On Mon, Jun 27, 2022, Dong, Eddie wrote:
> > static inline void lname##_controls_clearbit(struct vcpu_vmx *vmx, u##bits
> > val) \
> > {
> > \
> > + BUILD_BUG_ON(!(val & (KVM_REQ_VMX_##uname |
> > KVM_OPT_VMX_##uname))); \
> > lname##_controls_set(vmx, lname##_controls_get(vmx) & ~val);
> > \
> > }
>
> With this, will it be safer if we present L1 CTRL MSRs with the bits KVM
> really uses? Do I miss something?
KVM will still allow L1 to use features/controls that KVM itself doesn't use, but
exposing features/controls that KVM doesn't use will require a more explicit
"override" of sorts, e.g. to prevent advertising features that are supported in
hardware, known to KVM, but disabled for whatever reason, e.g. a CPU bug, eVMCS
incompatibility, module param, etc...
The intent of this BUILD_BUG_ON() is to detect KVM usage of bits that aren't enabled
by default, i.e. to lower the probability that a control gets used by KVM but isn't
exposed to L1 because it's a dynamically enabled control.
