On 08/03/19 00:43, Sean Christopherson wrote:
> Commit 1eaafe91a0df ("kvm: x86: IA32_ARCH_CAPABILITIES is always
> supported") unconditionally allowed host userspace to expose
> ARCH_CAPABILITIES to the guest "Since the IA32_ARCH_CAPABILITIES MSR is
> emulated in kvm". Unfortunately, that assertion is only partially true.
> KVM only emulates the SKIP_VMENTRY_L1DFLUSH capability, everything else
> enumerated in MSR_IA32_ARCH_CAPABILITIES relies on hardware support.
> And on AMD, the MSR is not emulated at all. Fix the bugs to avoid
> inducing faults and bad behavior in the guest due to advertising support
> that doesn't exist.
>
> Sean Christopherson (2):
> KVM: x86: enforce MSR_IA32_ARCH_CAPABILITIES value set by userspace
> KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts
>
> arch/x86/include/asm/kvm_host.h | 1 +
> arch/x86/kvm/vmx/vmx.c | 13 -------------
> arch/x86/kvm/vmx/vmx.h | 1 -
> arch/x86/kvm/x86.c | 13 +++++++++++++
> 4 files changed, 14 insertions(+), 14 deletions(-)
>
Queued patch 2 for after the merge window, with
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 5f03b7758a1e..2186d01d7ded 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -2444,8 +2444,7 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
vcpu->arch.microcode_version = data;
break;
case MSR_IA32_ARCH_CAPABILITIES:
- if (!msr_info->host_initiated ||
- (data & ~kvm_get_arch_capabilities()))
+ if (!msr_info->host_initiated)
return 1;
vcpu->arch.arch_capabilities = data;
break;
Paolo
