From nobody Sun Feb  8 05:42:13 2026
Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com
 [209.85.216.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id E1FD32E2DF1
	for <linux-kernel@vger.kernel.org>; Thu, 16 Oct 2025 22:28:21 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1760653703; cv=none;
 b=Yt6Vk71LrR1de2MlA2u9c2vOcM8NRbiJdzPR3BugnQK4FO1iLTkpobcHFjACBgj4vC8+NsRiuiuueFM6JkhPeNPKvIx7kUL97zoi2RkhDZSIhqShzb//wBBSzuwL0JBYasTPVUuFcAhEdhnGhOoDS2kZsRVbKHlRbUpPaTOdMZI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1760653703; c=relaxed/simple;
	bh=yw51Q166Lc381x4Xu3XmbBkTFmjBPCZNcIy/n1Tj+/Q=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=PxYbh0X9ND8iiU/M4NrgWeh1vp/YWbjrRfWuj7UjaHl2K/MpdHHFsPS4xkipAgJwvv2uqRFrS/vUhcuAf/bMuuw7QFfnwR2I49ZjtYtjc9XltY7o1Or2KplUdcRb8Ntlk43QBgCRLz8InYhS+MNBiL5jiFERbp5zV0QSTB/AMkg=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=xVMYrT61; arc=none smtp.client-ip=209.85.216.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="xVMYrT61"
Received: by mail-pj1-f73.google.com with SMTP id
 98e67ed59e1d1-339d5dbf58aso2866295a91.3
        for <linux-kernel@vger.kernel.org>;
 Thu, 16 Oct 2025 15:28:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1760653701; x=1761258501;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=40vdtZU/KoPpmX9suWkabYPY075MZ6BH4jE7OVELxWw=;
        b=xVMYrT61KMki+UyPSXt5QJipiBrv/JTIm15TReveHXVogW21fHTrVGJI1iiXn9/a0S
         tURxpf7BXetiKtO7R6aFzYa6Gv6LRFO9+jVHX+cJobu+xUqD3rTje68cO+hZfs52b8Wb
         RWqXusV8KcAOPLH6Sb1MpTwXzAaIEwqbW52XNLwa9X7qPYE+B6uZGoQK2Pel+3en1MXA
         WJ/0Od1MAufxP9N1fNywJZkTqzG1OhNdqpoawwVbf7xSrQYIuzYqZw/TZN/Y19ApK5iO
         PxZE9qIwEXRjKp6A3k/Co1Aeg28s2wFufNyfKCsgBemIOdlNW7RVTyDlULWZbZstiLAE
         rdkQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760653701; x=1761258501;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=40vdtZU/KoPpmX9suWkabYPY075MZ6BH4jE7OVELxWw=;
        b=Unzja21SK2Um5xCJkjB3ht+0iJWaJcSxZnAr+GJyW026/rhA/4UNgjjon98lP4n8UZ
         5Fru+C/jgoUE4/RoiBrEONDUvKa36egSzB0tJQ2s36gEY6cmpwkq+axQdCrH2qXzvaHL
         LvxwP57DyGz7nCFQK+H0wmc1DmmFt6A4RbCmYXjxdO48zaVpAkroOQChv5KrvAk4dHOu
         O8xRq3ZP8dOqYwKioaHDlvXHmrOTYwPyPiJYABfwznqcyrbfN27G+GdIBTkuLRne+C6A
         vwQOu+3VScFIgjp3XZbwoaizseG5AWZwXm3zekh7baL+QaUDYNYMt8UTfliSOfFvGUSM
         Wbww==
X-Forwarded-Encrypted: i=1;
 AJvYcCUEPUlj8641vOPWWTsgONskVQg895HBlPmT3ijY+osYOIGRVrmkrgrDe7NXk7fdcs3DUFwAaBK5l8/eCK4=@vger.kernel.org
X-Gm-Message-State: AOJu0YzYa24K2nHVTOCLlDDgsGgIxn/SGSQ18pB7seWp1Iad7sBSRxwh
	oaq98buOVOvbs7CoZ4BPar29qIOajT3OT5tXh4TfFhXlWx5XUzaE8NlcPK5sS2+Vu0Txpkc2A4Q
	gTEzjpw==
X-Google-Smtp-Source: 
 AGHT+IH6Vt5HCZ4OsiTtySVHgnNCPAx3kKlqIVZQcPIWh1JDleJgFcxQ9QlzXiMEeW/9zOz/TZlBnAw47FY=
X-Received: from pjbos7.prod.google.com ([2002:a17:90b:1cc7:b0:33b:52d6:e13e])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:90b:54cc:b0:33b:dbdc:65f2
 with SMTP id 98e67ed59e1d1-33bdbdc660bmr324878a91.22.1760653701294; Thu, 16
 Oct 2025 15:28:21 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Thu, 16 Oct 2025 15:28:13 -0700
In-Reply-To: <20251016222816.141523-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20251016222816.141523-1-seanjc@google.com>
X-Mailer: git-send-email 2.51.0.858.gf9c4a03a3a-goog
Message-ID: <20251016222816.141523-2-seanjc@google.com>
Subject: [PATCH v4 1/4] KVM: TDX: Synchronize user-return MSRs immediately
 after VP.ENTER
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>,
	"Kirill A. Shutemov" <kas@kernel.org>
Cc: kvm@vger.kernel.org, x86@kernel.org, linux-coco@lists.linux.dev,
	linux-kernel@vger.kernel.org, Yan Zhao <yan.y.zhao@intel.com>,
	Xiaoyao Li <xiaoyao.li@intel.com>,
 Rick Edgecombe <rick.p.edgecombe@intel.com>,
	Hou Wenlong <houwenlong.hwl@antgroup.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Immediately synchronize the user-return MSR values after a successful
VP.ENTER to minimize the window where KVM is tracking stale values in the
"curr" field, and so that the tracked value is synchronized before IRQs
are enabled.

