From nobody Tue Feb 10 00:03:07 2026
Received: from mail-pg1-f201.google.com (mail-pg1-f201.google.com
 [209.85.215.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id C90892D0274
	for <linux-kernel@vger.kernel.org>; Tue, 10 Jun 2025 22:58:01 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.215.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1749596283; cv=none;
 b=AV4Mq8s99yaIXZQgdWiws+hF/mcPUcyjoboUuCsAvNlSoUahgcwXjvS/hFu0L52kBlmpeBO3wpVMDw1RCt2i1fCyS4UBlBKPZXYKFU3b3VRmZBajRW+Hx5kiIMuEtlSYXxzwJlfnnVGXtX6ANKqJx+7s0ezlF6AjvPWvGqo5BOM=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1749596283; c=relaxed/simple;
	bh=Iqk+r0mkPS9wxZN6JLWccuqNll17FPxCguRXZbhZZL0=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=aAKhjSI+ZB/36qFJx3QZQue9whmbB0dGHgpwlUkG757tLUsPr2avqFExOMIBKzZt7P7MuaayzrBRGklTAq/G2W0G7ovB1rhOmI3FVYoldJwVmgT/jSeDjUCJzzhr0czSonHeCGZiS++4lZ84WRgFqdirMDYm3/zaX7MnN7dMAhU=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=P06Ybb3l; arc=none smtp.client-ip=209.85.215.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="P06Ybb3l"
Received: by mail-pg1-f201.google.com with SMTP id
 41be03b00d2f7-b2f5cb0c101so2944417a12.1
        for <linux-kernel@vger.kernel.org>;
 Tue, 10 Jun 2025 15:58:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1749596281; x=1750201081;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=LP6ms3d+pQenjptncaap9P6op8VHTzn1jsNbIWCvgs8=;
        b=P06Ybb3lGfZ3Xn36djdJSpj4xBkX2zAv/rfJf/9ET4PwhzoeBM40BW9+gGdx9HGbIJ
         WU44CUzeKt6xCavsYJGsvaVpSJkBPGGGKbQUfIHkaOXlV7qd8v3xczTOu5GnvSiujmqx
         WjusO/z6E9p7G7SR3C/+lAL4+ZJHH3zA9i72N+2z1QcWxnoVm3M4lcYP7mL04AHTjDk4
         uIbAoKWk8obMYMhxvTSbQ3n6DmWJDWB0YzHs7S98RKFs9qd4REFPIVRKUGs6lKTS3xU7
         uR7WE1Z6f7gU0TiyQjAE8kOiJdPXhxEuoOXBQiV4o+x3NPqU0Vxbcn3pKVUWVgkumEUM
         xSUA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749596281; x=1750201081;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=LP6ms3d+pQenjptncaap9P6op8VHTzn1jsNbIWCvgs8=;
        b=n1Yt6eXWPU+M0pJ1LDz2/7JAuVKR+1YC/DtXg3ya4pQN2qF+E44QzX19j+osjVia3v
         fEmvnIYaCX6loIIzRCjbUPW+8XaEakkLiqC1TUDEg37DSw8LG5tQSk/dSMIdG/QYuEzB
         ENV5aa7Zl1b8WZF7r/4zgUgFtDNdaL+DfinbZ3k6/JkUzRc0l6HkyBICJUqGtoOYNIhF
         4zlG95bnbrOjYSfIioFOl2n31/iCc+HQp2bL3//Sf0f+SFxcvOWK2dbRIenKx7WU6F5O
         ku4W9tCe+w4QzRi5elv+5XM+8ytcdhG02SMXAC00YPH/xq6XgetY2ybq9L3mqxGDjJoI
         5MsA==
X-Forwarded-Encrypted: i=1;
 AJvYcCUrLTrXZn/S55WbKi3hBBncS1+4Trr0xS2Zq1f+kakOakZfD/ii3qXtKfEwsj2Hj2InED1UPc8g5/vqJjc=@vger.kernel.org
X-Gm-Message-State: AOJu0YxtMcBi24cpng3RT/sWQC5PkRsg07SQEkir0QFI8/ViF3x42bJf
	LXdbOH75v05ML1umBgZL7G9RFaA05JLvSEin8aGfSlIL64/vohI/iZJVhThP/V7Pt8sXRb6ygvf
	5+HgQoA==
X-Google-Smtp-Source: 
 AGHT+IGatc4mYFUGYlCFaTCgqzCToLvrm+7M2KdPuOsDwnyjeWw0K47ZaYSLGJVwirLkJy6Ajwg7/3iAeR8=
X-Received: from pffx7.prod.google.com ([2002:aa7:93a7:0:b0:73c:26eb:39b0])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6a21:9996:b0:216:60bc:2ca9
 with SMTP id adf61e73a8af0-21f86758622mr2105491637.40.1749596281282; Tue, 10
