kvm-ioctls: Add KVM_X86_SET_MSR_FILTER vm ioctl#359
Merged
roypat merged 3 commits intorust-vmm:mainfrom Dec 2, 2025
Merged
Conversation
7c34a41 to
1d9b975
Compare
Signed-off-by: Ludvig Liljenberg <4257730+ludfjig@users.noreply.github.com>
1d9b975 to
93b1b92
Compare
Contributor
Author
|
CI is red, but looks unrelated to this change I believe |
Member
Yes, leave it to me |
roypat
reviewed
Nov 2, 2025
Member
roypat
left a comment
There was a problem hiding this comment.
I wonder if we could have a slightly higher level, but safe API here. E.g. kvm_msr_filer::bitmap is a pointer to array of u8s that has nmsrs many bits. We could just have an function that takes a Vec, range checks against nmsrs, and then convert its arguments to the kvm_msr_filter structure and does the ioctl maybe? The other args could even be enums then I think
Contributor
Author
Thanks for reviewing. That sounds reasonable to me. Do you prefer to have 2 versions of it around (keep the old function around as an unsafe |
ludfjig
commented
Nov 3, 2025
Signed-off-by: Ludvig Liljenberg <4257730+ludfjig@users.noreply.github.com>
5d15a25 to
8b43e9f
Compare
Member
|
Sorry for taking a while to get back to this, life's been busy 😭 I think having both higher and lower level functions is good, so that if the ioctl ever gets updated, people can use the low level function without needing to wait for the crate to update the high level apis. as for the cast, yea, this should be fine as the ioctl really does not actually write to |
roypat
previously approved these changes
Nov 18, 2025
Signed-off-by: Ludvig Liljenberg <4257730+ludfjig@users.noreply.github.com>
Contributor
Author
No worries. Thanks for the feedback.
Thanks, removed the TODO comment. |
roypat
approved these changes
Nov 20, 2025
stefano-garzarella
approved these changes
Dec 2, 2025
olivereanderson
added a commit
to olivereanderson/cloud-hypervisor
that referenced
this pull request
Feb 23, 2026
In order to ensure that MSRs that are not compatible with a given CPU profile do no get accessed by the guests we need to introduce functionality to deny such MSRs via filters. The implementation introduced here is mostly a temporary workaround until rust-vmm/kvm#359 gets integrated in CHV. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
olivereanderson
added a commit
to olivereanderson/cloud-hypervisor
that referenced
this pull request
Feb 23, 2026
In order to ensure that MSRs that are not compatible with a given CPU profile do no get accessed by the guests we need to introduce functionality to deny such MSRs via filters. The implementation introduced here is mostly a temporary workaround until rust-vmm/kvm#359 gets integrated in CHV. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
olivereanderson
added a commit
to olivereanderson/cloud-hypervisor
that referenced
this pull request
Feb 24, 2026
In order to ensure that MSRs that are not compatible with a given CPU profile do no get accessed by the guests we need to introduce functionality to deny such MSRs via filters. The implementation introduced here is mostly a temporary workaround until rust-vmm/kvm#359 gets integrated in CHV. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
olivereanderson
added a commit
to olivereanderson/cloud-hypervisor
that referenced
this pull request
Feb 25, 2026
In order to ensure that MSRs that are not compatible with a given CPU profile do no get accessed by the guests we need to introduce functionality to deny such MSRs via filters. The implementation introduced here is mostly a temporary workaround until rust-vmm/kvm#359 gets integrated in CHV. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
olivereanderson
added a commit
to olivereanderson/cloud-hypervisor
that referenced
this pull request
Feb 25, 2026
In order to ensure that MSRs that are not compatible with a given CPU profile do no get accessed by the guests we need to introduce functionality to deny such MSRs via filters. The implementation introduced here is mostly a temporary workaround until rust-vmm/kvm#359 gets integrated in CHV. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
olivereanderson
added a commit
to olivereanderson/cloud-hypervisor
that referenced
this pull request
Feb 25, 2026
In order to ensure that MSRs that are not compatible with a given CPU profile do no get accessed by the guests we need to introduce functionality to deny such MSRs via filters. The implementation introduced here is mostly a temporary workaround until rust-vmm/kvm#359 gets integrated in CHV. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
olivereanderson
added a commit
to olivereanderson/cloud-hypervisor