This is *very* technically a bug fix, as a forced shutdown/reboot will
invoke kvm_shutdown() without waiting for tasks to be frozen, and so the
on_each_cpu() calls to kvm_disable_virtualization_cpu() will call
kvm_on_user_return() from IRQ context and thus could consume a stale
values->curr if the IRQ hits while KVM is active.  That said, the real
motivation is to minimize the window where "curr" is stale, as the same
forced shutdown/reboot flaw has effectively existed for all of non-TDX
for years, as kvm_set_user_return_msr() runs with IRQs enabled.  Not to
mention that a stale MSR is the least of the kernel's concerns if a reboot
is forced while KVM is active.

Fixes: e0b4f31a3c65 ("KVM: TDX: restore user ret MSRs")
Cc: Yan Zhao <yan.y.zhao@intel.com>
Cc: Xiaoyao Li <xiaoyao.li@intel.com>
Cc: Rick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/vmx/tdx.c | 20 +++++++++++++-------
 arch/x86/kvm/vmx/tdx.h |  2 +-
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
index 326db9b9c567..2f3dfe9804b5 100644
--- a/arch/x86/kvm/vmx/tdx.c
+++ b/arch/x86/kvm/vmx/tdx.c
@@ -780,6 +780,14 @@ void tdx_prepare_switch_to_guest(struct kvm_vcpu *vcpu)
 		vt->msr_host_kernel_gs_base =3D read_msr(MSR_KERNEL_GS_BASE);
=20
 	vt->guest_state_loaded =3D true;
+
+	/*
+	 * Several of KVM's user-return MSRs are clobbered by the TDX-Module if
+	 * VP.ENTER succeeds, i.e. on TD-Exit.  Mark those MSRs as needing an
+	 * update to synchronize the "current" value in KVM's cache with the
+	 * value in hardware (loaded by the TDX-Module).
+	 */
+	to_tdx(vcpu)->need_user_return_msr_sync =3D true;
 }
=20
 struct tdx_uret_msr {
@@ -807,7 +815,6 @@ static void tdx_user_return_msr_update_cache(void)
 static void tdx_prepare_switch_to_host(struct kvm_vcpu *vcpu)
 {
 	struct vcpu_vt *vt =3D to_vt(vcpu);
-	struct vcpu_tdx *tdx =3D to_tdx(vcpu);
=20
 	if (!vt->guest_state_loaded)
 		return;
@@ -815,11 +822,6 @@ static void tdx_prepare_switch_to_host(struct kvm_vcpu=
 *vcpu)
 	++vcpu->stat.host_state_reload;
 	wrmsrl(MSR_KERNEL_GS_BASE, vt->msr_host_kernel_gs_base);
=20
-	if (tdx->guest_entered) {
-		tdx_user_return_msr_update_cache();
-		tdx->guest_entered =3D false;
-	}
-
 	vt->guest_state_loaded =3D false;
 }
=20
@@ -1059,7 +1061,11 @@ fastpath_t tdx_vcpu_run(struct kvm_vcpu *vcpu, u64 r=
un_flags)
 		update_debugctlmsr(vcpu->arch.host_debugctl);
=20
 	tdx_load_host_xsave_state(vcpu);
-	tdx->guest_entered =3D true;
+
+	if (tdx->need_user_return_msr_sync) {
+		tdx_user_return_msr_update_cache();
+		tdx->need_user_return_msr_sync =3D false;
+	}
=20
 	vcpu->arch.regs_avail &=3D TDX_REGS_AVAIL_SET;
=20
diff --git a/arch/x86/kvm/vmx/tdx.h b/arch/x86/kvm/vmx/tdx.h
index ca39a9391db1..9434a6371d67 100644
--- a/arch/x86/kvm/vmx/tdx.h
+++ b/arch/x86/kvm/vmx/tdx.h
@@ -67,7 +67,7 @@ struct vcpu_tdx {
 	u64 vp_enter_ret;
=20
 	enum vcpu_tdx_state state;
-	bool guest_entered;
+	bool need_user_return_msr_sync;
=20
 	u64 map_gpa_next;
 	u64 map_gpa_end;
--=20
2.51.0.858.gf9c4a03a3a-goog
From nobody Sun Feb  8 05:42:13 2026
Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com
 [209.85.214.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id E40AC2E6CC6
	for <linux-kernel@vger.kernel.org>; Thu, 16 Oct 2025 22:28:24 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.214.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1760653708; cv=none;
 b=mQiyrFo3nLZdI8k8e+fSnlOPrxvLefOO+4CLhh/9iI80ZjyM0oD+gu4TT+sfbVorO5IoV71IoiwpLxSv0flvU43d3psTwT9pW5imHuhcL2AdZXppFDGew36Rw5At59V56cxXaREEMTRjrCjqKxv0iT/mpUr1xDLJSwla+3GJAmM=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1760653708; c=relaxed/simple;
