> +/* > + * List of MSRs that can be directly passed to the guest. > + * In addition to these x2apic and PT MSRs are handled specially. > + */ > +static u32 vmx_possible_passthrough_msrs[MAX_POSSIBLE_PASSGHROUGH_MSRS] = { MAX_POSSIBLE_PASSGHROUGH_MSRS should be MAX_POSSIBLE_PASSTHROUGH_MSRS > + MSR_IA32_SPEC_CTRL, > + MSR_IA32_PRED_CMD, > + MSR_IA32_TSC, > + MSR_FS_BASE, > + MSR_GS_BASE, > + MSR_KERNEL_GS_BASE, > + MSR_IA32_SYSENTER_CS, > + MSR_IA32_SYSENTER_ESP, > + MSR_IA32_SYSENTER_EIP, > + MSR_CORE_C1_RES, > + MSR_CORE_C3_RESIDENCY, > + MSR_CORE_C6_RESIDENCY, > + MSR_CORE_C7_RESIDENCY, > +}; Is there any reason not to construct this list on the fly? That could help prevent the list from becoming stale over time if this is missed when calls to vmx_disable_intercept_for_msr() are added. > + > /* > * These 2 parameters are used to config the controls for Pause-Loop Exiting: > * ple_gap: upper bound on the amount of time between two successive > @@ -622,6 +642,41 @@ static inline bool report_flexpriority(void) > return flexpriority_enabled; > } One thing that seems to be missing is removing MSRs from the permission bitmap or resetting the permission bitmap to its original state before adding changes on top of it. This would be needed on subsequent calls to kvm_vm_ioctl_set_msr_filter(). When that happens the original changes made by KVM_REQ_MSR_FILTER_CHANGED need to be backed out before applying the new set.