From nobody Sat Oct 11 00:29:00 2025 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9064C15573F; Thu, 12 Jun 2025 08:19:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.19 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749716392; cv=none; b=BiJ1xAVcrDKeb4LFdcfJzf5hPjGR6h0DRxV4IZm5UjdxSDGlCEErxWM0ozNuT5nUpaYhFjuNyaTUPFIXZyypbKIgaJl+205GRI/Ix5qVeRtEWbxdvw2tqhvB5P/hp97+jT5b7q47qmFpai7Vuz+uWG9lDukL7ZTTd4+PngyA8pQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749716392; c=relaxed/simple; bh=SYXMvbToRweHKkEdcDdTpmD0lk4fIWIET91tfrPxn0g=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=psFg7jopOxKkZnTPgOyejZf71fu83t4sGnmWO0Pil05WrTPZw3RU7Dh7M/JWYtkBKRl+HtEUCVEYhWQB5RLbI9suEZDoK+MrFkA5rkKPBOEHJA7xvyyhbFaTxLqM3lu2WiO2j0CO7v+rex+s2Kio3beP+gYokouIGLuIsaH8yZE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=kxWpBcHD; arc=none smtp.client-ip=198.175.65.19 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="kxWpBcHD" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1749716391; x=1781252391; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=SYXMvbToRweHKkEdcDdTpmD0lk4fIWIET91tfrPxn0g=; b=kxWpBcHDoDigiBE8pSNH1tKuhJYXm/hUxK4rpaUA6J/SIuIVBAmPnN/r Q6G9h5XJGOmguA1jedkjj/+3KezOeMon8a8p2PAfm6ItfxBzlX86YGy/v qy586XEPk9zY70K/Yycm/kRk/NArk/wDU+TOVqijLnvQdCJPdzmtZ6Zsa zJ7fVdMqAA8uut3NV3sbbwN5dIPO+9fvUb5uTK/3fJrwFuFhb7+PFGxSQ rGBXR8O5tNn9ovfhLf3EtXn1dKaY5FvRcAbO/xQVAjtCzSs/nzZqdGkpg 028RKwG86CPk0CZrPMHF01LJ1RsdUaNNFTFJBLHmO4PYxRCUlLmYCZt5L g==; X-CSE-ConnectionGUID: KHqkoJWOQQqDczg9BqGaRg== X-CSE-MsgGUID: htZkr1wgThWVBJsYSGEO3g== X-IronPort-AV: E=McAfee;i="6800,10657,11461"; a="51759991" X-IronPort-AV: E=Sophos;i="6.16,230,1744095600"; d="scan'208";a="51759991" Received: from orviesa006.jf.intel.com ([10.64.159.146]) by orvoesa111.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Jun 2025 01:19:50 -0700 X-CSE-ConnectionGUID: q94ITojUTHWQGBgPzi8UFA== X-CSE-MsgGUID: gfK92fZrRBCeFGcHeKhl9w== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.16,230,1744095600"; d="scan'208";a="147322373" Received: from 984fee019967.jf.intel.com ([10.165.54.94]) by orviesa006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Jun 2025 01:19:50 -0700 From: Chao Gao To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, dapeng1.mi@linux.intel.com, Chao Gao Subject: [PATCH 1/2] KVM: x86: Deduplicate MSR interception enabling and disabling Date: Thu, 12 Jun 2025 01:19:46 -0700 Message-ID: <20250612081947.94081-2-chao.gao@intel.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250612081947.94081-1-chao.gao@intel.com> References: <20250612081947.94081-1-chao.gao@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Extract a common function from MSR interception disabling logic and create disabling and enabling functions based on it. This removes most of the duplicated code for MSR interception disabling/enabling. No functional change intended. Signed-off-by: Chao Gao Reviewed-by: Dapeng Mi --- arch/x86/kvm/svm/svm.c | 23 +++++++++-------------- arch/x86/kvm/svm/svm.h | 10 +--------- arch/x86/kvm/vmx/vmx.c | 25 +++++++++---------------- arch/x86/kvm/vmx/vmx.h | 10 +--------- 4 files changed, 20 insertions(+), 48 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 5453478d1ca3..cc5f81afd8af 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -685,21 +685,21 @@ static bool msr_write_intercepted(struct kvm_vcpu *vc= pu, u32 msr) return svm_test_msr_bitmap_write(msrpm, msr); } =20 -void svm_disable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int typ= e) +void svm_set_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type, b= ool enable) { struct vcpu_svm *svm =3D to_svm(vcpu); void *msrpm =3D svm->msrpm; =20 /* Don't disable interception for MSRs userspace wants to handle. */ if (type & MSR_TYPE_R) { - if (kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_READ)) + if (!enable && kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_READ)) svm_clear_msr_bitmap_read(msrpm, msr); else svm_set_msr_bitmap_read(msrpm, msr); } =20 if (type & MSR_TYPE_W) { - if (kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_WRITE)) + if (!enable && kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_WRITE)) svm_clear_msr_bitmap_write(msrpm, msr); else