For all intents and purposes, MSR_IA32_ARCH_CAPABILITIES is a CPUID
feature leaf. Now that it is emulated, give it the same treatment we
give CPUID leafs with a mixture of emulated and hardware-only features
and reject attempts by host userspace to expose features to the guest
that are not supported by KVM, i.e. are not supported in hardware and
are not emulated by KVM.
Fixes: 1eaafe91a0df4 ("kvm: x86: IA32_ARCH_CAPABILITIES is always supported")
Cc: Jim Mattson <jmattson@xxxxxxxxxx>
Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
---
arch/x86/kvm/vmx/vmx.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 7aade2dd1da8..2a86d296c90f 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -1895,7 +1895,8 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
MSR_TYPE_W);
break;
case MSR_IA32_ARCH_CAPABILITIES:
- if (!msr_info->host_initiated)
+ if (!msr_info->host_initiated ||
+ (data & ~kvm_get_arch_capabilities()))
return 1;
vmx->arch_capabilities = data;
break;
--
2.21.0
