diff options
| author | Jim Mattson <jmattson@google.com> | 2018-05-29 12:11:32 -0400 |
|---|---|---|
| committer | Paolo Bonzini <pbonzini@redhat.com> | 2018-06-04 11:52:51 -0400 |
| commit | a943ac50d10aac96dca63d0460365a699d41fdd0 (patch) | |
| tree | 7c95e61065077dd80b39e5f09a1e117a8a9e37c9 | |
| parent | c5ce8235cffa00c207e24210329094d7634bb467 (diff) | |
kvm: nVMX: Restrict VMX capability MSR changes
Disallow changes to the VMX capability MSRs while the vCPU is in VMX
operation. Although this does break the existing API, it helps to
avoid some potentially tricky situations for which there is no
architected behavior.
Signed-off-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| -rw-r--r-- | arch/x86/kvm/vmx.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index aff0f3ee6a1d..55f86eebc780 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c | |||
| @@ -3538,6 +3538,13 @@ static int vmx_set_vmx_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data) | |||
| 3538 | { | 3538 | { |
| 3539 | struct vcpu_vmx *vmx = to_vmx(vcpu); | 3539 | struct vcpu_vmx *vmx = to_vmx(vcpu); |
| 3540 | 3540 | ||
| 3541 | /* | ||
| 3542 | * Don't allow changes to the VMX capability MSRs while the vCPU | ||
| 3543 | * is in VMX operation. | ||
| 3544 | */ | ||
| 3545 | if (vmx->nested.vmxon) | ||
| 3546 | return -EBUSY; | ||
| 3547 | |||
| 3541 | switch (msr_index) { | 3548 | switch (msr_index) { |
| 3542 | case MSR_IA32_VMX_BASIC: | 3549 | case MSR_IA32_VMX_BASIC: |
| 3543 | return vmx_restore_vmx_basic(vmx, data); | 3550 | return vmx_restore_vmx_basic(vmx, data); |