svm_set_msr_bitmap_write(msrpm, msr); @@ -709,19 +709,14 @@ void svm_disable_intercept_for_msr(struct kvm_vcpu *v= cpu, u32 msr, int type) svm->nested.force_msr_bitmap_recalc =3D true; } =20 -void svm_enable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type) +void svm_disable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int typ= e) { - struct vcpu_svm *svm =3D to_svm(vcpu); - void *msrpm =3D svm->msrpm; - - if (type & MSR_TYPE_R) - svm_set_msr_bitmap_read(msrpm, msr); - - if (type & MSR_TYPE_W) - svm_set_msr_bitmap_write(msrpm, msr); + svm_set_intercept_for_msr(vcpu, msr, type, false); +} =20 - svm_hv_vmcb_dirty_nested_enlightenments(vcpu); - svm->nested.force_msr_bitmap_recalc =3D true; +void svm_enable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type) +{ + svm_set_intercept_for_msr(vcpu, msr, type, true); } =20 void *svm_alloc_permissions_map(unsigned long size, gfp_t gfp_mask) diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 8d3279563261..faa478d9fc62 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -696,15 +696,7 @@ void svm_complete_interrupt_delivery(struct kvm_vcpu *= vcpu, int delivery_mode, =20 void svm_enable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type= ); void svm_disable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int typ= e); - -static inline void svm_set_intercept_for_msr(struct kvm_vcpu *vcpu, u32 ms= r, - int type, bool enable_intercept) -{ - if (enable_intercept) - svm_enable_intercept_for_msr(vcpu, msr, type); - else - svm_disable_intercept_for_msr(vcpu, msr, type); -} +void svm_set_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type, b= ool enable); =20 /* nested.c */ =20 diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 277c6b5b5d5f..559261b18512 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -3952,7 +3952,7 @@ static void vmx_msr_bitmap_l01_changed(struct vcpu_vm= x *vmx) vmx->nested.force_msr_bitmap_recalc =3D true; } =20 -void vmx_disable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int typ= e) +void vmx_set_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type, b= ool enable) { struct vcpu_vmx *vmx =3D to_vmx(vcpu); unsigned long *msr_bitmap =3D vmx->vmcs01.msr_bitmap; @@ -3963,35 +3963,28 @@ void vmx_disable_intercept_for_msr(struct kvm_vcpu = *vcpu, u32 msr, int type) vmx_msr_bitmap_l01_changed(vmx); =20 if (type & MSR_TYPE_R) { - if (kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_READ)) + if (!enable && kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_READ)) vmx_clear_msr_bitmap_read(msr_bitmap, msr); else vmx_set_msr_bitmap_read(msr_bitmap, msr); } =20 if (type & MSR_TYPE_W) { - if (kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_WRITE)) + if (!enable && kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_WRITE)) vmx_clear_msr_bitmap_write(msr_bitmap, msr); else vmx_set_msr_bitmap_write(msr_bitmap, msr); } } =20 -void vmx_enable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type) +void vmx_disable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int typ= e) { - struct vcpu_vmx *vmx =3D to_vmx(vcpu); - unsigned long *msr_bitmap =3D vmx->vmcs01.msr_bitmap; - - if (!cpu_has_vmx_msr_bitmap()) - return; - - vmx_msr_bitmap_l01_changed(vmx); - - if (type & MSR_TYPE_R) - vmx_set_msr_bitmap_read(msr_bitmap, msr); + vmx_set_intercept_for_msr(vcpu, msr, type, false); +} =20 - if (type & MSR_TYPE_W) - vmx_set_msr_bitmap_write(msr_bitmap, msr); +void vmx_enable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type) +{ + vmx_set_intercept_for_msr(vcpu, msr, type, true); } =20 static void vmx_update_msr_bitmap_x2apic(struct kvm_vcpu *vcpu) diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h index a26fe3d9e1d2..31acd8c726e3 100644 --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -388,21 +388,13 @@ void vmx_ept_load_pdptrs(struct kvm_vcpu *vcpu); =20 void vmx_disable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int typ= e); void vmx_enable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type= ); +void vmx_set_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type, b= ool enable); =20 u64 vmx_get_l2_tsc_offset(struct kvm_vcpu *vcpu); u64 vmx_get_l2_tsc_multiplier(struct kvm_vcpu *vcpu); =20 gva_t