	bh=Jokj5W6CeBHblVuzEDrKOj9gCUGQHizkOYZDNZwqk7w=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=qKlb6Vuz+MtFjhnhpVc8jpyHMV5zvcZeo4dzTq25SwoUqTRJTiwr8aMrN1AiVE6ahi9Hhr6DC89275wAEsPQy7tH/vtzWKV7Nu6RBjmgvTd7fRv4qumdwt24TOKO97GibWfRo/qqZ6DIHiecPHDy0oO4y4IkpH/rLQ7NbanbR40=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=IbUv9tYg; arc=none smtp.client-ip=209.85.214.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="IbUv9tYg"
Received: by mail-pl1-f201.google.com with SMTP id
 d9443c01a7336-28c58e009d1so23636395ad.3
        for <linux-kernel@vger.kernel.org>;
 Thu, 16 Oct 2025 15:28:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1760653704; x=1761258504;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=WFE7ffxV7H5+bRxN9E59RGE5SAa+1gI5/mtGB/K+Eb4=;
        b=IbUv9tYgoxaNV4K2D3PEmJ7enAVht6dizUt4s5zKC684vP0F1K3XqWr20DfIarPyh5
         VN7gCjEsKDQD9vIf0yAqkQVJDW/cQ6tmcpHT5IQITDO8BaIHa1aIE2l4Qt1B+ugFSggZ
         kuie3Wf4QXqXk3jIW4UylMbGhdZb7ty8Q9FNLDIj7YP/ASW4fndNi03sbGfe75pu07fh
         jZDaZuSRUVSUTLNRBc8n33fLhZi75ada3+1KxQ2Oq8O5aujrTDPrIkRxMY3Xt18sYuaz
         2Y/Z5ugGhPoTKoeTA9BtE4Fnhws+xAns5otiz3GlBWBrpSX7uxQBHhAQEBqZCy+2aoot
         vNbg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760653704; x=1761258504;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=WFE7ffxV7H5+bRxN9E59RGE5SAa+1gI5/mtGB/K+Eb4=;
        b=PuIEl+VPJlRXMX2zP58BRp3+iclPKQgrzC8wtK03tdIujpEKXomTq5pRQGUZCLv3v3
         MoayJwCJ/OGPFmdqmIJkDnOFx7w4o1IlxbsK1sFqJIDcAKqRZ9oUN/+DFcA4dusT6elt
         e8tcJGAKnF3EaenuCJ9CcJi1MIH36+2WCL3pd6tNdwdPc9p+dK/G69DRoLZK89/Z69S3
         s3U7nA0seiKHqmrFKYS3Hz6sZqEZIp/zvekSANKDXqVHCWc9m63wfb6c2tcbuQgNdolf
         65p7TOsaOGFfomZmwfIGmGBgfQM0dbn9xSKKSGsS1hM2BuoWalA4ErwJr49G+wTw+H7L
         sqjw==
X-Forwarded-Encrypted: i=1;
 AJvYcCWLxBWVGZhOe56c1GkPN2sVYpS/CnWymaY2BsVZywcUv3qG7ohaoxU085mhKMuPOW6FwXBPZS4rUUCl4Ak=@vger.kernel.org
X-Gm-Message-State: AOJu0YzccKjvgUSRjvi5kAHACugYjyxBseAIADKLcVyCIHP/CCFNgxtg
	HT38ojA5upxnoSxuxbnS5eiihwemCoALBgKwmQRzs0sahN6hscoWht1LtUgsYwMf28F5PGCvuc0
	Ww/+bfA==
X-Google-Smtp-Source: 
 AGHT+IGINGWujUT8LVwPimS5S002MFmsaGhgV7mzPv8hsrQ2NJzNz7OV/D0bncxkEoFK3d9dOhVqOg/GBnE=
X-Received: from pjsc23.prod.google.com ([2002:a17:90a:bf17:b0:33b:51fe:1a7a])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:902:d508:b0:28a:2e51:9272
 with SMTP id d9443c01a7336-290cbc3f200mr19594825ad.48.1760653704234; Thu, 16
 Oct 2025 15:28:24 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Thu, 16 Oct 2025 15:28:14 -0700
In-Reply-To: <20251016222816.141523-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20251016222816.141523-1-seanjc@google.com>
X-Mailer: git-send-email 2.51.0.858.gf9c4a03a3a-goog
Message-ID: <20251016222816.141523-3-seanjc@google.com>
Subject: [PATCH v4 2/4] KVM: x86: Leave user-return notifier registered on
 reboot/shutdown
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>,
	"Kirill A. Shutemov" <kas@kernel.org>
Cc: kvm@vger.kernel.org, x86@kernel.org, linux-coco@lists.linux.dev,
	linux-kernel@vger.kernel.org, Yan Zhao <yan.y.zhao@intel.com>,
	Xiaoyao Li <xiaoyao.li@intel.com>,
 Rick Edgecombe <rick.p.edgecombe@intel.com>,
	Hou Wenlong <houwenlong.hwl@antgroup.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Leave KVM's user-return notifier registered in the unlikely case that the
notifier is registered when disabling virtualization via IPI callback in
response to reboot/shutdown.  On reboot/shutdown, keeping the notifier
registered is ok as far as MSR state is concerned (arguably better then
restoring MSRs at an unknown point in time), as the callback will run
cleanly and restore host MSRs if the CPU manages to return to userspace
before the system goes down.

