diff options
| author | Sean Christopherson <seanjc@google.com> | 2026-05-14 14:31:15 -0700 |
|---|---|---|
| committer | Sean Christopherson <seanjc@google.com> | 2026-05-22 16:29:08 -0700 |
| commit | 8c63179d975f2029c948ecce622f72af616dbff7 (patch) | |
| tree | cfab196dba06a2cfbe177f0e75b3736ddf8509a5 /scripts/stackusage | |
| parent | 7f4b7092d9a173a4271e28c0ed1fc235994e309b (diff) | |
KVM: SVM: Only disable x2AVIC WRMSR interception for MSRs that are accelerated
When x2AVIC is enabled, disable WRMSR interception only for MSRs that are
actually accelerated by hardware. Disabling interception for MSRs that
aren't accelerated is functionally "fine", and in some cases a weird "win"
for performance, but only for cases that should never be triggered by a
well-behaved VM (writes to read-only registers; the #GP will typically
occur in the guest without taking a #VMEXIT, even for fault-like exits).
But overall, disabling interception for MSRs that aren't accelerated is at
best confusing and unintuitive, and at worst introduces avoidable risk, as
the APM's documentation is imperfect and contradictory. The table in
"15.29.3.1 Virtual APIC Register Accesses" of simply states that such
writes generate exits, where as "Section 15.29.10 x2AVIC" says:
x2APIC MSR intercept checks and access checks have higher priority than
AVIC access permission checks.
CPU behavior follows the latter (which makes perfect sense), but all in
all there's simply no reason to disable interception just to make a #GP
faster.
Note, the set of MSRs that are passed through for write is identical to
VMX's set when IPI virtualization is enabled. This is not a coincidence,
and is another motiviating factor for cleaning up the intercepts, as x2AVIC
is functionally equivalent to APICv+IPIv.
Fixes: 4d1d7942e36a ("KVM: SVM: Introduce logic to (de)activate x2AVIC mode")
Cc: stable@vger.kernel.org
Reviewed-by: Naveen N Rao (AMD) <naveen@kernel.org>
Link: https://patch.msgid.link/20260514213115.1637082-4-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Diffstat (limited to 'scripts/stackusage')
0 files changed, 0 insertions, 0 deletions