vmx_get_untagged_addr(struct kvm_vcpu *vcpu, gva_t gva, unsigned int= flags); =20 -static inline void vmx_set_intercept_for_msr(struct kvm_vcpu *vcpu, u32 ms= r, - int type, bool value) -{ - if (value) - vmx_enable_intercept_for_msr(vcpu, msr, type); - else - vmx_disable_intercept_for_msr(vcpu, msr, type); -} - void vmx_update_cpu_dirty_logging(struct kvm_vcpu *vcpu); =20 /* --=20 2.47.1 From nobody Sat Oct 11 00:29:00 2025 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9F3D422154A; Thu, 12 Jun 2025 08:19:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.19 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749716395; cv=none; b=arE5dSgujc79niAiUa2Ip/0cs8ElgVkJSfRXm/cHWObpXS9I7tC67RQB5lWVuuXB3ubNa3lnlX4lHz47laIsG1j4kTitgME3uFToBEVTpsVDRU3cmmQxfI7ApZyUjlZ3maoIVC8kz7HyrTjzjLmXx8Xc4Xn7HfAo6oxfYostDYg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749716395; c=relaxed/simple; bh=qZgUW7Zl1CLJ2uVKQxnl6lpmdfsy2MojuW22eubTURo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=S/GDiUCrwBC2jOxf4bj4xQNv2k9R9WbVwlxGSMtDjhbFNL3knHw9xvKVXr3ta0ehriU79W+bsg0hDBr8DqZxC/J1vuFgk/yg4mgZseT2yaYSj6lQ5FtR10mAfQEtIw+4++dfDWK4He5oMCP0JGJuLtRhVwAOWNKFppjgpauWTYw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=dN1JAUar; arc=none smtp.client-ip=198.175.65.19 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="dN1JAUar" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1749716394; x=1781252394; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=qZgUW7Zl1CLJ2uVKQxnl6lpmdfsy2MojuW22eubTURo=; b=dN1JAUarJWDxc9kFMM+mYH2TrKgMwcp+9cOwGqVJo7C+vqACIImeHGeu A43JKYI6DLwkIcccPpf64hsTI5tc86rkDGE9mW9xAEtBr6PFN8uKg/wUJ jnt9Wu1j1r5DeD02PPC+wjGQWakdrkepddphElWhjydpDhsE6AqEAnXi8 JNqhItLBQFHB7y+Ugeb74geubr1pX5m6KqfafAJb0D03ZuwQLyGFAIdHd /TW29WqlaidMV792FS8Ug5RdVLnsW7caVfeiSaQeM+CqHobpDhlyT2JiF hFrUs0uXQC69aleEpJzGYVcK4H0Pgm/MS0SXaCyz9Al3hR/zO6eEPDkV9 g==; X-CSE-ConnectionGUID: E1HN7DKdQTyt2y7uott3Cw== X-CSE-MsgGUID: CuUlwrhvRZ+lqSuZ0nWZ0w== X-IronPort-AV: E=McAfee;i="6800,10657,11461"; a="51759997" X-IronPort-AV: E=Sophos;i="6.16,230,1744095600"; d="scan'208";a="51759997" Received: from orviesa006.jf.intel.com ([10.64.159.146]) by orvoesa111.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Jun 2025 01:19:50 -0700 X-CSE-ConnectionGUID: 4PKnm71VS6q1E3Af9mDBjg== X-CSE-MsgGUID: s/E3W+LCQNWVnGbTWS/24g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.16,230,1744095600"; d="scan'208";a="147322375" Received: from 984fee019967.jf.intel.com ([10.165.54.94]) by orviesa006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Jun 2025 01:19:50 -0700 From: Chao Gao To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, dapeng1.mi@linux.intel.com, Chao Gao Subject: [PATCH 2/2] KVM: SVM: Simplify MSR interception logic for IA32_XSS MSR Date: Thu, 12 Jun 2025 01:19:47 -0700 Message-ID: <20250612081947.94081-3-chao.gao@intel.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250612081947.94081-1-chao.gao@intel.com> References: <20250612081947.94081-1-chao.gao@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Use svm_set_intercept_for_msr() directly to configure IA32_XSS MSR interception, ensuring consistency with other cases where MSRs are intercepted depending on guest caps and CPUIDs. No functional change intended. Signed-off-by: Chao Gao Reviewed-by: Binbin Wu Reviewed-by: Dapeng Mi --- With this patch applied, svm_enable_intercept_for_msr() has no user. Should it be removed? --- arch/x86/kvm/svm/sev.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 6282c2930cda..504e8a87644a 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -4371,11 +4371,9 @@ void sev_es_recalc_msr_intercepts(struct kvm_vcpu *v= cpu) * XSAVES being exposed to the guest so that KVM can at least honor * guest CPUID for RDMSR and WRMSR. */ - if (guest_cpu_cap_has(vcpu, X86_FEATURE_XSAVES) && - guest_cpuid_has(vcpu, X86_FEATURE_XSAVES)) - svm_disable_intercept_for_msr(vcpu, MSR_IA32_XSS, MSR_TYPE_RW); - else - svm_enable_intercept_for_msr(vcpu, MSR_IA32_XSS, MSR_TYPE_RW); + svm_set_intercept_for_msr(vcpu, MSR_IA32_XSS, MSR_TYPE_RW, + !guest_cpu_cap_has(vcpu, X86_FEATURE_XSAVES) || + !guest_cpuid_has(vcpu, X86_FEATURE_XSAVES)); } =20 void sev_vcpu_after_set_cpuid(struct vcpu_svm *svm) --=20 2.47.1