The only wrinkle is that if kvm.ko module unload manages to race with
reboot/shutdown, then leaving the notifier registered could lead to
use-after-free due to calling into unloaded kvm.ko module code.  But such
a race is only possible on --forced reboot/shutdown, because otherwise
userspace tasks would be frozen before kvm_shutdown() is called, i.e. on a
"normal" reboot/shutdown, it should be impossible for the CPU to return to
userspace after kvm_shutdown().

Furthermore, on a --forced reboot/shutdown, unregistering the user-return
hook from IRQ context doesn't fully guard against use-after-free, because
KVM could immediately re-register the hook, e.g. if the IRQ arrives before
kvm_user_return_register_notifier() is called.

Rather than trying to guard against the IPI in the "normal" user-return
code, which is difficult and noisy, simply leave the user-return notifier
registered on a reboot, and bump the kvm.ko module refcount to defend
against a use-after-free due to kvm.ko unload racing against reboot.

Alternatively, KVM could allow kvm.ko and try to drop the notifiers during
kvm_x86_exit(), but that's also a can of worms as registration is per-CPU,
and so KVM would need to blast an IPI, and doing so while a reboot/shutdown
is in-progress is far risky than preventing userspace from unloading KVM.

Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/x86.c | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index b4b5d2d09634..386dc2401f58 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -13078,7 +13078,21 @@ int kvm_arch_enable_virtualization_cpu(void)
 void kvm_arch_disable_virtualization_cpu(void)
 {
 	kvm_x86_call(disable_virtualization_cpu)();
-	drop_user_return_notifiers();
+
+	/*
+	 * Leave the user-return notifiers as-is when disabling virtualization
+	 * for reboot, i.e. when disabling via IPI function call, and instead
+	 * pin kvm.ko (if it's a module) to defend against use-after-free (in
+	 * the *very* unlikely scenario module unload is racing with reboot).
+	 * On a forced reboot, tasks aren't frozen before shutdown, and so KVM
+	 * could be actively modifying user-return MSR state when the IPI to
+	 * disable virtualization arrives.  Handle the extreme edge case here
+	 * instead of trying to account for it in the normal flows.
+	 */
+	if (in_task() || WARN_ON_ONCE(!kvm_rebooting))
+		drop_user_return_notifiers();
+	else
+		__module_get(THIS_MODULE);
 }
=20
 bool kvm_vcpu_is_reset_bsp(struct kvm_vcpu *vcpu)
@@ -14363,6 +14377,11 @@ module_init(kvm_x86_init);
=20
 static void __exit kvm_x86_exit(void)
 {
+	int cpu;
+
+	for_each_possible_cpu(cpu)
+		WARN_ON_ONCE(per_cpu_ptr(user_return_msrs, cpu)->registered);
+
 	WARN_ON_ONCE(static_branch_unlikely(&kvm_has_noapic_vcpu));
 }
 module_exit(kvm_x86_exit);
--=20
2.51.0.858.gf9c4a03a3a-goog
From nobody Sun Feb  8 05:42:13 2026
Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com
 [209.85.216.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D490E2E7193
	for <linux-kernel@vger.kernel.org>; Thu, 16 Oct 2025 22:28:26 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1760653708; cv=none;
 b=fot+Ynbpy2ka5WHiTwO2BPIkdmj1V+QAYDyJxS6e/oGP2zajyZl9ZRcc8MnrZR/uYJv0GA1gJFMF4WKrvFoqO0UYrF59X2Jezr95igaXtctlB1QYLsv1O5MPLVfodbZ8r86W6EK9Tt7OJ7+nn+Scxa0PhDCV/pb5zl8D9OOYXkI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1760653708; c=relaxed/simple;
