[PATCH] KVM: VMX: Skip filter updates for MSRs that KVM is already intercepting

From: Sean Christopherson
Date: Fri Jun 10 2022 - 17:41:50 EST

Next message: Nick Desaulniers: "Re: [PATCH 2/7] modpost: put get_secindex() call inside sec_name()"
Previous message: Alvin Šipraga: "Re: [PATCH] kbuild: use a pipe rather than process substitution"
Next in thread: Paolo Bonzini: "Re: [PATCH] KVM: VMX: Skip filter updates for MSRs that KVM is already intercepting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When handling userspace MSR filter updates, recompute interception for
possible passthrough MSRs if and only if KVM wants to disabled
interception. If KVM wants to intercept accesses, i.e. the associated
bit is set in vmx->shadow_msr_intercept, then there's no need to set the
intercept again as KVM will intercept the MSR regardless of userspace's
wants.

No functional change intended, the call to vmx_enable_intercept_for_msr()
really is just a gigantic nop.

Suggested-by: Aaron Lewis <aaronlewis@xxxxxxxxxx>
Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
---
arch/x86/kvm/vmx/vmx.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 5e14e4c40007..61962f3c4b28 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -3981,17 +3981,21 @@ static void vmx_msr_filter_changed(struct kvm_vcpu *vcpu)
u32 i;

/*
- * Set intercept permissions for all potentially passed through MSRs
- * again. They will automatically get filtered through the MSR filter,
- * so we are back in sync after this.
+ * Redo intercept permissions for MSRs that KVM is passing through to
+ * the guest. Disabling interception will check the new MSR filter and
+ * ensure that KVM enables interception if usersepace wants to filter
+ * the MSR. MSRs that KVM is already intercepting don't need to be
+ * refreshed since KVM is going to intercept them regardless of what
+ * userspace wants.
*/
for (i = 0; i < ARRAY_SIZE(vmx_possible_passthrough_msrs); i++) {
u32 msr = vmx_possible_passthrough_msrs[i];
- bool read = test_bit(i, vmx->shadow_msr_intercept.read);
- bool write = test_bit(i, vmx->shadow_msr_intercept.write);

- vmx_set_intercept_for_msr(vcpu, msr, MSR_TYPE_R, read);
- vmx_set_intercept_for_msr(vcpu, msr, MSR_TYPE_W, write);
+ if (!test_bit(i, vmx->shadow_msr_intercept.read))
+ vmx_disable_intercept_for_msr(vcpu, msr, MSR_TYPE_R);
+
+ if (!test_bit(i, vmx->shadow_msr_intercept.write))
+ vmx_disable_intercept_for_msr(vcpu, msr, MSR_TYPE_W);
}

pt_update_intercept_for_msr(vcpu);

base-commit: f38fdc2d315b8876ea2faa50cfb3481262e15abf
--
2.36.1.476.g0c4daa206d-goog

Next message: Nick Desaulniers: "Re: [PATCH 2/7] modpost: put get_secindex() call inside sec_name()"
Previous message: Alvin Šipraga: "Re: [PATCH] kbuild: use a pipe rather than process substitution"
Next in thread: Paolo Bonzini: "Re: [PATCH] KVM: VMX: Skip filter updates for MSRs that KVM is already intercepting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]