Posting as an RFC to get feedback whether it's too late to protect the unused flag bits. My hope is this feature is still new enough, and not widely used enough, and this change is reasonable enough to be able to be corrected. These bits should have been protected from the start, but unfortunately they were not. Other approaches to fixing this could be to fix it with a quirk, or the tried and true KVM method of adding a "2" (e.g. KVM_CAP_X86_USER_SPACE_MSR2). Both approaches, however, complicate the code more than it would otherwise be if the original feature could be patched. For long term simplicity my hope is to be able to just patch the original change. Note: Patch 1/4 does not change the ABI and patch 3/4 does not contain functional changes, so they are not labeled as RFCs. v2 -> v3 - Added patch 1/4 to prevent the kernel from using the flag KVM_MSR_FILTER_DEFAULT_ALLOW. - Cleaned up the selftest code based on feedback. v1 -> v2 - Added valid masks KVM_MSR_FILTER_VALID_MASK and KVM_MSR_EXIT_REASON_VALID_MASK. - Added patch 2/3 to add valid mask KVM_MSR_FILTER_RANGE_VALID_MASK, and use it. - Added testing to demonstrate flag protection when calling the ioctl for KVM_X86_SET_MSR_FILTER or KVM_CAP_X86_USER_SPACE_MSR. Aaron Lewis (4): KVM: x86: Do not allow use of the MSR filter allow flag in the kernel KVM: x86: Protect the unused bits in the MSR filtering / exiting flags KVM: x86: Add a VALID_MASK for the flags in kvm_msr_filter_range selftests: kvm/x86: Test the flags in MSR filtering / exiting arch/x86/include/uapi/asm/kvm.h | 5 ++ arch/x86/kvm/x86.c | 8 +- include/uapi/linux/kvm.h | 3 + .../kvm/x86_64/userspace_msr_exit_test.c | 85 +++++++++++++++++++ 4 files changed, 100 insertions(+), 1 deletion(-) -- 2.37.1.359.gd136c6c3e2-goog
