kvm: nVMX: Restrict VMX capability MSR changes

Disallow changes to the VMX capability MSRs while the vCPU is in VMX operation. Although this does break the existing API, it helps to avoid some potentially tricky situations for which there is no architected behavior. Signed-off-by: Jim Mattson <[email protected]> Reviewed-by: Krish Sadhukhan <[email protected]> Signed-off-by: Paolo Bonzini <[email protected]>
CarlFK · Jun 4, 2018 · a943ac5 · a943ac5
1 parent c5ce823
commit a943ac5
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
@@ -3538,6 +3538,13 @@ static int vmx_set_vmx_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data)
 {
 	struct vcpu_vmx *vmx = to_vmx(vcpu);
 
+	/*
+	 * Don't allow changes to the VMX capability MSRs while the vCPU
+	 * is in VMX operation.
+	 */
+	if (vmx->nested.vmxon)
+		return -EBUSY;
+
 	switch (msr_index) {
 	case MSR_IA32_VMX_BASIC:
 		return vmx_restore_vmx_basic(vmx, data);