Give feature MSRs that same treatment as CPUID and disallow changing said
MSRs after KVM_RUN.

RFC as this is lightly tested and should come with a selftests update to
verify it actually works.  Posting early to get feedback on the overall
idea, and on the VMX MSRs trickery (though I think patches 1-2 are a good
idea irrespective of trying to reduce the overhead of the new check).

Sean Christopherson (3):
  KVM: x86: Add macros to track first...last VMX feature MSRs
  KVM: x86: Generate set of VMX feature MSRs using first/last
    definitions
  KVM: x86: Disallow writes to immutable feature MSRs after KVM_RUN

 arch/x86/kvm/svm/svm.c |  2 +-
 arch/x86/kvm/vmx/vmx.c |  8 ++--
 arch/x86/kvm/x86.c     | 90 +++++++++++++++++++++++++++---------------
 arch/x86/kvm/x86.h     |  8 ++++
 4 files changed, 72 insertions(+), 36 deletions(-)


base-commit: 93472b79715378a2386598d6632c654a2223267b
-- 
2.37.1.559.g78731f0fdb-goog

On 8/5/22 19:29, Sean Christopherson wrote:
> Give feature MSRs that same treatment as CPUID and disallow changing said
> MSRs after KVM_RUN.
> 
> RFC as this is lightly tested and should come with a selftests update to
> verify it actually works.  Posting early to get feedback on the overall
> idea, and on the VMX MSRs trickery (though I think patches 1-2 are a good
> idea irrespective of trying to reduce the overhead of the new check).

They are good, just a small style remark on patch 2.

Paolo