If an MSR is not permitted to be filtered and deflected to userspace,
don't then allow it to be deflected to userspace by other means. If an
MSR that cannot be filtered #GP's, and KVM is configured to send all
MSRs that #GP to userspace, that MSR will be sent to userspace as well.
Prevent that from happening by filtering out disallowed MSRs from being
deflected to userspace.
Signed-off-by: Aaron Lewis <aaronlewis@xxxxxxxxxx>
---
arch/x86/kvm/x86.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 031678eff28e..a84741f7d254 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -1712,6 +1712,15 @@ void kvm_enable_efer_bits(u64 mask)
}
EXPORT_SYMBOL_GPL(kvm_enable_efer_bits);
+bool kvm_msr_filtering_disallowed(u32 index)
+{
+ /* x2APIC MSRs do not support filtering. */
+ if (index >= 0x800 && index <= 0x8ff)
+ return true;
+
+ return false;
+}
+
bool kvm_msr_allowed(struct kvm_vcpu *vcpu, u32 index, u32 type)
{
struct kvm_x86_msr_filter *msr_filter;
@@ -1721,8 +1730,8 @@ bool kvm_msr_allowed(struct kvm_vcpu *vcpu, u32 index, u32 type)
int idx;
u32 i;
- /* x2APIC MSRs do not support filtering. */
- if (index >= 0x800 && index <= 0x8ff)
+ /* Prevent certain MSRs from using MSR Filtering. */
+ if (kvm_msr_filtering_disallowed(index))
return true;
idx = srcu_read_lock(&kvm->srcu);
@@ -1962,6 +1971,9 @@ static int kvm_msr_user_space(struct kvm_vcpu *vcpu, u32 index,
if (!(vcpu->kvm->arch.user_space_msr_mask & msr_reason))
return 0;
+ if (kvm_msr_filtering_disallowed(index))
+ return 0;
+
vcpu->run->exit_reason = exit_reason;
vcpu->run->msr.error = 0;
memset(vcpu->run->msr.pad, 0, sizeof(vcpu->run->msr.pad));
--
2.37.0.rc0.161.g10f37bed90-goog
