Clean up KVM's MSR interception code (especially the SVM code, which is all kinds of ugly). The main goals are to: - Make the SVM and VMX APIs consistent (and sane; the current SVM APIs have inverted polarity). - Eliminate the shadow bitmaps that are used to determine intercepts on userspace MSR filter update. Folks that are explicitly Cc'd, my plan/hope is to apply this in advance of landing the CET virtualization and mediated PMU series, so that we don't need to deal with extended the shadow bitmaps. Any reviews/testing you can provide to help make that happen would be greatly appreciated. Note, this is a spiritual successor to the "Unify MSR intercepts in x86" series that was posted last year[*], but I started the versioning back at v1 as very, very little of the code actually survived, and there's obviously no true unification in this series. That series also had several bugs (that were never pointed out on list), so I wanted to make a clean break. FWIW, I still like the _idea_ of unified code, but with the shadow bitmaps gone, it's not actually that much code, and the logic isn't all that complex. In the end, I couldn't convince myself that unifying that small amount of logic was worth taking on the complexity of generating and passing around bit numbers and bitmap pointers to common code (or adding 4 more kvm_x86_ops hooks). [*] https://lore.kernel.org/kvm/20241127201929.4005605-1-aaronlewis@xxxxxxxxxx Sean Christopherson (28): KVM: SVM: Don't BUG if setting up the MSR intercept bitmaps fails KVM: SVM: Tag MSR bitmap initialization helpers with __init KVM: SVM: Use ARRAY_SIZE() to iterate over direct_access_msrs KVM: SVM: Kill the VM instead of the host if MSR interception is buggy KVM: x86: Use non-atomic bit ops to manipulate "shadow" MSR intercepts KVM: SVM: Massage name and param of helper that merges vmcb01 and vmcb12 MSRPMs KVM: SVM: Clean up macros related to architectural MSRPM definitions KVM: nSVM: Use dedicated array of MSRPM offsets to merge L0 and L1 bitmaps KVM: nSVM: Omit SEV-ES specific passthrough MSRs from L0+L1 bitmap merge KVM: nSVM: Don't initialize vmcb02 MSRPM with vmcb01's "always passthrough" KVM: SVM: Add helpers for accessing MSR bitmap that don't rely on offsets KVM: SVM: Implement and adopt VMX style MSR intercepts APIs KVM: SVM: Pass through GHCB MSR if and only if VM is an SEV-ES guest KVM: SVM: Drop "always" flag from list of possible passthrough MSRs KVM: x86: Move definition of X2APIC_MSR() to lapic.h KVM: VMX: Manually recalc all MSR intercepts on userspace MSR filter change KVM: SVM: Manually recalc all MSR intercepts on userspace MSR filter change KVM: x86: Rename msr_filter_changed() => recalc_msr_intercepts() KVM: SVM: Rename init_vmcb_after_set_cpuid() to make it intercepts specific KVM: SVM: Fold svm_vcpu_init_msrpm() into its sole caller KVM: SVM: Merge "after set CPUID" intercept recalc helpers KVM: SVM: Drop explicit check on MSRPM offset when emulating SEV-ES accesses KVM: SVM: Move svm_msrpm_offset() to nested.c KVM: SVM: Store MSRPM pointer as "void *" instead of "u32 *" KVM: nSVM: Access MSRPM in 4-byte chunks only for merging L0 and L1 bitmaps KVM: SVM: Return -EINVAL instead of MSR_INVALID to signal out-of-range MSR KVM: nSVM: Merge MSRPM in 64-bit chunks on 64-bit kernels KVM: selftests: Verify KVM disable interception (for userspace) on filter change arch/x86/include/asm/kvm-x86-ops.h | 2 +- arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/kvm/lapic.h | 2 + arch/x86/kvm/svm/nested.c | 128 +++-- arch/x86/kvm/svm/sev.c | 29 +- arch/x86/kvm/svm/svm.c | 449 ++++++------------ arch/x86/kvm/svm/svm.h | 107 ++++- arch/x86/kvm/vmx/main.c | 6 +- arch/x86/kvm/vmx/vmx.c | 179 ++----- arch/x86/kvm/vmx/vmx.h | 9 - arch/x86/kvm/vmx/x86_ops.h | 2 +- arch/x86/kvm/x86.c | 8 +- .../kvm/x86/userspace_msr_exit_test.c | 8 + 13 files changed, 408 insertions(+), 523 deletions(-) base-commit: 3f7b307757ecffc1c18ede9ee3cf9ce8101f3cc9 -- 2.49.0.1204.g71687c7c1d-goog
