Ultimately, it is the responsibility of userspace to configure an
appropriate MSR value for the CPUID it provides its guest. However,
there are a few bits in VMX capability MSRs where KVM intervenes. The
"load IA32_PERF_GLOBAL_CTRL", "load IA32_BNDCFGS", and "clear
IA32_BNDCFGS" bits in the VMX VM-{Entry,Exit} control capability MSRs
are updated every time userspace sets the guest's CPUID. In so doing,
there is an imposed ordering between ioctls, that userspace must set MSR
values *after* setting the guest's CPUID.
Such ordering requirements should be entirely avoided. This series stops
KVM from modifying VMX VM-{Entry,Exit} control capability MSRs when the
CPUID changes. With this series applied, MSR writes from userspace
before and after KVM_SET_CPUID2 are preserved.
This series cleanly applies to 5.17-rc2. Confirmed the bug with the
included selftest, and also verified the fix. Tested with KVM selftests
on a Skylake box.
Oliver Upton (4):
KVM: nVMX: Don't change VM-{Entry,Exit} ctrl MSRs on PMU CPUID update
KVM: nVMX: Don't change VM-{Entry,Exit} ctrl MSRs on MPX CPUID update
selftests: KVM: Add test for "load IA32_PERF_GLOBAL_CTRL" invariance
selftests: KVM: Add test case for "{load/clear} IA32_BNDCFGS"
invariance
arch/x86/kvm/vmx/nested.c | 21 ----
arch/x86/kvm/vmx/nested.h | 1 -
arch/x86/kvm/vmx/pmu_intel.c | 2 -
arch/x86/kvm/vmx/vmx.c | 21 +---
tools/testing/selftests/kvm/.gitignore | 1 +
tools/testing/selftests/kvm/Makefile | 1 +
.../selftests/kvm/include/x86_64/vmx.h | 2 +
.../kvm/x86_64/vmx_capability_msrs_test.c | 119 ++++++++++++++++++
8 files changed, 124 insertions(+), 44 deletions(-)
create mode 100644 tools/testing/selftests/kvm/x86_64/vmx_capability_msrs_test.c
--
2.35.0.rc2.247.g8bbb082509-goog
