Skip to content

Commit 160f143

Browse files
sean-jcsean-jc
committed
KVM: SVM: Manually recalc all MSR intercepts on userspace MSR filter change
On a userspace MSR filter change, recalculate all MSR intercepts using the filter-agnostic logic instead of maintaining a "shadow copy" of KVM's desired intercepts. The shadow bitmaps add yet another point of failure, are confusing (e.g. what does "handled specially" mean!?!?), an eyesore, and a maintenance burden. Given that KVM *must* be able to recalculate the correct intercepts at any given time, and that MSR filter updates are not hot paths, there is zero benefit to maintaining the shadow bitmaps. Opportunistically switch from boot_cpu_has() to cpu_feature_enabled() as appropriate. Link: https://lore.kernel.org/all/aCdPbZiYmtni4Bjs@google.com Link: https://lore.kernel.org/all/20241126180253.GAZ0YNTdXH1UGeqsu6@fat_crate.local Cc: Francesco Lavra <francescolavra.fl@gmail.com> Link: https://lore.kernel.org/r/20250610225737.156318-20-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc@google.com>
1 parent 8a056ec commit 160f143

File tree

3 files changed

+97
-280
lines changed

3 files changed

+97
-280
lines changed

arch/x86/kvm/svm/sev.c

Lines changed: 5 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -4386,9 +4386,12 @@ int sev_es_string_io(struct vcpu_svm *svm, int size, unsigned int port, int in)
43864386
count, in);
43874387
}
43884388

4389-
static void sev_es_vcpu_after_set_cpuid(struct vcpu_svm *svm)
4389+
void sev_es_recalc_msr_intercepts(struct kvm_vcpu *vcpu)
43904390
{
4391-
struct kvm_vcpu *vcpu = &svm->vcpu;
4391+
/* Clear intercepts on MSRs that are context switched by hardware. */
4392+
svm_disable_intercept_for_msr(vcpu, MSR_AMD64_SEV_ES_GHCB, MSR_TYPE_RW);
4393+
svm_disable_intercept_for_msr(vcpu, MSR_EFER, MSR_TYPE_RW);
4394+
svm_disable_intercept_for_msr(vcpu, MSR_IA32_CR_PAT, MSR_TYPE_RW);
43924395

43934396
if (boot_cpu_has(X86_FEATURE_V_TSC_AUX))
43944397
svm_set_intercept_for_msr(vcpu, MSR_TSC_AUX, MSR_TYPE_RW,
@@ -4423,16 +4426,12 @@ void sev_vcpu_after_set_cpuid(struct vcpu_svm *svm)
44234426
best = kvm_find_cpuid_entry(vcpu, 0x8000001F);
44244427
if (best)
44254428
vcpu->arch.reserved_gpa_bits &= ~(1UL << (best->ebx & 0x3f));
4426-
4427-
if (sev_es_guest(svm->vcpu.kvm))
4428-
sev_es_vcpu_after_set_cpuid(svm);
44294429
}
44304430

44314431
static void sev_es_init_vmcb(struct vcpu_svm *svm)
44324432
{
44334433
struct kvm_sev_info *sev = to_kvm_sev_info(svm->vcpu.kvm);
44344434
struct vmcb *vmcb = svm->vmcb01.ptr;
4435-
struct kvm_vcpu *vcpu = &svm->vcpu;
44364435

44374436
svm->vmcb->control.nested_ctl |= SVM_NESTED_CTL_SEV_ES_ENABLE;
44384437

@@ -4486,11 +4485,6 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm)
44864485

44874486
/* Can't intercept XSETBV, HV can't modify XCR0 directly */
44884487
svm_clr_intercept(svm, INTERCEPT_XSETBV);
4489-
4490-
/* Clear intercepts on MSRs that are context switched by hardware. */
4491-
svm_disable_intercept_for_msr(vcpu, MSR_AMD64_SEV_ES_GHCB, MSR_TYPE_RW);
4492-
svm_disable_intercept_for_msr(vcpu, MSR_EFER, MSR_TYPE_RW);
4493-
svm_disable_intercept_for_msr(vcpu, MSR_IA32_CR_PAT, MSR_TYPE_RW);
44944488
}
44954489

44964490
void sev_init_vmcb(struct vcpu_svm *svm)

0 commit comments

Comments
 (0)