From: Sean Christopherson <seanjc@google.com>
To: Yosry Ahmed <yosry.ahmed@linux.dev>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Kevin Cheng <chengkev@google.com>
Subject: Re: [PATCH] KVM: x86: Disallow setting CPUID and/or feature MSRs if L2 is active
Date: Wed, 7 Jan 2026 12:26:35 -0800 [thread overview]
Message-ID: <aV7Be9k2KBEQCisT@google.com> (raw)
In-Reply-To: <shaevlgw5h7i3oxtoj6yqun3mklwdi6nng3noypxeqevnuqlcu@urfhn55x7owk>
On Fri, Jan 02, 2026, Yosry Ahmed wrote:
> On Tue, Dec 30, 2025 at 12:56:41PM -0800, Sean Christopherson wrote:
> > diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
> > index fdab0ad49098..9084e0dfa15c 100644
> > --- a/arch/x86/kvm/x86.h
> > +++ b/arch/x86/kvm/x86.h
> > @@ -172,9 +172,9 @@ static inline void kvm_nested_vmexit_handle_ibrs(struct kvm_vcpu *vcpu)
> > indirect_branch_prediction_barrier();
> > }
> >
> > -static inline bool kvm_vcpu_has_run(struct kvm_vcpu *vcpu)
> > +static inline bool kvm_can_set_cpuid_and_feature_msrs(struct kvm_vcpu *vcpu)
> > {
> > - return vcpu->arch.last_vmentry_cpu != -1;
> > + return vcpu->arch.last_vmentry_cpu == -1 && !is_guest_mode(vcpu);
> > }
>
> To make this self-contained (e.g. for readers not coming from
> kvm_set_cpuid()), should we add a comment here about is_guest_mode()
> only possibly being true with last_vmentry_cpu == -1 if userspace does
> the set CPUID, set nested state, set CPUID again dance?
Ya. If this looks good, I'll add it when applying.
/*
* Disallow modifying CPUID and feature MSRs, which affect the core virtual CPU
* model exposed to the guest and virtualized by KVM, if the vCPU has already
* run or is in guest mode (L2). In both cases, KVM has already consumed the
* current virtual CPU model, and doesn't support "unwinding" to react to the
* new model.
*
* Note, the only way is_guest_mode() can be true with 'last_vmentry_cpu == -1'
* is if userspace sets CPUID and feature MSRs (to enable VMX/SVM), then sets
* nested state, and then attempts to set CPUID and/or feature MSRs *again*.
*/
static inline bool kvm_can_set_cpuid_and_feature_msrs(struct kvm_vcpu *vcpu)
{
return vcpu->arch.last_vmentry_cpu == -1 && !is_guest_mode(vcpu);
}
next prev parent reply other threads:[~2026-01-07 20:26 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-30 20:56 [PATCH] KVM: x86: Disallow setting CPUID and/or feature MSRs if L2 is active Sean Christopherson
2026-01-02 18:00 ` Yosry Ahmed
2026-01-07 20:26 ` Sean Christopherson [this message]
2026-01-08 7:59 ` Yosry Ahmed
2026-01-07 20:46 ` Yosry Ahmed
2026-01-07 20:49 ` Yosry Ahmed
2026-01-07 20:59 ` Sean Christopherson
2026-01-12 17:38 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aV7Be9k2KBEQCisT@google.com \
--to=seanjc@google.com \
--cc=chengkev@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=yosry.ahmed@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.