	bh=CiIKDZ3tD54lm+dMIg58E0d1ZctLY3/7BjNtbiYBFp8=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=gHOQbD13OP3H7a+yQyPm0F2NnwhlhsXg/L6sxnXqKIhy5X5doJk5YOCQAFEcagkVFGAX0EZrv+J9StMxO9DklJjnAUYnsF5LRsJn/8U20o5zGGy+/ksYgCxI52fKtsjWbxN9Wj4GBsldPBrdSVSDXuZPup3Dr6ki40HqMVuinp8=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=i7S5XYUm; arc=none smtp.client-ip=209.85.216.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="i7S5XYUm"
Received: by mail-pj1-f73.google.com with SMTP id
 98e67ed59e1d1-32eb864fe90so2239025a91.3
        for <linux-kernel@vger.kernel.org>;
 Thu, 16 Oct 2025 15:28:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1760653706; x=1761258506;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=C7RYKj2bkYamtj/tpY96rNXOI7drHoDq8hs/glpL7oY=;
        b=i7S5XYUmdrDFaAgU9zolcYNEnJN9z9308I4daN0zxsZrTN2KjzZgKsH2l0ICRNqlkR
         6GYIEWDshgrSXo/6Q9SBgrxS3Enc0UfQh5Xoo8ATPO8oy8VOs7K57a1XE5LY49F4XJUT
         /USg2cNsjGtJq8rHGSaY3VT0YeOR+J3ivz2X4QWo5CQwb3YiUf2bTcJlIR4WEuwtJx49
         g6hfopcgjiRAkL8O9SQPLxpvdc5EKa+MfY71QcxU0R+df3LadkILP+5OGT01ROoWmcKe
         LFGmSz7A4+bdCG/OcRNIY4xQUpzCSbLlHJRL5dHXZGaBqW/0go2A7VfYTeHYlAX/BCyo
         UyUg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760653706; x=1761258506;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=C7RYKj2bkYamtj/tpY96rNXOI7drHoDq8hs/glpL7oY=;
        b=Xs0lei0+a4y/k95UoIxDMhHl0Mhw6mUUCWrF7uaHvaB7fB4qbgVkvJeMXNxnu5ox8q
         g4qkeheK7QnYyXXUwm2XCC2Pshe1Uflqmr+GSROWs0yxvcYUKM0kRqw6B2nYu2OKx3Zy
         bwPHEN28vt/e+hs1VGuqNzeZHwE2CHzLXNoSWWseT+Tmy+kaxm+EiIIO8+E+FCnTkbL9
         42vMwY3DCFLGMCFzDyI1PWe0sqLwd/MUMpImUwq73L6uFzmGczpE/s/BOqJZVprLF4gI
         FDPMywkvPCxbSUCMwxy3hJSRZmwT+JfBuDE+azi+ybnk4/KfmrqJuHJ2KNzikBKDzhHX
         5cyg==
X-Forwarded-Encrypted: i=1;
 AJvYcCWzUMgGel7qvaGV9jIGdyTdQyMkSCWPNjza1FAdcmWBXo9ee38pTdx8QBDMmQxOXYumnpgzpSw87+BzgMc=@vger.kernel.org
X-Gm-Message-State: AOJu0YwndguL1eAmGnGAl8KtJPTcvxZ+0UUzyayXdveCuyurEjKk+vjM
	qzRKIXArBi3UhArZ/LBYHRt1am5WM5l+xook9b6SxcKm71vSc17OdAA9KwKFqlBuGMDu9nwiAsz
	mLpAaEA==
X-Google-Smtp-Source: 
 AGHT+IHr7rgfcDHrp89GOkrAJeRqbJYehFtjyPEFfaSBcGteYS74wj9nr9cTOyxVow6+nxcyA3NcfEsIUQE=
X-Received: from pjbpa17.prod.google.com
 ([2002:a17:90b:2651:b0:33b:51fe:1a8c])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:90b:4d12:b0:33b:cfaa:d01a
 with SMTP id 98e67ed59e1d1-33bcfaad01dmr1276533a91.25.1760653706135; Thu, 16
 Oct 2025 15:28:26 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Thu, 16 Oct 2025 15:28:15 -0700
In-Reply-To: <20251016222816.141523-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20251016222816.141523-1-seanjc@google.com>
X-Mailer: git-send-email 2.51.0.858.gf9c4a03a3a-goog
Message-ID: <20251016222816.141523-4-seanjc@google.com>
Subject: [PATCH v4 3/4] KVM: x86: Don't disable IRQs when unregistering
 user-return notifier
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>,
	"Kirill A. Shutemov" <kas@kernel.org>
Cc: kvm@vger.kernel.org, x86@kernel.org, linux-coco@lists.linux.dev,
	linux-kernel@vger.kernel.org, Yan Zhao <yan.y.zhao@intel.com>,
	Xiaoyao Li <xiaoyao.li@intel.com>,
 Rick Edgecombe <rick.p.edgecombe@intel.com>,
	Hou Wenlong <houwenlong.hwl@antgroup.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Hou Wenlong <houwenlong.hwl@antgroup.com>

Remove the code to disable IRQs when unregistering KVM's user-return
notifier now that KVM doesn't invoke kvm_on_user_return() when disabling
virtualization via IPI function call, i.e. now that there's no need to
guard against re-entrancy via IPI callback.

Note, disabling IRQs has largely been unnecessary since commit
a377ac1cd9d7b ("x86/entry: Move user return notifier out of loop") moved
fire_user_return_notifiers() into the section with IRQs disabled.  In doing
so, the commit somewhat inadvertently fixed the underlying issue that
was papered over by commit 1650b4ebc99d ("KVM: Disable irq while
unregistering user notifier").  I.e. in practice, the code and comment
has been stale since commit a377ac1cd9d7b.

Signed-off-by: Hou Wenlong <houwenlong.hwl@antgroup.com>
[sean: rewrite changelog after rebasing, drop lockdep assert]
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/x86.c | 14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 386dc2401f58..394a30bb33da 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -581,18 +581,10 @@ static void kvm_on_user_return(struct user_return_not=
ifier *urn)
 	struct kvm_user_return_msrs *msrs
 		=3D container_of(urn, struct kvm_user_return_msrs, urn);
 	struct kvm_user_return_msr_values *values;
-	unsigned long flags;
=20
-	/*
-	 * Disabling irqs at this point since the following code could be
-	 * interrupted and executed through kvm_arch_disable_virtualization_cpu()
-	 */
-	local_irq_save(flags);
-	if (msrs->registered) {
-		msrs->registered =3D false;
-		user_return_notifier_unregister(urn);
-	}
-	local_irq_restore(flags);
+	msrs->registered =3D false;
+	user_return_notifier_unregister(urn);
+
 	for (slot =3D 0; slot < kvm_nr_uret_msrs; ++slot) {
 		values =3D &msrs->values[slot];
 		if (values->host !=3D values->curr) {
--=20
2.51.0.858.gf9c4a03a3a-goog
From nobody Sun Feb  8 05:42:13 2026
Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com
 [209.85.216.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 716CA2E6CC9
	for <linux-kernel@vger.kernel.org>; Thu, 16 Oct 2025 22:28:28 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1760653710; cv=none;
 b=CxJHirwlRelCaLX2umf0xNiz5ng2ycWsLQlPgJm8N7/vIom+mfCXYV4yZnTq/bIQKW3OztBZFkWShhIDjE97JuokcF7H5M6oCwLyGKf7+5ir/vPguLiNiwNwIzCm2NcE4VtglrUfN6823ymr25FBH/5xcn2Sg93kPGUeEPiv4aA=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1760653710; c=relaxed/simple;
	bh=oY878RYH2mslJwg0qdtPgRwIaldHQ7WLLqDkmC1ip5g=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=j5LeEskR9rhYNS6PHGofmRb0KofHMvbdCVIIf4B8v/ECJvPzy1RSuD9KHA6JIcBTKFGFPBr4Suo3h2jN8bUOTwGZe9a3VtZ0raiaN7PvOBV55A7vxKprfbj1lxw5jaIpKVl8uY6/lk25oPsFYciIQRDO7c0T55KnamkmgL6wD/E=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=aMjMcreb; arc=none smtp.client-ip=209.85.216.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="aMjMcreb"
Received: by mail-pj1-f74.google.com with SMTP id
 98e67ed59e1d1-33bbbb41a84so1994923a91.1
        for <linux-kernel@vger.kernel.org>;
 Thu, 16 Oct 2025 15:28:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1760653708; x=1761258508;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=sod+h68sOef8XvTYH5hL66cOeE3tT8hv2lEauZbhw70=;
        b=aMjMcrebsvEVDGem52AzRNEsfOLc2COtELee/OXTzqx+XkHK/e3AABs6PvMDe2F4yT
         P5UgiQ1sx1246kMqzuVCjNt2+wiZ62bNpq8n8wkFi62z6fAjx+7Q7u40URB9FFiLbz9m
         1dUcOzpO2oUxRAeclliqVcmtw+EldGBU/zTCjXOIuiz7AMC1qCzdhWbhRDgvLhZNTB7v
