On Wed, Jun 04, 2025, Paolo Bonzini wrote:
> On 5/30/25 01:40, Sean Christopherson wrote:
> > @@ -1363,8 +1357,9 @@ void svm_leave_nested(struct kvm_vcpu *vcpu)
> > static int nested_svm_exit_handled_msr(struct vcpu_svm *svm)
> > {
> > - u32 offset, msr, value;
> > - int write, mask;
> > + u32 offset, msr;
> > + int write;
> > + u8 value;
> > if (!(vmcb12_is_intercept(&svm->nested.ctl, INTERCEPT_MSR_PROT)))
> > return NESTED_EXIT_HOST;
> > @@ -1372,18 +1367,15 @@ static int nested_svm_exit_handled_msr(struct vcpu_svm *svm)
> > msr = svm->vcpu.arch.regs[VCPU_REGS_RCX];
> > offset = svm_msrpm_offset(msr);
> > write = svm->vmcb->control.exit_info_1 & 1;
> > - mask = 1 << ((2 * (msr & 0xf)) + write);
>
> This is wrong. The bit to read isn't always bit 0 or bit 1, therefore mask
> needs to remain.
/facepalm
Duh. I managed to forget that multiple MSRs are packed into a byte. Hrm, which
means our nSVM test is even more worthless than I thought. I'll see if I can get
it to detect this bug.
