From nobody Mon May 25 18:05:08 2026 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9F1FE3C9890 for ; Thu, 14 May 2026 21:31:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778794281; cv=none; b=lC7cdP5N1VHJ0oheq9//EcyVvCKTb0FLFQnIXUzGxBJ/iE70yd97HiqCmc+s5dgzz3xVMQYTI5+3MCiBs5bBIs+MapBJYcPsIj9f+l+bYkEKfzFF8YhkSyzQ0Xwgz0RVYcNuN5S0+74glUqtvPUsvYft3FmE1sKW3n7lRiLYTs8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778794281; c=relaxed/simple; bh=zP8FG7gR4kQSYlMKsnzHDVfBp2RBSnmLhcQ8x+sRKY8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=gnO4hugEbnGH9lRCIFxfy8qrpboTfJVdoszNeQii15lSQoi83LeWu7zE+BBXwHTMTxGLF6qfirQJ4j2D78OLBPtgUutnA6PEAooIp0ZCRMcsCOf2iSQMNYiAOYfOvTtCEJ6UETkfboJQR2AcKGFWgw/iZmpGPYGU/HRQZsoav2s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=fZPgd/OS; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="fZPgd/OS" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-c8279604464so6445916a12.1 for ; Thu, 14 May 2026 14:31:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1778794279; x=1779399079; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=XG/6b/TOztbBZwZn8k6Bl/hK/PyTdi4YhEYhzuDxK0k=; b=fZPgd/OS8rU3tq99Xe2L94LZXO+ORMg9cDhUx2CGE/UeKGRfna4f2iZVYLBeKaN7+U eJzPNXDfbx6AzWa6J5g28s8pHy0+PFvUKuBwO2qSvkuzOkiMm6bFOiX0pIiIomiD4Zng VST57hMq4X1t1C+3BiT0GpezwA4ZSjd75JLxFxzoy6cAPIQOaYI5Zb8Rzb3HUMR1FMJI d03QnLV3iZw13k4u6nlNbi0lF3Lmr7kY0A+sH3/3oOhOR/yRwF3+rSJgPhKb/1jCMpZ0 PlEFw3bMUGthGVbFSoiuSTAs9NN6tYPGthM53JOOC1yV9bAf11q2rnTtJnsugZ5hM+za yK8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778794279; x=1779399079; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=XG/6b/TOztbBZwZn8k6Bl/hK/PyTdi4YhEYhzuDxK0k=; b=UD0KjcCbOtbgOC4XxVNDkHbo26xLMVm1QuvANlxJp02Z/qw+a+mkMOLyyncazvFFDs iTMRwJCWzqHCYgPAxTF5O1VgZuxncw0nrehO0Wiih7dBaE9TsZX9libmZI36pqwzEhpI TGWBt2D+Cn/HwEbT1Jy/Nvg0NWsRz6IsIHeuV4J95Zqp8dYOfUJE81m0qALB3VRhihP+ 5MTFzQ8dt5UBKXLAZVQ0lfCjvc4AILKGsOdvOnaKgnd/XbcKckwux/uBrmTktCy7Wkq2 yfVbHFqfuMcp+E/DY3h/lel1s+tMcCF2OTNN93jee5UVKKzmh4tW5ms4S41LWzq/gtGI dIgA== X-Forwarded-Encrypted: i=1; AFNElJ9NVaHfIxcXwn0+q5X52/jJtZ8hSa670RQxJttKJlffRSe48FwBo3xVCL/kbmXYMVtjBNq/ffou8yPh0IA=@vger.kernel.org X-Gm-Message-State: AOJu0YzavJMjjslJc2cxK4ZjKHQnV7JxUhlHvdwtkLtwdj46hz28y1IW xi+lE6OuZmFFD3Rew9pVzHAt7EbzyaA7mrOBcHZ7mbzLS4cFKEnPWB738sT2dBeFb6tihFk+dx1 6FZg8aw== X-Received: from pfblu7.prod.google.com ([2002:a05:6a00:7487:b0:836:6e32:7280]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a00:35ce:b0:835:3f51:7305 with SMTP id d2e1a72fcca58-83f33cb3b90mr1144398b3a.15.1778794278325; Thu, 14 May 2026 14:31:18 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 14 May 2026 14:31:13 -0700 In-Reply-To: <20260514213115.1637082-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260514213115.1637082-1-seanjc@google.com> X-Mailer: git-send-email 2.54.0.563.g4f69b47b94-goog Message-ID: <20260514213115.1637082-2-seanjc@google.com> Subject: [PATCH v3 1/3] KVM: x86: Add dedicated API for getting mask of accelerated x2APIC MSRs From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Naveen N Rao Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add a dedicated local APIC API, kvm_x2apic_disable_intercept_reg_mask(), to provide the mask of x2APIC registers whose MSRs can and should be passed through to the guest when x2APIC virtualization is enable, and use it in lieu of the open-coded equivalent VMX logic. Providing a common helper will allow sharing the logic with SVM (x2AVIC), and as a bonus eliminates the somewhat confusing code where KVM enables interception for MSR_TYPE_RW, even though only the READ case actually needs to be updated. No functional change intended. Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson Reviewed-by: Naveen N Rao (AMD) --- arch/x86/kvm/lapic.c | 21 +++++++++++++++++++-- arch/x86/kvm/lapic.h | 2 +- arch/x86/kvm/vmx/vmx.c | 3 +-- 3 files changed, 21 insertions(+), 5 deletions(-) diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 4078e624ca66..4e34f75e705d 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -1730,7 +1730,7 @@ static inline struct kvm_lapic *to_lapic(struct kvm_i= o_device *dev) #define APIC_REGS_MASK(first, count) \ (APIC_REG_MASK(first) * ((1ull << (count)) - 1)) =20 -u64 kvm_lapic_readable_reg_mask(struct kvm_lapic *apic) +static u64 kvm_lapic_readable_reg_mask(struct kvm_lapic *apic) { /* Leave bits '0' for reserved and write-only registers. */ u64 valid_reg_mask =3D @@ -1766,7 +1766,24 @@ u64 kvm_lapic_readable_reg_mask(struct kvm_lapic *ap= ic) =20 return valid_reg_mask; } -EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_lapic_readable_reg_mask); + +u64 kvm_x2apic_disable_read_intercept_reg_mask(struct kvm_vcpu *vcpu) +{ + if (WARN_ON_ONCE(!lapic_in_kernel(vcpu))) + return 0; + + /* + * TMMCT, a.k.a. the current APIC timer count, reads aren't accelerated + * by hardware (Intel or AMD) as the timer is emulated in software (by + * KVM), i.e. reads from the virtual APIC page would return garbage. + * Intercept RDMSR, as handling the fault-like APIC-access VM-Exit is + * more expensive than handling a RDMSR VM-Exit (the APIC-access exit + * requires slow emulation of the code stream). + */ + return kvm_lapic_readable_reg_mask(vcpu->arch.apic) & + ~APIC_REG_MASK(APIC_TMCCT); +} +EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_x2apic_disable_read_intercept_reg_mask); =20 static int kvm_lapic_reg_read(struct kvm_lapic *apic, u32 offset, int len, void *data) diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h index 274885af4ebc..f763cd29a508 100644 --- a/arch/x86/kvm/lapic.h +++ b/arch/x86/kvm/lapic.h @@ -156,7 +156,7 @@ int kvm_hv_vapic_msr_read(struct kvm_vcpu *vcpu, u32 ms= r, u64 *data); int kvm_lapic_set_pv_eoi(struct kvm_vcpu *vcpu, u64 data, unsigned long le= n); void kvm_lapic_exit(void); =20 -u64 kvm_lapic_readable_reg_mask(struct kvm_lapic *apic); +u64 kvm_x2apic_disable_read_intercept_reg_mask(struct kvm_vcpu *vcpu); =20 static inline void kvm_lapic_set_irr(int vec, struct kvm_lapic *apic) { diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index b02d176800f8..a23a144eef13 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -4156,7 +4156,7 @@ static void vmx_update_msr_bitmap_x2apic(struct kvm_v= cpu *vcpu) * mode, only the current timer count needs on-demand emulation by KVM. */ if (mode & MSR_BITMAP_MODE_X2APIC_APICV) - msr_bitmap[read_idx] =3D ~kvm_lapic_readable_reg_mask(vcpu->arch.apic); + msr_bitmap[read_idx] =3D ~kvm_x2apic_disable_read_intercept_reg_mask(vcp= u); else msr_bitmap[read_idx] =3D ~0ull; msr_bitmap[write_idx] =3D ~0ull; @@ -4169,7 +4169,6 @@ static void vmx_update_msr_bitmap_x2apic(struct kvm_v= cpu *vcpu) !