Re: [PATCH 04/28] KVM: SVM: Kill the VM instead of the host if MSR interception is buggy
From: Sean Christopherson
Date: Tue Jun 03 2025 - 09:27:05 EST
On Tue, Jun 03, 2025, Chao Gao wrote:
> On Thu, May 29, 2025 at 04:39:49PM -0700, Sean Christopherson wrote:
> >WARN and kill the VM instead of panicking the host if KVM attempts to set
> >or query MSR interception for an unsupported MSR. Accessing the MSR
> >interception bitmaps only meaningfully affects post-VMRUN behavior, and
> >KVM_BUG_ON() is guaranteed to prevent the current vCPU from doing VMRUN,
> >i.e. there is no need to panic the entire host.
> >
> >Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
> >---
> > arch/x86/kvm/svm/svm.c | 6 ++++--
> > 1 file changed, 4 insertions(+), 2 deletions(-)
> >
> >diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
> >index 36a99b87a47f..d5d11cb0c987 100644
> >--- a/arch/x86/kvm/svm/svm.c
> >+++ b/arch/x86/kvm/svm/svm.c
> >@@ -827,7 +827,8 @@ static bool msr_write_intercepted(struct kvm_vcpu *vcpu, u32 msr)
> > bit_write = 2 * (msr & 0x0f) + 1;
> > tmp = msrpm[offset];
>
> not an issue with this patch. but shouldn't the offset be checked against
> MSR_INVALID before being used to index msrpm[]?
Oof, yes. To some extent, it _is_ a problem with this patch, because using
KVM_BUG_ON() makes the OOB access less fatal. Though it's just a load, and code
that should be unreachable, but still worth cleaning up.
Anyways, I'll place the KVM_BUG_ON()s in the right location as part of this patch.
Thanks!