On Thu, Mar 07, 2019 at 03:43:01PM -0800, Sean Christopherson wrote:
> For all intents and purposes, MSR_IA32_ARCH_CAPABILITIES is a CPUID
> feature leaf. Now that it is emulated, give it the same treatment we
> give CPUID leafs with a mixture of emulated and hardware-only features
> and reject attempts by host userspace to expose features to the guest
> that are not supported by KVM, i.e. are not supported in hardware and
> are not emulated by KVM.
>
> Fixes: 1eaafe91a0df4 ("kvm: x86: IA32_ARCH_CAPABILITIES is always supported")
Doh, this should be:
Fixes: 28c1c9fabf48 ("KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES")
> Cc: Jim Mattson <jmattson@xxxxxxxxxx>
> Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
> ---
> arch/x86/kvm/vmx/vmx.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> index 7aade2dd1da8..2a86d296c90f 100644
> --- a/arch/x86/kvm/vmx/vmx.c
> +++ b/arch/x86/kvm/vmx/vmx.c
> @@ -1895,7 +1895,8 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
> MSR_TYPE_W);
> break;
> case MSR_IA32_ARCH_CAPABILITIES:
> - if (!msr_info->host_initiated)
> + if (!msr_info->host_initiated ||
> + (data & ~kvm_get_arch_capabilities()))
> return 1;
> vmx->arch_capabilities = data;
> break;
> --
> 2.21.0
>
