On Fri, Sep 25, 2020 at 7:35 AM Alexander Graf <graf@xxxxxxxxxx> wrote: > > It's not desireable to have all MSRs always handled by KVM kernel space. Some > MSRs would be useful to handle in user space to either emulate behavior (like > uCode updates) or differentiate whether they are valid based on the CPU model. > > To allow user space to specify which MSRs it wants to see handled by KVM, > this patch introduces a new ioctl to push filter rules with bitmaps into > KVM. Based on these bitmaps, KVM can then decide whether to reject MSR access. > With the addition of KVM_CAP_X86_USER_SPACE_MSR it can also deflect the > denied MSR events to user space to operate on. > > If no filter is populated, MSR handling stays identical to before. > > Signed-off-by: Alexander Graf <graf@xxxxxxxxxx> Reviewed-by: Aaron Lewis <aaronlewis@xxxxxxxxxx> > > --- > > v2 -> v3: > > - document flags for KVM_X86_ADD_MSR_ALLOWLIST > - generalize exit path, always unlock when returning > - s/KVM_CAP_ADD_MSR_ALLOWLIST/KVM_CAP_X86_MSR_ALLOWLIST/g > - Add KVM_X86_CLEAR_MSR_ALLOWLIST > > v3 -> v4: > - lock allow check and clearing > - free bitmaps on clear >
