Re: [PATCH v2 2/5] KVM: SVM: Always intercept RDMSR for TMCCT (current APIC timer count)

[Naveen N Rao]

On Wed, May 06, 2026 at 11:47:43AM -0700, Sean Christopherson wrote:
> Explicitly intercept RDMSR for TMMCT, a.k.a. the current APIC timer count,
> when x2AVIC is enabled, as TMMCT reads aren't accelerated by hardware.

s/TMMCT/TMCCT for the above two lines.

> Disabling interception is suboptimal as the RDMSR generates an
> AVIC_UNACCELERATED_ACCESS fault #VMEXIT, which forces KVM to decode the
> instruction to figure out what the guest was trying to access.
> 
> Note, the only reason this isn't a fatal bug is that the AVIC architecture
> had the foresight to guard against buggy hypervisors.  E.g. if hardware
> simply read from the virtual APIC page, the guest would get garbage.
> 
> Fixes: 4d1d7942e36a ("KVM: SVM: Introduce logic to (de)activate x2AVIC mode")
> Cc: stable@xxxxxxxxxxxxxxx
> Cc: Naveen N Rao (AMD) <naveen@xxxxxxxxxx>
> Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
> ---
>  arch/x86/kvm/svm/avic.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/arch/x86/kvm/svm/avic.c b/arch/x86/kvm/svm/avic.c
> index 4f203e503e8e..d693c9ff9f18 100644
> --- a/arch/x86/kvm/svm/avic.c
> +++ b/arch/x86/kvm/svm/avic.c
> @@ -172,6 +172,9 @@ static void avic_set_x2apic_msr_interception(struct vcpu_svm *svm,
>  		svm_set_intercept_for_msr(vcpu, APIC_BASE_MSR + i,
>  					  MSR_TYPE_R, intercept);
>  
> +	if (!intercept)
> +		svm_enable_intercept_for_msr(vcpu, X2APIC_MSR(APIC_TMCCT), MSR_TYPE_R);
> +

Nit: I'm thinking it might be better to roll this into the previous 
loop. That way, all MSR_TYPE_R intercepts are setup in one place and we 
don't need to parse the if (!intercept) condition..

Something like this?

diff --git a/arch/x86/kvm/svm/avic.c b/arch/x86/kvm/svm/avic.c
index c5d46c0d2403..f292cba45e07 100644
--- a/arch/x86/kvm/svm/avic.c
+++ b/arch/x86/kvm/svm/avic.c
@@ -136,11 +136,9 @@ static void avic_set_x2apic_msr_interception(struct vcpu_svm *svm,

        for_each_set_bit(i, (unsigned long *)&x2apic_readable_mask,
                         BITS_PER_TYPE(x2apic_readable_mask))
-               svm_set_intercept_for_msr(vcpu, APIC_BASE_MSR + i,
-                                         MSR_TYPE_R, intercept);
-
-       if (!intercept)
-               svm_enable_intercept_for_msr(vcpu, X2APIC_MSR(APIC_TMCCT), MSR_TYPE_R);
+               if (APIC_BASE_MSR + i != X2APIC_MSR(APIC_TMCCT))
+                       svm_set_intercept_for_msr(vcpu, APIC_BASE_MSR + i,
+                                                 MSR_TYPE_R, intercept);


- Naveen