KVM: nSVM: Advertise and enable NRIPS for L1 iff nrips is enabled

Set NRIPS in KVM capabilities if and only if nrips=true, which naturally
incorporates the boot_cpu_has() check, and set nrips_enabled only if the
KVM capability is enabled.

Note, previously KVM would set nrips_enabled based purely on userspace
input, but at worst that would cause KVM to propagate garbage into L1,
i.e. userspace would simply be hosing its VM.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 76a480a..9b173d5 100644 (file)
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -1375,7 +1375,7 @@ static __init void svm_set_cpu_caps(void)
        if (nested) {
                kvm_cpu_cap_set(X86_FEATURE_SVM);
 
-               if (boot_cpu_has(X86_FEATURE_NRIPS))
+               if (nrips)
                        kvm_cpu_cap_set(X86_FEATURE_NRIPS);
 
                if (npt_enabled)
@@ -6029,7 +6029,8 @@ static void svm_cpuid_update(struct kvm_vcpu *vcpu)
                                    boot_cpu_has(X86_FEATURE_XSAVES);
 
        /* Update nrips enabled cache */
-       svm->nrips_enabled = !!guest_cpuid_has(&svm->vcpu, X86_FEATURE_NRIPS);
+       svm->nrips_enabled = kvm_cpu_cap_has(X86_FEATURE_NRIPS) &&
+                            guest_cpuid_has(&svm->vcpu, X86_FEATURE_NRIPS);
 
        if (!kvm_vcpu_apicv_active(vcpu))
                return;