(mode & MSR_BITMAP_MODE_X2APIC)); =20 if (mode & MSR_BITMAP_MODE_X2APIC_APICV) { - vmx_enable_intercept_for_msr(vcpu, X2APIC_MSR(APIC_TMCCT), MSR_TYPE_RW); vmx_disable_intercept_for_msr(vcpu, X2APIC_MSR(APIC_EOI), MSR_TYPE_W); vmx_disable_intercept_for_msr(vcpu, X2APIC_MSR(APIC_SELF_IPI), MSR_TYPE_= W); if (enable_ipiv) --=20 2.54.0.563.g4f69b47b94-goog From nobody Mon May 25 18:05:08 2026 Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com [209.85.210.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 720313C4152 for ; Thu, 14 May 2026 21:31:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778794282; cv=none; b=kxLlemKXK5MJWg4zRrnnXaaa0cAKLNk0Zaa8rK/2UFvWcod/LHZhSAQtbRooIuK0l6p5tOatd/irsnQPivyCbVk9C+52fdDRxXD1YHKA2AXUzs4JampgmGLSacMJMGb6F/O1BLV97++kKZU6f4wk6Teo63oOD6vY4W6h0Jt2Oac= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778794282; c=relaxed/simple; bh=nnXXn09j1ksj4LKsVJcu4ngNhykURiZr/EZcfzQZh2o=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=ud8A6yisruskJ1Ciro9Oer9lNgyHGRIUq6hoIOrqINzXPjG+zpMTdY7MrqKDiRuGjxHdjPMsbegbz6OhBS4MYnAEsnWnRRdTPSIX2F0KpVtydV+sh21di9gb9wSO85gHWu8XVSBxzFgKIlcpF2TxLvBSEooFEjclNlyYAO1HOOQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=YpKWy5Is; arc=none smtp.client-ip=209.85.210.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="YpKWy5Is" Received: by mail-pf1-f202.google.com with SMTP id d2e1a72fcca58-83544d05c5aso4536682b3a.2 for ; Thu, 14 May 2026 14:31:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1778794280; x=1779399080; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=W8XSmdIGAkJ060bjV22HpsDNJp+6MFB13DB5rwFbE4w=; b=YpKWy5IsYih2ObjV/T2gmjVRYGHm1HxDdToGNgp+CQoLqxW6tp0es0jey3HteKNYSh gYFWAklGlNfRYUOWQ9wY9NzZ1DXC7ot1FzHPbBAC1tKMkO6EJ91tvAUm5mf1B1pW9MVl fO8yVQTJ0PcY24RRgpEEuOzms7wxJGZu5l67ypiGk+zZ3w9VcndOENBP1mczv6hg2uIM 8ufd9iY9Ht/723hEoeymHKPAVi276QI4vAwOHFO9tua2TvtT1nx1kQi9FDXYQUf9Qayx HIb1rBxG5duCcAVKmvHU8dMCgU4IWfdaaJyHYyuu+E1hU60P9ok8nWZ1uMN1jpggDHgG Ohwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778794280; x=1779399080; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=W8XSmdIGAkJ060bjV22HpsDNJp+6MFB13DB5rwFbE4w=; b=RP7Jo3CFq0rMHeLm3sneWSAGcDN4ycKj6Qf53mrO4r11YR6S3spoh24zXMkQBfbJan LcpTa3ej6cABJ+SgPL1CuX0HitE48mTON+Og3VTe5Dzqb2dK2yc81rYfPVvZFp0T7i65 9POC4+oZW6UWMTQVVBkcAfd7b/Vr4GTdY/wSyFU57WzWbvayvHhygCGr4E8iyqZuuiM4 InRC6+HE+NbznT1/q4ebSzFWvjGqW5DcuUWkah4zEpmFrGDpZF9uswh0cKMSAl7M67L6 tjNDE+cVUziU6GAx+r0NOrfpmvp4JU3yl0ITm63d9LreAhiEIs8Dx4CEXKBUdhVBqtVK UqgQ== X-Forwarded-Encrypted: i=1; AFNElJ9mxxWBVgCHYJNiL3JFtsWYz2o4ANJrYYeWdM4R6UkU9/dvKPmQ1RO8ICi+SZkDn9rmrA08hm7i/5FcuV8=@vger.kernel.org X-Gm-Message-State: AOJu0Yx4yLqsn5f3cKkyQnTqkBXpzX0D0pOY3yRqojWHlH8x20TPU+s7 NaUfPdPp3D5E0Od+PU/HKl3XKsUBbHLP54FEM2tR2HBNT7kx99RKIBLPCyb2HCRgBIFrgVbDt8E 5C2hfkQ== X-Received: from pfhh11.prod.google.com ([2002:a05:6a00:230b:b0:82f:8afc:f74a]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a00:ab0d:b0:838:1c71:bc7d with SMTP id d2e1a72fcca58-83f33bae2d5mr1187298b3a.3.1778794279515; Thu, 14 May 2026 14:31:19 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 14 May 2026 14:31:14 -0700 In-Reply-To: <20260514213115.1637082-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260514213115.1637082-1-seanjc@google.com> X-Mailer: