KVM has never properly virtualized EFER.LMSLE. However, when the
"nested" module parameter is set, KVM lets the guest set EFER.LMSLE.
Ostensibly, this is so that SLES11 Xen 4.0 will boot as a nested
hypervisor.
KVM passes EFER.LMSLE to the hardware through the VMCB, so
the setting works most of the time, but the KVM instruction emulator
completely ignores the bit, so incorrect guest behavior is almost
certainly assured.
With Zen3, AMD has abandoned EFER.LMSLE. KVM still allows it, though, as
long as "nested" is set. However, since the hardware doesn't support it,
the next VMRUN after the emulated WRMSR will fail with "invalid VMCB."
My preference would be to simply scrub all references to LMSLE from the
Linux kernel, but I don't want to break any guests that rely in it (on
hardware that supports it).
So, here's a series to clean things up.
I have not been successful in getting new macros into cpufeatures.h in
the past, but I'm going to try again, because I am a glutton for
punishment.
Jim Mattson (5):
x86/cpufeatures: Introduce X86_FEATURE_NO_LMSLE
KVM: svm: Disallow EFER.LMSLE on hardware that doesn't support it
KVM: x86: Report host's X86_FEATURE_NO_LMSLE in
KVM_GET_SUPPORTED_CPUID
KVM: x86: Enforce X86_FEATURE_NO_LMSLE in guest cpuid
KVM: svm: Set X86_FEATURE_NO_LMSLE when !nested
arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/kvm/cpuid.c | 2 +-
arch/x86/kvm/svm/svm.c | 6 +++++-
arch/x86/kvm/x86.c | 3 +++
4 files changed, 10 insertions(+), 2 deletions(-)
--
2.37.3.968.ga6b4b080e4-goog
