kvm: nVMX: Restrict VMX capability MSR changes

Disallow changes to the VMX capability MSRs while the vCPU is in VMX
operation. Although this does break the existing API, it helps to
avoid some potentially tricky situations for which there is no
architected behavior.

Signed-off-by: Jim Mattson <[email protected]>
Reviewed-by: Krish Sadhukhan <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index aff0f3ee6a1d79c5b279183586d5deb61027d602..55f86eebc780a6b9ef4072910111a58b5d10617f 100644 (file)
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -3538,6 +3538,13 @@ static int vmx_set_vmx_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data)
 {
        struct vcpu_vmx *vmx = to_vmx(vcpu);
 
+       /*
+        * Don't allow changes to the VMX capability MSRs while the vCPU
+        * is in VMX operation.
+        */
+       if (vmx->nested.vmxon)
+               return -EBUSY;
+
        switch (msr_index) {
        case MSR_IA32_VMX_BASIC:
                return vmx_restore_vmx_basic(vmx, data);