----- krish.sadhukhan@xxxxxxxxxx wrote:
> On 05/29/2018 09:11 AM, Jim Mattson wrote:
> > Disallow changes to the VMX capability MSRs while the vCPU is in
> VMX
> > operation. Although this does break the existing API, it helps to
> > avoid some potentially tricky situations for which there is no
> > architected behavior.
> >
> > Signed-off-by: Jim Mattson <jmattson@xxxxxxxxxx>
> > ---
> > arch/x86/kvm/vmx.c | 7 +++++++
> > 1 file changed, 7 insertions(+)
> >
> > diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> > index e50beb76d846..5ea57442fef9 100644
> > --- a/arch/x86/kvm/vmx.c
> > +++ b/arch/x86/kvm/vmx.c
> > @@ -3538,6 +3538,13 @@ static int vmx_set_vmx_msr(struct kvm_vcpu
> *vcpu, u32 msr_index, u64 data)
> > {
> > struct vcpu_vmx *vmx = to_vmx(vcpu);
> >
> > + /*
> > + * Don't allow changes to the VMX capability MSRs while the vCPU
> > + * is in VMX operation.
> > + */
> > + if (vmx->nested.vmxon)
> > + return -EBUSY;
> > +
> > switch (msr_index) {
> > case MSR_IA32_VMX_BASIC:
> > return vmx_restore_vmx_basic(vmx, data);
> This check can be placed right in vmx_set_msr():
>
> if (!nested_vmx_allowed(vcpu) ||
> (vmx->nested.vmxon))
> return 1;
>
> Other than that,
>
> Reviewed-by: Krish Sadhukhan <krish.sadhukhan@xxxxxxxxxx>
Reviewed-by: Liran Alon <liran.alon@xxxxxxxxxx>
