[v2,1/2] kvm: nVMX: Restrict VMX capability MSR changes

Message ID	20180529161133.206604-1-jmattson@google.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <kvm-owner@kernel.org> MIME-Version: 1.0 Date: Tue, 29 May 2018 09:11:32 -0700 In-Reply-To: <20180502175730.102024-1-jmattson@google.com> Message-Id: <20180529161133.206604-1-jmattson@google.com> References: <20180502175730.102024-1-jmattson@google.com> Subject: [PATCH v2 1/2] kvm: nVMX: Restrict VMX capability MSR changes From: Jim Mattson <jmattson@google.com> To: kvm@vger.kernel.org, Paolo Bonzini <pbonzini@redhat.com>, Liran Alon <liran.alon@oracle.com> Cc: Jim Mattson <jmattson@google.com> Content-Type: text/plain; charset="UTF-8" Sender: kvm-owner@vger.kernel.org Precedence: bulk

Message ID

20180529161133.206604-1-jmattson@google.com (mailing list archive)

State

New, archived

Headers

MIME-Version: 1.0
Date: Tue, 29 May 2018 09:11:32 -0700
In-Reply-To: <20180502175730.102024-1-jmattson@google.com>
Message-Id: <20180529161133.206604-1-jmattson@google.com>
References: <20180502175730.102024-1-jmattson@google.com>
Subject: [PATCH v2 1/2] kvm: nVMX: Restrict VMX capability MSR changes
From: Jim Mattson <jmattson@google.com>
To: kvm@vger.kernel.org, Paolo Bonzini <pbonzini@redhat.com>,
	Liran Alon <liran.alon@oracle.com>
Cc: Jim Mattson <jmattson@google.com>
Content-Type: text/plain; charset="UTF-8"
Sender: kvm-owner@vger.kernel.org
Precedence: bulk

Commit Message

Jim Mattson May 29, 2018, 4:11 p.m. UTC

Disallow changes to the VMX capability MSRs while the vCPU is in VMX
operation. Although this does break the existing API, it helps to
avoid some potentially tricky situations for which there is no
architected behavior.

Signed-off-by: Jim Mattson <jmattson@google.com>
---
 arch/x86/kvm/vmx.c | 7 +++++++
 1 file changed, 7 insertions(+)

Comments

Krish Sadhukhan May 30, 2018, 5:14 p.m. UTC | #1

On 05/29/2018 09:11 AM, Jim Mattson wrote:
> Disallow changes to the VMX capability MSRs while the vCPU is in VMX
> operation. Although this does break the existing API, it helps to
> avoid some potentially tricky situations for which there is no
> architected behavior.
>
> Signed-off-by: Jim Mattson <jmattson@google.com>
> ---
>   arch/x86/kvm/vmx.c | 7 +++++++
>   1 file changed, 7 insertions(+)
>
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index e50beb76d846..5ea57442fef9 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -3538,6 +3538,13 @@ static int vmx_set_vmx_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data)
>   {
>   	struct vcpu_vmx *vmx = to_vmx(vcpu);
>   
> +	/*
> +	 * Don't allow changes to the VMX capability MSRs while the vCPU
> +	 * is in VMX operation.
> +	 */
> +	if (vmx->nested.vmxon)
> +		return -EBUSY;
> +
>   	switch (msr_index) {
>   	case MSR_IA32_VMX_BASIC:
>   		return vmx_restore_vmx_basic(vmx, data);
This check can be placed right in vmx_set_msr():

                         if (!nested_vmx_allowed(vcpu)  || 
(vmx->nested.vmxon))
                                 return 1;

Other than that,

Reviewed-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index e50beb76d846..5ea57442fef9 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -3538,6 +3538,13 @@  static int vmx_set_vmx_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data)
 {
 	struct vcpu_vmx *vmx = to_vmx(vcpu);
 
+	/*
+	 * Don't allow changes to the VMX capability MSRs while the vCPU
+	 * is in VMX operation.
+	 */
+	if (vmx->nested.vmxon)
+		return -EBUSY;
+
 	switch (msr_index) {
 	case MSR_IA32_VMX_BASIC:
 		return vmx_restore_vmx_basic(vmx, data);

[v2,1/2] kvm: nVMX: Restrict VMX capability MSR changes

Commit Message

Comments

Patch