• Sean Christopherson's avatar
    KVM: nVMX: Handle dynamic MSR intercept toggling · 67f4b996
    Sean Christopherson authored
    Always check vmcs01's MSR bitmap when merging L0 and L1 bitmaps for L2,
    and always update the relevant bits in vmcs02.  This fixes two distinct,
    but intertwined bugs related to dynamic MSR bitmap modifications.
    
    The first issue is that KVM fails to enable MSR interception in vmcs02
    for the FS/GS base MSRs if L1 first runs L2 with interception disabled,
    and later enables interception.
    
    The second issue is that KVM fails to honor userspace MSR filtering when
    preparing vmcs02.
    
    Fix both issues simultaneous as fixing only one of the issues (doesn't
    matter which) would create a mess that no one should have to bisect.
    Fixing only the first bug would exacerbate the MSR filtering issue as
    userspace would see inconsistent behavior depending on the whims of L1.
    Fixing only the second bug (MSR filtering) effectively requires fixing
    the first, as the nVMX code only knows how to transition vmcs02's
    bitmap from 1->0.
    
    Move the various accessor/mutators that are currently buried in vmx.c
    into vmx.h so that they can be shared by the nested code.
    
    Fixes: 1a155254 ("KVM: x86: Introduce MSR filtering")
    Fixes: d69129b4 ("KVM: nVMX: Disable intercept for FS/GS base MSRs in vmcs02 when possible")
    Cc: stable@vger.kernel.org
    Cc: Alexander Graf <graf@amazon.com>
    Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
    Message-Id: <20211109013047.2041518-3-seanjc@google.com>
    Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
    67f4b996
vmx.c 224 KB