This doesn't just wrap guest access, it wraps all access.
On Wed, May 21, 2025, Maxim Levitsky wrote:
> diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
> index 00f2b762710c..b505f3f7e9ab 100644
> --- a/arch/x86/kvm/vmx/nested.c
> +++ b/arch/x86/kvm/vmx/nested.c
> @@ -2653,7 +2653,7 @@ static int prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12,
> if (vmx->nested.nested_run_pending &&
> (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_DEBUG_CONTROLS)) {
> kvm_set_dr(vcpu, 7, vmcs12->guest_dr7);
> - vmcs_write64(GUEST_IA32_DEBUGCTL, vmcs12->guest_ia32_debugctl);
> + vmx_guest_debugctl_write(vcpu, vmcs12->guest_ia32_debugctl);
> } else {
> kvm_set_dr(vcpu, 7, vcpu->arch.dr7);
> vmcs_write64(GUEST_IA32_DEBUGCTL, vmx->nested.pre_vmenter_debugctl);
I think it makes sense to use the accessors for this case as well. Conceptually,
pre_vmenter_debugctl holds the guest value. The fact that it holds the combined
value _as written_ is rather subtle, and could change for the worse, e.g. it'd
be quite unfortunate/hilarious if someone converted the read path to use the
getter, and in doing so introduced a bug.