git-send-email 2.54.0.563.g4f69b47b94-goog Message-ID: <20260514213115.1637082-3-seanjc@google.com> Subject: [PATCH v3 2/3] KVM: SVM: Disable x2AVIC RDMSR interception for MSRs KVM actually supports From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Naveen N Rao Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When toggling x2AVIC on/off, use KVM's curated mask of x2APIC MSRs that can/should be passed through to the guest (or not) when 2AVIC is enabled. Using the effective list provided by the local APIC emulation fixes multiple (classes of) bugs, as the existing hand-coded list of MSRs is wrong on multiple fronts: - ARBPRI isn't supported by x2APIC, but its unaccelerated AVIC intercept is fault-like; disabling interception is nonsensical and suboptimal as the access generates a #VMEXIT that requires decoding the instruction. - DFR and ICR2 aren't supported by x2APIC and so don't need their intercepts disabled for performance reasons. While the #GP due to x2APIC being abled has higher priority than the trap-like #VMEXIT, disabling interception of unsupported MSRs is confusing and unnecessary. - RRR is completely unsupported. - AVIC currently fails to pass through the "range of vectors" registers, IRR, ISR, and TMR, as e.g. X2APIC_MSR(APIC_IRR) only affects IRR0, and thus only disables intercept for vectors 31:0 (which are the *least* interesting registers). - TMCCT (the current APIC timer count) isn't accelerated by hardware, and generates a fault-like AVIC_UNACCELERATED_ACCESS #VMEXIT, i.e. requires KVM to decode the instruction to figure out what the guest was trying to access. Note, the only reason this isn't a fatal bug is that the AVIC architecture had the foresight to guard against buggy hypervisors. E.g. if hardware simply read from the virtual APIC page, the guest would get garbage (because the timer is emulated in software). Fixes: 4d1d7942e36a ("KVM: SVM: Introduce logic to (de)activate x2AVIC mode= ") Cc: stable@vger.kernel.org Reviewed-by: Naveen N Rao (AMD) Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/avic.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/svm/avic.c b/arch/x86/kvm/svm/avic.c index adf211860949..8e4926c7b8dc 100644 --- a/arch/x86/kvm/svm/avic.c +++ b/arch/x86/kvm/svm/avic.c @@ -122,6 +122,9 @@ static u32 x2avic_max_physical_id; static void avic_set_x2apic_msr_interception(struct vcpu_svm *svm, bool intercept) { + struct kvm_vcpu *vcpu =3D &svm->vcpu; + u64 rd_regs; + static const u32 x2avic_passthrough_msrs[] =3D { X2APIC_MSR(APIC_ID), X2APIC_MSR(APIC_LVR), @@ -162,9 +165,15 @@ static void avic_set_x2apic_msr_interception(struct vc= pu_svm *svm, if (!x2avic_enabled) return; =20 + rd_regs =3D kvm_x2apic_disable_read_intercept_reg_mask(vcpu); + + for_each_set_bit(i, (unsigned long *)&rd_regs, BITS_PER_TYPE(rd_regs)) + svm_set_intercept_for_msr(vcpu, APIC_BASE_MSR + i, + MSR_TYPE_R, intercept); + for (i =3D 0; i < ARRAY_SIZE(x2avic_passthrough_msrs); i++) - svm_set_intercept_for_msr(&svm->vcpu, x2avic_passthrough_msrs[i], - MSR_TYPE_RW, intercept); + svm_set_intercept_for_msr(vcpu, x2avic_passthrough_msrs[i], + MSR_TYPE_W, intercept); =20 svm->x2avic_msrs_intercepted =3D intercept; } --=20 2.54.0.563.g4f69b47b94-goog From nobody Mon May 25 18:05:08 