On Fri, Jun 10, 2022 at 02:04:49PM -0700,
Sagi Shahar <sagis@xxxxxxxxxx> wrote:
> On Thu, May 5, 2022 at 11:16 AM <isaku.yamahata@xxxxxxxxx> wrote:
> >
> > From: Isaku Yamahata <isaku.yamahata@xxxxxxxxx>
> >
> > Wire up TDX PV rdmsr/wrmsr hypercall to the KVM backend function.
> >
> > Signed-off-by: Isaku Yamahata <isaku.yamahata@xxxxxxxxx>
> > Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
> > ---
> > arch/x86/kvm/vmx/tdx.c | 37 +++++++++++++++++++++++++++++++++++++
> > 1 file changed, 37 insertions(+)
> >
> > diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
> > index f46825843a8b..1518a8c310d6 100644
> > --- a/arch/x86/kvm/vmx/tdx.c
> > +++ b/arch/x86/kvm/vmx/tdx.c
> > @@ -1169,6 +1169,39 @@ static int tdx_emulate_mmio(struct kvm_vcpu *vcpu)
> > return 1;
> > }
> >
> > +static int tdx_emulate_rdmsr(struct kvm_vcpu *vcpu)
> > +{
> > + u32 index = tdvmcall_a0_read(vcpu);
> > + u64 data;
> > +
> > + if (kvm_get_msr(vcpu, index, &data)) {
>
> kvm_get_msr and kvm_set_msr used to check the MSR permissions using
> kvm_msr_allowed but that behaviour changed in "KVM: x86: Only do MSR
> filtering when access MSR by rdmsr/wrmsr".
>
> Now kvm_get_msr and kvm_set_msr skip these checks and will allow
> access regardless of the permissions in the msr_filter.
>
> These should be changed to kvm_get_msr_with_filter and
> kvm_set_msr_with_filter or something similar that checks permissions
> for MSR access.
Thanks for pointing it out. I fixed it as adding kvm_msr_allowed()
--
Isaku Yamahata <isaku.yamahata@xxxxxxxxx>
