> > #ifdef CONFIG_X86_64 > > MSR_CSTAR, MSR_KERNEL_GS_BASE, MSR_SYSCALL_MASK, MSR_LSTAR, > >+ MSR_IA32_FRED_RSP0, MSR_IA32_FRED_RSP1, MSR_IA32_FRED_RSP2, > >+ MSR_IA32_FRED_RSP3, MSR_IA32_FRED_STKLVLS, MSR_IA32_FRED_SSP1, > >+ MSR_IA32_FRED_SSP2, MSR_IA32_FRED_SSP3, MSR_IA32_FRED_CONFIG, > > Need to handle the case where FRED MSRs are valid but KVM cannot virtualize > FRED, see kvm_probe_msr_to_save(). Will take care of it, thanks for reminding. > > #endif > > MSR_IA32_TSC, MSR_IA32_CR_PAT, MSR_VM_HSAVE_PA, > > MSR_IA32_FEAT_CTL, MSR_IA32_BNDCFGS, MSR_TSC_AUX, @@ -1890,6 > +1893,16 > >@@ static int __kvm_set_msr(struct kvm_vcpu *vcpu, u32 index, u64 data, > > > > data = (u32)data; > > break; > >+ case MSR_IA32_FRED_RSP0 ... MSR_IA32_FRED_CONFIG: > >+ if (host_initiated || guest_cpuid_has(vcpu, X86_FEATURE_FRED)) > >+ break; > > Nothing guarantees FRED MSRs/VMCS fields exist on the hardware here. Probably > use guest_cpu_cap_has()*. Ah, my bad! > *: https://lore.kernel.org/kvm/20231110235528.1561679-1-seanjc@xxxxxxxxxx > >+ > >+ /* > >+ * Inject #GP upon FRED MSRs accesses from a non-FRED guest to > >+ * make sure no malicious guest can write to FRED MSRs thus to > >+ * corrupt host FRED MSRs. > >+ */ > > I think injecting #GP here is simply because KVM should emulate hardware > behavior. To me, preventing guest from corrupting FRED MSRs is at most a > byproduct. I prefer to drop the comment. >From security POV, this is important to mention.
