diff --git a/arch/x86/kvm/svm/csv.c b/arch/x86/kvm/svm/csv.c
index f9d675aaa917a4b53c3c33eaa4df4a4021e12a44..f6e8a97678affe334f501f11951fc9fb830f3f26 100644
--- a/arch/x86/kvm/svm/csv.c
+++ b/arch/x86/kvm/svm/csv.c
@@ -789,9 +789,19 @@ static int csv_receive_update_vmsa(struct kvm *kvm, struct kvm_sev_cmd *argp)
 	ret = hygon_kvm_hooks.sev_issue_cmd(kvm, SEV_CMD_RECEIVE_UPDATE_VMSA,
 					    vmsa, &argp->error);
 
-	if (!ret)
+	if (!ret) {
 		vcpu->arch.guest_state_protected = true;
 
+		/*
+		 * CSV2 guest mandates LBR Virtualization to be _always_ ON.
+		 * Enable it only after setting guest_state_protected because
+		 * KVM_SET_MSRS allows dynamic toggling of LBRV (for performance
+		 * reason) on write access to MSR_IA32_DEBUGCTLMSR when
+		 * guest_state_protected is not set.
+		 */
+		svm_enable_lbrv(vcpu);
+	}
+
 	kfree(vmsa);
 e_free_trans:
 	kfree(trans);
@@ -1249,6 +1259,15 @@ static int csv3_launch_encrypt_vmcb(struct kvm *kvm, struct kvm_sev_cmd *argp)
 
 		svm->current_vmcb->pa = encrypt_vmcb->secure_vmcb_addr;
 		svm->vcpu.arch.guest_state_protected = true;
+
+		/*
+		 * CSV3 guest mandates LBR Virtualization to be _always_ ON.
+		 * Enable it only after setting guest_state_protected because
+		 * KVM_SET_MSRS allows dynamic toggling of LBRV (for performance
+		 * reason) on write access to MSR_IA32_DEBUGCTLMSR when
+		 * guest_state_protected is not set.
+		 */
+		svm_enable_lbrv(vcpu);
 	}
 
 e_free:
@@ -1775,6 +1794,15 @@ static int csv3_receive_encrypt_context(struct kvm *kvm, struct kvm_sev_cmd *arg
 
 		svm->current_vmcb->pa = secure_vmcb_block->vmcb_paddr[i];
 		svm->vcpu.arch.guest_state_protected = true;
+
+		/*
+		 * CSV3 guest mandates LBR Virtualization to be _always_ ON.
+		 * Enable it only after setting guest_state_protected because
+		 * KVM_SET_MSRS allows dynamic toggling of LBRV (for performance
+		 * reason) on write access to MSR_IA32_DEBUGCTLMSR when
+		 * guest_state_protected is not set.
+		 */
+		svm_enable_lbrv(vcpu);
 	}
 
 e_free_shadow_vmcb_block:
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index f2710d7ed7ed87c5624daead25656c76446ed117..36ea5d0c0a65baa1dc87e2f8ae0376a62d12ddaa 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -163,6 +163,13 @@ static int sev_asid_new(struct kvm_sev_info *sev)
 	bool retry = true;
 	int ret;
 
+	/*
+	 * No matter what the min_sev_asid is, all asids in range
+	 * [1, max_sev_asid] can be used for CSV2 guest on Hygon CPUs.
+	 */
+	if (boot_cpu_data.x86_vendor == X86_VENDOR_HYGON)
+		max_asid = max_sev_asid;
+
 	if (min_asid > max_asid)
 		return -ENOTTY;
 
@@ -205,12 +212,6 @@ static int sev_asid_new(struct kvm_sev_info *sev)
 	}
 #endif
 
-	/*
-	 * No matter what the min_sev_asid is, all asids in range
-	 * [1, max_sev_asid] can be used for CSV2 guest on Hygon CPUs.
-	 */
-	if (is_x86_vendor_hygon())
-		max_asid = max_sev_asid;
 again:
 	asid = find_next_zero_bit(sev_asid_bitmap, max_asid + 1, min_asid);
 	if (asid > max_asid) {