KVM currently doesn't prevent the guest from setting EFER bits that should be reserved based on the guest's CPUID model. For example, a 64-bit guest kernel can set EFER.LME and enter long mode even if userspace reports X86_FEATURE_LM=0 for its guest. Sean Christopherson (2): KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes KVM: x86: Inject #GP if guest attempts to set unsupported EFER bits arch/x86/kvm/x86.c | 44 +++++++++++++++++++++++++++++++------------- 1 file changed, 31 insertions(+), 13 deletions(-) -- 2.21.0
