KVM: SVM: CSV: Explicitly enable LBR Virtualization after succeed to …

…RECEIVE_ENCRYPT_CONTEXT

hygon inclusion
category: feature
CVE: NA

---------------------------

Before the commit b7e4be0a224f ("KVM: SEV-ES: Delegate LBR
virtualization to the processor"), the LBR Virtualization is enabled
during init VMCB:
    init_vmcb() -> sev_init_vmcb() -> sev_es_init_vmcb()

While the commit b7e4be0a224f ("KVM: SEV-ES: Delegate LBR
virtualization to the processor") enable LBR Virtualization after
succeed to LAUNCH_UPDATE_VMSA for each vCPUs. The process to enable LBR
Virtualization will not be executed in common code path. To ensure the
CSV3 guest to work properly after migrate to target machine, we should
explicitly to enable LBR Virtualization after succeed to
RECEIVE_ENCRYPT_CONTEXT for each vCPUs.

Fixes: b7e4be0a224f ("KVM: SEV-ES: Delegate LBR virtualization to the processor")
Signed-off-by: hanliyang <[email protected]>

arch/x86/kvm/svm/csv.c

@@ -1881,6 +1881,15 @@ static int csv3_receive_encrypt_context(struct kvm *kvm, struct kvm_sev_cmd *arg
 
 		svm->current_vmcb->pa = secure_vmcb_block->vmcb_paddr[i];
 		svm->vcpu.arch.guest_state_protected = true;
+
+		/*
+		 * CSV3 guest mandates LBR Virtualization to be _always_ ON.
+		 * Enable it only after setting guest_state_protected because
+		 * KVM_SET_MSRS allows dynamic toggling of LBRV (for performance
+		 * reason) on write access to MSR_IA32_DEBUGCTLMSR when
+		 * guest_state_protected is not set.
+		 */
+		svm_enable_lbrv(vcpu);
 	}
 
 e_free_shadow_vmcb_block: