diff options
| author | Sean Christopherson <sean.j.christopherson@intel.com> | 2020-10-05 12:55:32 -0700 |
|---|---|---|
| committer | Paolo Bonzini <pbonzini@redhat.com> | 2020-10-21 17:36:19 -0400 |
| commit | 9389b9d5d3566b5687829a4098e715f0016451c7 (patch) | |
| tree | 7e361e6dc7e02b8c61e1d052df738594529c70d4 /arch/x86/kvm/x86.c | |
| parent | 1b21c8db0e3b71523ada0cf568372ebfcf0d3466 (diff) | |
| download | lwn-9389b9d5d3566b5687829a4098e715f0016451c7.tar.gz lwn-9389b9d5d3566b5687829a4098e715f0016451c7.zip | |
KVM: VMX: Ignore userspace MSR filters for x2APIC
Rework the resetting of the MSR bitmap for x2APIC MSRs to ignore userspace
filtering. Allowing userspace to intercept reads to x2APIC MSRs when
APICV is fully enabled for the guest simply can't work; the LAPIC and thus
virtual APIC is in-kernel and cannot be directly accessed by userspace.
To keep things simple we will in fact forbid intercepting x2APIC MSRs
altogether, independent of the default_allow setting.
Cc: Alexander Graf <graf@amazon.com>
Cc: Aaron Lewis <aaronlewis@google.com>
Cc: Peter Xu <peterx@redhat.com>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Message-Id: <20201005195532.8674-3-sean.j.christopherson@intel.com>
[Modified to operate even if APICv is disabled, adjust documentation. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'arch/x86/kvm/x86.c')
| -rw-r--r-- | arch/x86/kvm/x86.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index c4015a43cc8a..08cfb5e4bd07 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1497,8 +1497,8 @@ bool kvm_msr_allowed(struct kvm_vcpu *vcpu, u32 index, u32 type) bool r = kvm->arch.msr_filter.default_allow; int idx; - /* MSR filtering not set up, allow everything */ - if (!count) + /* MSR filtering not set up or x2APIC enabled, allow everything */ + if (!count || (index >= 0x800 && index <= 0x8ff)) return true; /* Prevent collision with set_msr_filter */ |