On Thu Jan 22, 2026 at 7:19 PM CET, Andrew Cooper wrote: > On 22/01/2026 5:42 pm, Alejandro Vallejo wrote: >> On Thu Jan 22, 2026 at 6:10 PM CET, Andrew Cooper wrote: >>> On 22/01/2026 4:49 pm, Alejandro Vallejo wrote: >>>> Open question unrelated to the series: Does it make sense to >>>> conditionalise the >>>> MSR handlers for non intercepted MSRs on HVM_FEP? >>> I'm not quite sure what you're asking here. >>> >>> ~Andrew >> The handlers for LSTAR and the like are dead code with !CONFIG_HVM_FEP as far >> as I can tell. The question I'm asking is whether there is another code path >> that might invoke MSR handlers for non-intercepted MSRs. I can't see it, but >> I'm not sure. >> >> If there isn't I'm considering (conditionally) getting rid of them. > > Introspection can (and HVMI does) hook them. Changes to LSTAR during > runtime is usually an exploit in progress. > > Nested virt also makes it far more complicated to reason about > "intercepted or not", given that there are multiple opinions merged > together. > > ~Andrew
nSVM definitely would trigger those, ta. Conditionally removing nSVM is in our roadmap, and VMI is already gated on ALTP2M. I'll put this on the pile somewhere. Cheers, Alejandro