         MdQi907MaYKb0mT0+gJzN/i++dBlPNC/n07Haen0ZHC78cyDF7OZc9We0PGSNrwqYz9O
         YR0kK7iDTQfV7406ILu4N/QzP+bJT5MyapQFaQYoABEIZFxXb/EYJqH6hePiePCdldHa
         2t+w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760653708; x=1761258508;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=sod+h68sOef8XvTYH5hL66cOeE3tT8hv2lEauZbhw70=;
        b=o1qLMNMvwCcvinLcAZCHfP3F1RT0mSqYMdpaxXSJifm9znGDMFPpY2xprAbHsnv7jd
         Pa8TBr+notAkZNIN10XPX6ev7RueSipj1Vn6I99z6Wbdj4bPZyPevzu5Oo74BwHQoO5v
         jN6TPAwNSvpo7JUai8iSK4h2sHu8JMiVAh+ys0Hfz302wqpA4Pu7FqooSn2U2wg/K3zD
         Z+h0whJoXl+GWj9viDO2VbAljRyJZjIAAg2sRwiA652gYzHF5/Q+nNaQcCJ8QTxBiMJE
         PDoYVzlqBooCumdZwdE7lQC/BmqlHcuejPFsiBtPKBOpNElbe5bf4lHOf4Z1qo+gfB2P
         pgbA==
X-Forwarded-Encrypted: i=1;
 AJvYcCU6TAc1v11ofYjLqbksKVDCpWmoQ30P2Slks+3vgU7/cC7rwR+2yYmcvEfZmNPuyuSoMYoGjYOQxoM9ICE=@vger.kernel.org
X-Gm-Message-State: AOJu0YzifPaRQAc+5falQZ6QXpNB2q0mW/qnJcYriOAEVh3uoeVET4/f
	fYUsrgpWjxdwcfQ4M9GbQpmHteoY7A6R1mieMnm7eukIiULnG4x+kw8pE9MD2WSKI1CHFFdjPv3
	CBI9N2Q==
X-Google-Smtp-Source: 
 AGHT+IEwdDYnEGjMumhEIrDhiWelgfr9l1shpL6etMLfOeb3DaDY5Ntm6comWTq6+d8o1CvS2P0n7vWtfUo=
X-Received: from pjbhi22.prod.google.com
 ([2002:a17:90b:30d6:b0:33b:51fe:1a83])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:90b:1c89:b0:32e:7bbc:bf13
 with SMTP id 98e67ed59e1d1-33bcf91b83bmr1495993a91.34.1760653707913; Thu, 16
 Oct 2025 15:28:27 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Thu, 16 Oct 2025 15:28:16 -0700
In-Reply-To: <20251016222816.141523-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20251016222816.141523-1-seanjc@google.com>
X-Mailer: git-send-email 2.51.0.858.gf9c4a03a3a-goog
Message-ID: <20251016222816.141523-5-seanjc@google.com>
Subject: [PATCH v4 4/4] KVM: x86: Drop "cache" from user return MSR setter
 that skips WRMSR
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>,
	"Kirill A. Shutemov" <kas@kernel.org>
Cc: kvm@vger.kernel.org, x86@kernel.org, linux-coco@lists.linux.dev,
	linux-kernel@vger.kernel.org, Yan Zhao <yan.y.zhao@intel.com>,
	Xiaoyao Li <xiaoyao.li@intel.com>,
 Rick Edgecombe <rick.p.edgecombe@intel.com>,
	Hou Wenlong <houwenlong.hwl@antgroup.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Rename kvm_user_return_msr_update_cache() to __kvm_set_user_return_msr()
and use the helper in kvm_set_user_return_msr() to make it obvious that
the double-underscores version is doing a subset of the work of the "full"
setter.

While the function does indeed update a cache, the nomenclature is
slightly misleading now that there is a "get" helper (see commit
9bc366350734 ("KVM: x86: Add helper to retrieve current value of user
return MSR"), as the current value isn't _just_ the cached value, it's
also the value that's currently loaded in hardware (modulo the fact that
writing .curr and the actual MSR isn't atomic and may have significant
"delays" in certain setups).

Opportunistically rename "index" to "slot" in the prototypes.  The user-
return APIs deliberately use "slot" to try and make it more obvious that
they take the slot within the array, not the index of the MSR.

Opportunistically tweak the local TDX helper to drop "cache" from its
name and to use "sync" instead of "update", so that it's more obvious the
goal is to sync (with hardware), versus doing some arbitrary update.

No functional change intended.

