Re: [PATCH 2/5] KVM: nVMX: Verify the VMX controls MSRs with the global capability when setting VMX MSRs

From: Jim Mattson
Date: Fri Aug 28 2020 - 14:24:01 EST


On Fri, Aug 28, 2020 at 1:54 AM Chenyi Qiang <chenyi.qiang@xxxxxxxxx> wrote:
>
> When setting the nested VMX MSRs, verify it with the values in
> vmcs_config.nested_vmx_msrs, which reflects the global capability of
> VMX controls MSRs.
>
> Signed-off-by: Chenyi Qiang <chenyi.qiang@xxxxxxxxx>

You seem to have entirely missed the point of this code, which is to
prevent userspace from adding features that have previously been
removed for this vCPU (e.g as a side-effect of KVM_SET_CPUID).