kvm: nVMX: Restrict VMX capability MSR changes

Disallow changes to the VMX capability MSRs while the vCPU is in VMX operation. Although this does break the existing API, it helps to avoid some potentially tricky situations for which there is no architected behavior. Signed-off-by: N Jim Mattson <jmattson@google.com> Reviewed-by: N Krish Sadhukhan <krish.sadhukhan@oracle.com> Signed-off-by: N Paolo Bonzini <pbonzini@redhat.com>

kvm: nVMX: Restrict VMX capability MSR changes
Disallow changes to the VMX capability MSRs while the vCPU is in VMX operation. Although this does break the existing API, it helps to avoid some potentially tricky situations for which there is no architected behavior. Signed-off-by: N Jim Mattson <jmattson@google.com> Reviewed-by: N Krish Sadhukhan <krish.sadhukhan@oracle.com> Signed-off-by: N Paolo Bonzini <pbonzini@redhat.com>
a943ac50 · Jim Mattson · Paolo Bonzini · c5ce8235 · a943ac50
隐藏空白更改
内联并排

Showing with 7 addition and 0 deletion

arch/x86/kvm/vmx.c arch/x86/kvm/vmx.c +7 -0

未找到文件。
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -3538,6 +3538,13 @@ static int vmx_set_vmx_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data)
 {
 	struct vcpu_vmx *vmx = to_vmx(vcpu);
+	/*
+	 * Don't allow changes to the VMX capability MSRs while the vCPU
+	 * is in VMX operation.
+	 */
+	if (vmx->nested.vmxon)
+		return -EBUSY;
 	switch (msr_index) {
 	case MSR_IA32_VMX_BASIC:
 		return vmx_restore_vmx_basic(vmx, data);