Cc: Rick Edgecombe <rick.p.edgecombe@intel.com>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Reviewed-by: Yan Zhao <yan.y.zhao@intel.com>
Link: https://lore.kernel.org/all/aM2EvzLLmBi5-iQ5@google.com [1]
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/include/asm/kvm_host.h |  4 ++--
 arch/x86/kvm/vmx/tdx.c          | 10 +++++-----
 arch/x86/kvm/x86.c              | 21 ++++++++++-----------
 3 files changed, 17 insertions(+), 18 deletions(-)

diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_hos=
t.h
index 48598d017d6f..dc2476f25c75 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -2377,8 +2377,8 @@ int kvm_pv_send_ipi(struct kvm *kvm, unsigned long ip=
i_bitmap_low,
=20
 int kvm_add_user_return_msr(u32 msr);
 int kvm_find_user_return_msr(u32 msr);
-int kvm_set_user_return_msr(unsigned index, u64 val, u64 mask);
-void kvm_user_return_msr_update_cache(unsigned int index, u64 val);
+int kvm_set_user_return_msr(unsigned int slot, u64 val, u64 mask);
+void __kvm_set_user_return_msr(unsigned int slot, u64 val);
 u64 kvm_get_user_return_msr(unsigned int slot);
=20
 static inline bool kvm_is_supported_user_return_msr(u32 msr)
diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
index 2f3dfe9804b5..b7e2957d53d9 100644
--- a/arch/x86/kvm/vmx/tdx.c
+++ b/arch/x86/kvm/vmx/tdx.c
@@ -803,13 +803,13 @@ static struct tdx_uret_msr tdx_uret_msrs[] =3D {
 	{.msr =3D MSR_TSC_AUX,},
 };
=20
-static void tdx_user_return_msr_update_cache(void)
+static void tdx_sync_user_return_msrs(void)
 {
 	int i;
=20
 	for (i =3D 0; i < ARRAY_SIZE(tdx_uret_msrs); i++)
-		kvm_user_return_msr_update_cache(tdx_uret_msrs[i].slot,
-						 tdx_uret_msrs[i].defval);
+		__kvm_set_user_return_msr(tdx_uret_msrs[i].slot,
+					  tdx_uret_msrs[i].defval);
 }
=20
 static void tdx_prepare_switch_to_host(struct kvm_vcpu *vcpu)
@@ -1063,7 +1063,7 @@ fastpath_t tdx_vcpu_run(struct kvm_vcpu *vcpu, u64 ru=
n_flags)
 	tdx_load_host_xsave_state(vcpu);
=20
 	if (tdx->need_user_return_msr_sync) {
-		tdx_user_return_msr_update_cache();
+		tdx_sync_user_return_msrs();
 		tdx->need_user_return_msr_sync =3D false;
 	}
=20
@@ -3446,7 +3446,7 @@ static int __init __tdx_bringup(void)
 		 *
 		 * this_cpu_ptr(user_return_msrs)->registered isn't checked
 		 * because the registration is done at vcpu runtime by
-		 * tdx_user_return_msr_update_cache().
+		 * tdx_sync_user_return_msrs().
 		 */
 		tdx_uret_msrs[i].slot =3D kvm_find_user_return_msr(tdx_uret_msrs[i].msr);
 		if (tdx_uret_msrs[i].slot =3D=3D -1) {
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 394a30bb33da..68daf94e0deb 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -655,6 +655,15 @@ static void kvm_user_return_register_notifier(struct k=
vm_user_return_msrs *msrs)
 	}
 }
=20
+void __kvm_set_user_return_msr(unsigned int slot, u64 value)
+{
+	struct kvm_user_return_msrs *msrs =3D this_cpu_ptr(user_return_msrs);
+
+	msrs->values[slot].curr =3D value;
+	kvm_user_return_register_notifier(msrs);
+}
+EXPORT_SYMBOL_GPL(__kvm_set_user_return_msr);
+
 int kvm_set_user_return_msr(unsigned slot, u64 value, u64 mask)
 {
 	struct kvm_user_return_msrs *msrs =3D this_cpu_ptr(user_return_msrs);
@@ -667,21 +676,11 @@ int kvm_set_user_return_msr(unsigned slot, u64 value,=
 u64 mask)
 	if (err)
 		return 1;
=20
-	msrs->values[slot].curr =3D value;
-	kvm_user_return_register_notifier(msrs);
+	__kvm_set_user_return_msr(slot, value);
 	return 0;
 }
 EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_set_user_return_msr);
=20
-void kvm_user_return_msr_update_cache(unsigned int slot, u64 value)
-{
-	struct kvm_user_return_msrs *msrs =3D this_cpu_ptr(user_return_msrs);
-
-	msrs->values[slot].curr =3D value;
-	kvm_user_return_register_notifier(msrs);
-}
-EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_user_return_msr_update_cache);
-
 u64 kvm_get_user_return_msr(unsigned int slot)
 {
 	return this_cpu_ptr(user_return_msrs)->values[slot].curr;
--=20
2.51.0.858.gf9c4a03a3a-goog