 Jun 2025 15:58:01 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 10 Jun 2025 15:57:17 -0700
In-Reply-To: <20250610225737.156318-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250610225737.156318-1-seanjc@google.com>
X-Mailer: git-send-email 2.50.0.rc0.642.g800a2b2222-goog
Message-ID: <20250610225737.156318-13-seanjc@google.com>
Subject: [PATCH v2 12/32] KVM: nSVM: Don't initialize vmcb02 MSRPM with
 vmcb01's "always passthrough"
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chao Gao <chao.gao@intel.com>, Borislav Petkov <bp@alien8.de>,
 Xin Li <xin@zytor.com>,
	Dapeng Mi <dapeng1.mi@linux.intel.com>,
 Francesco Lavra <francescolavra.fl@gmail.com>,
	Manali Shukla <Manali.Shukla@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Don't initialize vmcb02's MSRPM with KVM's set of "always passthrough"
MSRs, as KVM always needs to consult L1's intercepts, i.e. needs to merge
vmcb01 with vmcb12 and write the result to vmcb02.  This will eventually
allow for the removal of svm_vcpu_init_msrpm().

Note, the bitmaps are truly initialized by svm_vcpu_alloc_msrpm() (default
to intercepting all MSRs), e.g. if there is a bug lurking elsewhere, the
worst case scenario from dropping the call to svm_vcpu_init_msrpm() should
be that KVM would fail to passthrough MSRs to L2.

Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/svm/nested.c | 1 -
 arch/x86/kvm/svm/svm.c    | 5 +++--
 arch/x86/kvm/svm/svm.h    | 1 -
 3 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index 360dbd80a728..cf148f7db887 100644
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -1285,7 +1285,6 @@ int svm_allocate_nested(struct vcpu_svm *svm)
 	svm->nested.msrpm =3D svm_vcpu_alloc_msrpm();
 	if (!svm->nested.msrpm)
 		goto err_free_vmcb02;
-	svm_vcpu_init_msrpm(&svm->vcpu, svm->nested.msrpm);
=20
 	svm->nested.initialized =3D true;
 	return 0;
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 1ee936b8a6d0..798d33a76796 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -889,8 +889,9 @@ u32 *svm_vcpu_alloc_msrpm(void)
 	return msrpm;
 }
=20
-void svm_vcpu_init_msrpm(struct kvm_vcpu *vcpu, u32 *msrpm)
+static void svm_vcpu_init_msrpm(struct kvm_vcpu *vcpu)
 {
+	u32 *msrpm =3D to_svm(vcpu)->msrpm;
 	int i;
=20
 	for (i =3D 0; i < ARRAY_SIZE(direct_access_msrs); i++) {
@@ -1402,7 +1403,7 @@ static void __svm_vcpu_reset(struct kvm_vcpu *vcpu)
 {
 	struct vcpu_svm *svm =3D to_svm(vcpu);
=20
-	svm_vcpu_init_msrpm(vcpu, svm->msrpm);
+	svm_vcpu_init_msrpm(vcpu);
=20
 	svm_init_osvw(vcpu);
=20
diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index 9f750b2399e9..bce66afafa11 100644
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -633,7 +633,6 @@ extern bool dump_invalid_vmcb;
=20
 u32 svm_msrpm_offset(u32 msr);
 u32 *svm_vcpu_alloc_msrpm(void);
-void svm_vcpu_init_msrpm(struct kvm_vcpu *vcpu, u32 *msrpm);
 void svm_vcpu_free_msrpm(u32 *msrpm);
 void svm_copy_lbrs(struct vmcb *to_vmcb, struct vmcb *from_vmcb);
 void svm_enable_lbrv(struct kvm_vcpu *vcpu);
--=20
2.50.0.rc0.642.g800a2b2222-goog