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 701A33CEB95 for ; Thu, 14 May 2026 21:31:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778794284; cv=none; b=iOqSrdJiW3iO5q2rUoa1UM+k7Syk/zsJGwBlAN6krqT4CD2zNlCdYNHMTPsxhmtLi/YN9DqIITEHDnw/CJkcvjtZYL/Qv3KTQj9l9I5/+WjCa7CrnYYgNEphZ4XNW1hkEWuPVIoWGe3h5uNM7pv74p6RziYNUkTCnUJ40en2pAI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778794284; c=relaxed/simple; bh=jL5IYb03hmKidFINs/UfB/2dGQeYQJrV/+wNelGTthQ=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=OtEcdi+fn/t3oDPuffKnvFvygqg6qfSkp0gd6b9QJOgr3xwcxIssNbO50Vk9F5ROp4da1LkJ4A7HTceBrgWWcO0GtwPPhvZ2XYkRolwlMqu/EkqHQ/G5XMVNp8u4Nj5j434ak3yqp98TgklBDAoneqqe6Yg7QspXVb9pEWM8AaE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Xqs7WrN0; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Xqs7WrN0" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-367cb6de61aso11148733a91.1 for ; Thu, 14 May 2026 14:31:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1778794281; x=1779399081; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=NPbCmXIxeXWQqxNfYcnl9k3H40V4UxyT19ETB/rfsj0=; b=Xqs7WrN077fyeHOHRvVgNEk1ZuHw4VvWKLKrLUNi2sdLT87OEIMnFRiNu2DzszGmjX PR6jBjTyK0f6EKQ+h4Bt1ZtdbCsdBxiEZEFqah8oafgNJVbEegfF/4zCkS1QAj5d1ywn aErbMHdbo1sabgIeZslCZLD43s99cC5KCtGwLZgQDIquq54ugaMG8St6jbGVLtjDRJYV XHH9yF0RpVZeKke6MANuTBgvnLOqeOeZzfddRQvbqKHzNd4yfVTmCu0KKRefs1OXXvrZ HAGnno7PYkNjODRfYasFOYBWA41SJg7MklDl8N4MCbOZ5pY3L3WA50MYJUsxTqzzrHCy HGdA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778794281; x=1779399081; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=NPbCmXIxeXWQqxNfYcnl9k3H40V4UxyT19ETB/rfsj0=; b=mkUQ0WUJoq/VeegGlxBrGwNyfgTfsUtjLULcKnSsGeg5wT7abT2LUHROdIEVGT22lK jtFP4zHYxnvq35gim2ANJZjuOgvGZ6EwEPQ+/TIHZP6wVe8BSNmmteFwNps0KBX7g8Ft NJYcQLMyPD+TPqjiEpdpCBshYEqo/v6toXcb2hLIdHatiDkKD245e2VqvSJzzepWVWDJ ZbREygtNa/Y4uERS8yZRR4nQOAxIeP7tfjDlOTFs023DCPgr3EDyyaFc0p86amOgOWaB 6PzoDSadhQcs59VEGNy21XOyCmChMJYfpBDYzQxIjSTt38u8fy6VF6afqhbmqhD1V5V1 /9Og== X-Forwarded-Encrypted: i=1; AFNElJ9gec3AQ0nB6G5+6oEE1OC+Ogj+xbcMO6CzQfHsJM0Oh5CWZE7RAz4kVtc/HX420GFmdswtJbfplCtFMK0=@vger.kernel.org X-Gm-Message-State: AOJu0YyR6w+7SYUAxqvR3/+4scTR/xmn01U8rq7SrneZNBvycyQzmwen 4ZyXb3rjUmWB031kIY2/FuMu7pVaHJ3dapPe3q6JeOPbwywoeok4TfoP2LuNCPVsfZ7TCEHoi2i abJ7D4g== X-Received: from pjuv11.prod.google.com ([2002:a17:90a:d58b:b0:368:f2e1:2bc2]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:3dc4:b0:365:fca2:8bdd with SMTP id 98e67ed59e1d1-36951778509mr1083170a91.0.1778794280643; Thu, 14 May 2026 14:31:20 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 14 May 2026 14:31:15 -0700 In-Reply-To: <20260514213115.1637082-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260514213115.1637082-1-seanjc@google.com> X-Mailer: git-send-email 2.54.0.563.g4f69b47b94-goog Message-ID: <20260514213115.1637082-4-seanjc@google.com> Subject: [PATCH v3 3/3] KVM: SVM: Only disable x2AVIC WRMSR interception for MSRs that are accelerated From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Naveen N Rao Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When x2AVIC is enabled, disable WRMSR interception only for MSRs that are actually accelerated by hardware. Disabling interception for MSRs that aren't accelerated is functionally "fine", and in some cases a weird "win" for performance, but