv8j7JWaCkYOsUvUOPi3J9ClLWUxwWMQ4=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=hSE3oRreAJ9qStrOsjtn30HW3AiTUeSonVa4xvexo14KqJQvkRW/ipiYFa649nuht4S6n9q9w84vqUl/fM+KDJVt2UGfiBlBdlsKO3RnpdJo8/Ce8rUgTgMUzIQwRg+fUAVPEp7qyU7YYkTAvqcP3JFJ28u/9SUc4KhwTe+9N1Y=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=bPPtYFuJ; arc=none smtp.client-ip=209.85.214.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="bPPtYFuJ"
Received: by mail-pl1-f202.google.com with SMTP id
 d9443c01a7336-23494a515e3so42809175ad.2
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:58:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596313; x=1750201113;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=izOjJ2HeWMTKGvvKPd+weoqGV6BoeCSaINzg8XvWVDQ=;
        b=bPPtYFuJjUpw01SILGj/p3x0pfYSoXpbP4gQLsbYxsvtlggpNDh8vgvQusIjwjc1UG
         gKX6So54HjT/f2rYgfH8k3WxFMeNPNIQZTwtAOaQDtWPwHMchXndxRHPKP0z+whkaaHW
         yPuvC8Ui0cd+FEZ4gc0QFgeO9lhbocWgL1O3y27KNhFbN1576vOtEJsUIMI2cUjPjLxk
         64/P52I/IncG0H6w7dV3oacdOS39xfKtghGdjDFvtHNimtfcySePtfWMdbttf/OVfqRQ
         H6sA+dv0LGShPElwt+ykxzYoCWIq5NT/3x73bWNH8KE8p+jxb4CxkwPQuoE/EfEX6IOH
         hRjg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596313; x=1750201113;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=izOjJ2HeWMTKGvvKPd+weoqGV6BoeCSaINzg8XvWVDQ=;
        b=D+v7Y38ryftXl8dRLkHKx0M/E+o52O52DgG5dWYsGrRFMJufqxaaJshCdYglSVvitm
         h2Pn2MCds1eLfV+r92OnDww6LHdZxOElk+7U7RQJUSEki43VtqR7ndOeiduuAfsfEsWT
         EojIdf06Ch5ohhpM8kT8i8jI1pGIYoIYdeCdu0VcgGRzPeXJfhJQ/nYOYl45I8h9cgCB
         QPUuUAUmiTtGXBdgUdgeMNMatZlDXUBHAJ+uhqNFAG+j56BVkQSEl/MZbiZA1ytNKZip
         Plkxrjo9EcktiM6JcHknSxYfQSXfh/m7HzeT81+WOaEboAIAuTLZ9mLmizXhBdxb3TIX
         N5jw==
X-Forwarded-Encrypted: i=1;
 AJvYcCXixcwq6+aFBZzqKV1b4stCfGkOkMd2n/w4l81H3/NvQR10g9gN5tmT2/E0Gf5jxiJvFNBV9RDpaTDBQLA=@vger.kernel.org
X-Gm-Message-State: AOJu0Yy2I5Z+jdx5NSgMtQtnQ+r37phKYa7vStZlIRQmRl28DkyKPM0a
	LkJvRueUFAfBAuDnTKOg7lfX501TH3liDAv8gNoEB3v+r+lfP4hMcubbV0We+PgQmUkatOL6UnA
	42oIs2Q==
X-Google-Smtp-Source: 
 AGHT+IFGOj6HuWIr46kZTUddMM4ANW6v8OEb2ufDZkJPU2sF80cAp+a0btxYkhyYdPaDQ3eUlWL4PqPkgXg=
X-Received: from plbmu14.prod.google.com ([2002:a17:903:b4e:b0:234:d7c5:a0e3])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:903:32c6:b0:234:9052:2be6
 with SMTP id d9443c01a7336-23641b2919fmr13630285ad.41.1749596313412; Tue, 10
 Jun 2025 15:58:33 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:36 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-32-seanjc@google.com>
Subject: [PATCH v2 31/32] KVM: x86: Simplify userspace filter logic when
 disabling MSR interception
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Refactor {svm,vmx}_disable_intercept_for_msr() to simplify the handling of
userspace filters that disallow access to an MSR.  The more complicated
logic is no longer needed or justified now that KVM recalculates all MSR
intercepts on a userspace MSR filter change, i.e. now that KVM doesn't
need to also update shadow bitmaps.

No functional change intended.

