From: Like Xu <likexu@xxxxxxxxxxx> KVM may do the "wrong" thing if userspace changes PERF_CAPABILITIES after running the vCPU, i.e. after KVM_RUN. Similar to disallowing CPUID changes after KVM_RUN, KVM should also disallow changing the feature MSRs (conservatively starting from PERF_CAPABILITIES) after KVM_RUN to prevent unexpected behavior. Applying the same logic to most feature msrs in do_set_msr() may reduce the flexibility (one odd but reasonable user space may want per-vcpu control, feature by feature) and also increases the overhead. Suggested-by: Sean Christopherson <seanjc@xxxxxxxxxx> Signed-off-by: Like Xu <likexu@xxxxxxxxxxx> --- arch/x86/kvm/x86.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 33560bfa0cac..3fb933bfb3bd 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -3540,6 +3540,9 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) if (!msr_info->host_initiated) return 1; + if (vcpu->arch.last_vmentry_cpu != -1 && + vcpu->arch.perf_capabilities != data) + return 1; if (kvm_get_msr_feature(&msr_ent)) return 1; if (data & ~msr_ent.data) -- 2.37.1
