Re: [PATCH V2 01/11] target/i386: Disable unsupported BTS for guest

[Xiaoyao Li]

On 1/29/2026 7:09 AM, Zide Chen wrote:
BTS (Branch Trace Store), enumerated by IA32_MISC_ENABLE.BTS_UNAVAILABLE
(bit 11), is deprecated and has been superseded by LBR and Intel PT.
KVM yields control of the above mentioned bit to userspace since KVM
commit 9fc222967a39 ("KVM: x86: Give host userspace full control of
MSR_IA32_MISC_ENABLES").

However, QEMU does not set this bit, which allows guests to write the
BTS and BTINT bits in IA32_DEBUGCTL.  Since KVM doesn't support BTS,
this may lead to unexpected MSR access errors.

Signed-off-by: Zide Chen <zide.c...@intel.com>

Since the patch is handling BTS,

Reviewed-by: Xiaoyao Li <xiaoyao...@intel.com>


Besides, I'm curious about the (legacy) PEBS enable.

Before KVM commit 9fc222967a39, BTS_UNAVAIL and PEBS_UNAVAIL in 
MISC_ENABLES are maintained by KVM and userspace cannot change them. KVM 
keeps MISC_ENABLES.PEBS_UNAVAIL set when

  !(vcpu->arch.perf_capabilities & PERF_CAP_PEBS_FORMAT)

After KVM commit 9fc222967a39, it's userspace's responsibility to set 
correct value for MSR_IA32_MISC_EANBLES. So, if PEBS is not exposed to 
guest, QEMU should set MISC_ENABLE_PEBS_UNAVAIL. But I don't see such 
logic in QEMU. (Maybe the later patch in this series will handle it, let 
me keep reading.)

---
V2:
- Address Dapeng's comments.
- Remove mention of VMState version_id from the commit message.

  target/i386/cpu.h | 5 ++++-
  1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 2bbc977d9088..f02812bfd19f 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -474,8 +474,11 @@ typedef enum X86Seg {
  
  #define MSR_IA32_MISC_ENABLE            0x1a0
  /* Indicates good rep/movs microcode on some processors: */
-#define MSR_IA32_MISC_ENABLE_DEFAULT    1
+#define MSR_IA32_MISC_ENABLE_FASTSTRING    (1ULL << 0)
+#define MSR_IA32_MISC_ENABLE_BTS_UNAVAIL   (1ULL << 11)
  #define MSR_IA32_MISC_ENABLE_MWAIT      (1ULL << 18)
+#define MSR_IA32_MISC_ENABLE_DEFAULT    (MSR_IA32_MISC_ENABLE_FASTSTRING     |\

Nit, we usually add a space before "\"

+                                         MSR_IA32_MISC_ENABLE_BTS_UNAVAIL)
  
  #define MSR_MTRRphysBase(reg)           (0x200 + 2 * (reg))
  #define MSR_MTRRphysMask(reg)           (0x200 + 2 * (reg) + 1)