Suggested-by: Dapeng Mi <dapeng1.mi@linux.intel.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Dapeng Mi <dapeng1.mi@linux.intel.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
---
 arch/x86/kvm/svm/svm.c | 24 ++++++++++--------------
 arch/x86/kvm/vmx/vmx.c | 24 ++++++++++--------------
 2 files changed, 20 insertions(+), 28 deletions(-)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index e3c49c763225..5453478d1ca3 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -691,24 +691,20 @@ void svm_disable_intercept_for_msr(struct kvm_vcpu *v=
cpu, u32 msr, int type)
 	void *msrpm =3D svm->msrpm;
=20
 	/* Don't disable interception for MSRs userspace wants to handle. */
-	if ((type & MSR_TYPE_R) &&
-	    !kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_READ)) {
-		svm_set_msr_bitmap_read(msrpm, msr);
-		type &=3D ~MSR_TYPE_R;
+	if (type & MSR_TYPE_R) {
+		if (kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_READ))
+			svm_clear_msr_bitmap_read(msrpm, msr);
+		else
+			svm_set_msr_bitmap_read(msrpm, msr);
 	}
=20
-	if ((type & MSR_TYPE_W) &&
-	    !kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_WRITE)) {
-		svm_set_msr_bitmap_write(msrpm, msr);
-		type &=3D ~MSR_TYPE_W;
+	if (type & MSR_TYPE_W) {
+		if (kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_WRITE))
+			svm_clear_msr_bitmap_write(msrpm, msr);
+		else
+			svm_set_msr_bitmap_write(msrpm, msr);
 	}
=20
-	if (type & MSR_TYPE_R)
-		svm_clear_msr_bitmap_read(msrpm, msr);
-
-	if (type & MSR_TYPE_W)
-		svm_clear_msr_bitmap_write(msrpm, msr);
-
 	svm_hv_vmcb_dirty_nested_enlightenments(vcpu);
 	svm->nested.force_msr_bitmap_recalc =3D true;
 }
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index bdff81f8288d..277c6b5b5d5f 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -3962,23 +3962,19 @@ void vmx_disable_intercept_for_msr(struct kvm_vcpu =
*vcpu, u32 msr, int type)
=20
 	vmx_msr_bitmap_l01_changed(vmx);
=20
-	if ((type & MSR_TYPE_R) &&
-	    !kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_READ)) {
-		vmx_set_msr_bitmap_read(msr_bitmap, msr);
-		type &=3D ~MSR_TYPE_R;
+	if (type & MSR_TYPE_R) {
+		if (kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_READ))
+			vmx_clear_msr_bitmap_read(msr_bitmap, msr);
+		else
+			vmx_set_msr_bitmap_read(msr_bitmap, msr);
 	}
=20
-	if ((type & MSR_TYPE_W) &&
-	    !kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_WRITE)) {
-		vmx_set_msr_bitmap_write(msr_bitmap, msr);
-		type &=3D ~MSR_TYPE_W;
+	if (type & MSR_TYPE_W) {
+		if (kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_WRITE))
+			vmx_clear_msr_bitmap_write(msr_bitmap, msr);
+		else
+			vmx_set_msr_bitmap_write(msr_bitmap, msr);
 	}
-
-	if (type & MSR_TYPE_R)
-		vmx_clear_msr_bitmap_read(msr_bitmap, msr);
-
-	if (type & MSR_TYPE_W)
-		vmx_clear_msr_bitmap_write(msr_bitmap, msr);
 }
=20
 void vmx_enable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type)
--=20
2.50.0.rc0.642.g800a2b2222-goog
From nobody Sat Oct 11 08:30:55 2025
Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com
 [209.85.214.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id CC1642D2FE4
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:58:35 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.214.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596317; cv=none;
 b=hwCPO9sgRje3EsOKYPNzmP7fc2xPySd8SYivorZ4wMMKmZ+9efvIY0+fEKBTL2Qv9BbjWGadId0yrqPK4PQKnIfloOSBTzGqgyYlwTefuicoulVkoYftfD5ItuvFhQRquSXbPlZfzzXHzzECDBDYIK6prVmJvl1JWa7fW54S6nQ=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596317; c=relaxed/simple;
	bh=DWYkexeKvSu7I+q/pf14+u2gmgqyLF3ul0cydoTKzVc=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=Nct2hw4twGYQKTFtWwVR3Qd8tsktZ+tM0u6ameekMlWjiI9QYIkCATSyjb/nQ/q9hp76WMFJxLYPxeewBDrPmrzXnacZEGfa1sFqr6ZltBEdMUHzyzuS4zHyI7xTRW3pDFKZfHFDwtcVuPpBiA5GJYWZUhAbeac7u9zL70xXZyI=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=gEjK2GZ7; arc=none smtp.client-ip=209.85.214.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="gEjK2GZ7"
Received: by mail-pl1-f201.google.com with SMTP id
 d9443c01a7336-235f77f86f6so40080285ad.2
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:58:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596315; x=1750201115;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=3MRV7X/T/wn0+SAUz4kSzbvtBEQulMMmWQ/PWJl9FfE=;
        b=gEjK2GZ7FBCVu4Z4r3wGgZgBvV67vph5bp9yZvmxwKIPHHr5fNKROr13ZOKsyL3XYO
         OUiUHurP604rAfTmviJIvJGvfWZvzkUXugngaS3q1qKdZeKEPvx584pdqyZwy7FZyzeR
         BhDZCH9eB6V0oll/lUL2fybq59IwHJkReMMldWVBK6F6hbZ4noFGIhRUw10bA5eAwddJ
         8YXNuEGmCfG5jxiPxTPJbV5XydZ7J1hl3F2zjfEqkazSQ1TPHGJSbiH4RQRQGpi+RHip
         gl6ylBQcrwdJsY+wXw4XMtdS1eSeA/dU6adwF1KppkHLovsqgIN24XSvtaBu/DCuXF87
         3i3w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596315; x=1750201115;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=3MRV7X/T/wn0+SAUz4kSzbvtBEQulMMmWQ/PWJl9FfE=;
        b=TR5rgqXi70Q/o8NRbbJ9x+Vgdanc4Kh+oM2Yp3Z2EBOhJBqcIzvW0qDyNq70rsEhPC
         OFKxhiTNwjOtK5nFgK9I+W5rtUT64eKTLWO6/pMBnOj+65hbCQY51uJlmAitk93kZrl7
         jNli+GRK4Ui7k4TaSJPQoePBQGQO5+rPhHXB34IOaUX60PjdvqssWbqDfJ+Fz4BGleqt
         yJB8ObekZmlfi/jnPBvGLfdMezTqWh1svl2Th67i70DpHsN0J6hMUi0ExncPwa0yxfPx
         z8h2m3Er54a4WqeCJgXBUe5SiE9BLixiF5KyJVDiSTBDmQvEn+TiwpuhmXPgnf5kZkmS
         rykg==
X-Forwarded-Encrypted: i=1;
 AJvYcCX3TMvZEGc+s5iXuC5XUYcvKIFXakqnBf4meNjwz3Pmhn3h3JO4mnoK+y7gsZgWCfsWJ5mePkQPm+7WRpw=@vger.kernel.org
X-Gm-Message-State: AOJu0YxmPLr7EHKjCLQ/vBPM7oijNrz4QXPO9Qz6gBDgeDgA2g9UYtqB
	WNQqryLuyBmLcQKXwI7DPeyn4dhvK4VVM2CxukBSK/6hNc/+fTHGmGqMyLALYfct2dM+O61oFE9
	9bZArvw==
X-Google-Smtp-Source: 
 AGHT+IGiTLrz803hh++30xy8fSjN6gixKMJv7/AiyKAlh/XmQx+ffUbEPds8P01hoGQ+qsG4Qote79BJ1DE=
X-Received: from pldg6.prod.google.com ([2002:a17:903:3a86:b0:235:6d5:688b])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:902:ecc1:b0:234:ed31:fc98
 with SMTP id d9443c01a7336-23641b14d61mr11802615ad.37.1749596315046; Tue, 10
 Jun 2025 15:58:35 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:37 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-33-seanjc@google.com>
Subject: [PATCH v2 32/32] KVM: selftests: Verify KVM disable interception (for
 userspace) on filter change
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Re-read MSR_{FS,GS}_BASE after restoring the "allow everything" userspace
MSR filter to verify that KVM stops forwarding exits to userspace.  This
can also be used in conjunction with manual verification (e.g. printk) to
ensure KVM is correctly updating the MSR bitmaps consumed by hardware.

Tested-by: Dapeng Mi <dapeng1.mi@linux.intel.com>
Tested-by: Manali Shukla <Manali.Shukla@amd.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 tools/testing/selftests/kvm/x86/userspace_msr_exit_test.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tools/testing/selftests/kvm/x86/userspace_msr_exit_test.c b/to=
ols/testing/selftests/kvm/x86/userspace_msr_exit_test.c
index 32b2794b78fe..8463a9956410 100644
--- a/tools/testing/selftests/kvm/x86/userspace_msr_exit_test.c
+++ b/tools/testing/selftests/kvm/x86/userspace_msr_exit_test.c
@@ -343,6 +343,12 @@ static void guest_code_permission_bitmap(void)
 	data =3D test_rdmsr(MSR_GS_BASE);
 	GUEST_ASSERT(data =3D=3D MSR_GS_BASE);
=20
+	/* Access the MSRs again to ensure KVM has disabled interception.*/
+	data =3D test_rdmsr(MSR_FS_BASE);
+	GUEST_ASSERT(data !=3D MSR_FS_BASE);
+	data =3D test_rdmsr(MSR_GS_BASE);
+	GUEST_ASSERT(data !=3D MSR_GS_BASE);
+
 	GUEST_DONE();
 }
=20
@@ -682,6 +688,8 @@ KVM_ONE_VCPU_TEST(user_msr, msr_permission_bitmap, gues=
t_code_permission_bitmap)
 		    "Expected ucall state to be UCALL_SYNC.");
 	vm_ioctl(vm, KVM_X86_SET_MSR_FILTER, &filter_gs);
 	run_guest_then_process_rdmsr(vcpu, MSR_GS_BASE);
+
+	vm_ioctl(vm, KVM_X86_SET_MSR_FILTER, &filter_allow);
 	run_guest_then_process_ucall_done(vcpu);
 }
=20
--=20
2.50.0.rc0.642.g800a2b2222-goog