only for cases that should never be triggered by a well-behaved VM (writes to read-only registers; the #GP will typically occur in the guest without taking a #VMEXIT, even for fault-like exits). But overall, disabling interception for MSRs that aren't accelerated is at best confusing and unintuitive, and at worst introduces avoidable risk, as the APM's documentation is imperfect and contradictory. The table in "15.29.3.1 Virtual APIC Register Accesses" of simply states that such writes generate exits, where as "Section 15.29.10 x2AVIC" says: x2APIC MSR intercept checks and access checks have higher priority than AVIC access permission checks. CPU behavior follows the latter (which makes perfect sense), but all in all there's simply no reason to disable interception just to make a #GP faster. Note, the set of MSRs that are passed through for write is identical to VMX's set when IPI virtualization is enabled. This is not a coincidence, and is another motiviating factor for cleaning up the intercepts, as x2AVIC is functionally equivalent to APICv+IPIv. Fixes: 4d1d7942e36a ("KVM: SVM: Introduce logic to (de)activate x2AVIC mode= ") Cc: stable@vger.kernel.org Reviewed-by: Naveen N Rao (AMD) Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/avic.c | 40 ++++------------------------------------ 1 file changed, 4 insertions(+), 36 deletions(-) diff --git a/arch/x86/kvm/svm/avic.c b/arch/x86/kvm/svm/avic.c index 8e4926c7b8dc..724a45c2aa23 100644 --- a/arch/x86/kvm/svm/avic.c +++ b/arch/x86/kvm/svm/avic.c @@ -124,39 +124,6 @@ static void avic_set_x2apic_msr_interception(struct vc= pu_svm *svm, { struct kvm_vcpu *vcpu =3D &svm->vcpu; u64 rd_regs; - - static const u32 x2avic_passthrough_msrs[] =3D { - X2APIC_MSR(APIC_ID), - X2APIC_MSR(APIC_LVR), - X2APIC_MSR(APIC_TASKPRI), - X2APIC_MSR(APIC_ARBPRI), - X2APIC_MSR(APIC_PROCPRI), - X2APIC_MSR(APIC_EOI), - X2APIC_MSR(APIC_RRR), - X2APIC_MSR(APIC_LDR), - X2APIC_MSR(APIC_DFR), - X2APIC_MSR(APIC_SPIV), - X2APIC_MSR(APIC_ISR), - X2APIC_MSR(APIC_TMR), - X2APIC_MSR(APIC_IRR), - X2APIC_MSR(APIC_ESR), - X2APIC_MSR(APIC_ICR), - X2APIC_MSR(APIC_ICR2), - - /* - * Note! Always intercept LVTT, as TSC-deadline timer mode - * isn't virtualized by hardware, and the CPU will generate a - * #GP instead of a #VMEXIT. - */ - X2APIC_MSR(APIC_LVTTHMR), - X2APIC_MSR(APIC_LVTPC), - X2APIC_MSR(APIC_LVT0), - X2APIC_MSR(APIC_LVT1), - X2APIC_MSR(APIC_LVTERR), - X2APIC_MSR(APIC_TMICT), - X2APIC_MSR(APIC_TMCCT), - X2APIC_MSR(APIC_TDCR), - }; int i; =20 if (intercept =3D=3D svm->x2avic_msrs_intercepted) @@ -171,9 +138,10 @@ static void avic_set_x2apic_msr_interception(struct vc= pu_svm *svm, svm_set_intercept_for_msr(vcpu, APIC_BASE_MSR + i, MSR_TYPE_R, intercept); =20 - for (i =3D 0; i < ARRAY_SIZE(x2avic_passthrough_msrs); i++) - svm_set_intercept_for_msr(vcpu, x2avic_passthrough_msrs[i], - MSR_TYPE_W, intercept); + svm_set_intercept_for_msr(vcpu, X2APIC_MSR(APIC_TASKPRI), MSR_TYPE_W, int= ercept); + svm_set_intercept_for_msr(vcpu, X2APIC_MSR(APIC_EOI), MSR_TYPE_W, interce= pt); + svm_set_intercept_for_msr(vcpu, X2APIC_MSR(APIC_SELF_IPI), MSR_TYPE_W, in= tercept); + svm_set_intercept_for_msr(vcpu, X2APIC_MSR(APIC_ICR), MSR_TYPE_W, interce= pt); =20 svm->x2avic_msrs_intercepted =3D intercept; } --=20 2.54.0.563.g4f69b47b94-goog