that referenced
this pull request
Mar 3, 2026
In order to ensure that MSRs that are not compatible with a given CPU profile do no get accessed by the guests we need to introduce functionality to deny such MSRs via filters. The implementation introduced here is mostly a temporary workaround until rust-vmm/kvm#359 gets integrated in CHV. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
olivereanderson
added a commit
to olivereanderson/cloud-hypervisor
that referenced
this pull request
Mar 4, 2026
In order to ensure that MSRs that are not compatible with a given CPU profile do no get accessed by the guests we need to introduce functionality to deny such MSRs via filters. The implementation introduced here is mostly a temporary workaround until rust-vmm/kvm#359 is integrated in CHV. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
olivereanderson
added a commit
to olivereanderson/cloud-hypervisor
that referenced
this pull request
Mar 6, 2026
In order to ensure that MSRs that are not compatible with a given CPU profile do no get accessed by the guests we need to introduce functionality to deny such MSRs via filters. The implementation introduced here is mostly a temporary workaround until rust-vmm/kvm#359 is integrated in CHV. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
olivereanderson
added a commit
to olivereanderson/cloud-hypervisor
that referenced
this pull request
Mar 6, 2026
In order to ensure that MSRs that are not compatible with a given CPU profile do no get accessed by the guests we need to introduce functionality to deny such MSRs via filters. The implementation introduced here is mostly a temporary workaround until rust-vmm/kvm#359 is integrated in CHV. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
olivereanderson
added a commit
to olivereanderson/cloud-hypervisor
that referenced
this pull request
Mar 9, 2026
In order to ensure that MSRs that are not compatible with a given CPU profile do no get accessed by the guests we need to introduce functionality to deny such MSRs via filters. The implementation introduced here is mostly a temporary workaround until rust-vmm/kvm#359 is integrated in CHV. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
olivereanderson
added a commit
to olivereanderson/cloud-hypervisor
that referenced
this pull request
Mar 10, 2026
In order to ensure that MSRs that are not compatible with a given CPU profile do no get accessed by the guests we need to introduce functionality to deny such MSRs via filters. The implementation introduced here is mostly a temporary workaround until rust-vmm/kvm#359 is integrated in CHV. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
olivereanderson
added a commit
to olivereanderson/cloud-hypervisor
that referenced
this pull request
Mar 11, 2026
In order to ensure that MSRs that are not compatible with a given CPU profile do no get accessed by the guests we need to introduce functionality to deny such MSRs via filters. The implementation introduced here is mostly a temporary workaround until rust-vmm/kvm#359 is integrated in CHV. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
olivereanderson
added a commit
to olivereanderson/cloud-hypervisor
that referenced
this pull request
Mar 12, 2026
In order to ensure that MSRs that are not compatible with a given CPU profile do no get accessed by the guests we need to introduce functionality to deny such MSRs via filters. The implementation introduced here is mostly a temporary workaround until rust-vmm/kvm#359 is integrated in CHV. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
olivereanderson
added a commit
to olivereanderson/cloud-hypervisor
that referenced
this pull request
Mar 16, 2026
In order to ensure that MSRs that are not compatible with a given CPU profile do no get accessed by the guests we need to introduce functionality to deny such MSRs via filters. The implementation introduced here is mostly a temporary workaround until rust-vmm/kvm#359 is integrated in CHV. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
olivereanderson
added a commit
to cyberus-technology/cloud-hypervisor
that referenced
this pull request
Mar 16, 2026
In order to ensure that MSRs that are not compatible with a given CPU profile do no get accessed by the guests we need to introduce functionality to deny such MSRs via filters. The implementation introduced here is mostly a temporary workaround until rust-vmm/kvm#359 is integrated in CHV. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
albertilagan
added a commit
to albertilagan/cloud-hypervisor
that referenced
this pull request
Apr 26, 2026
Port of cyberus 04402ac onto current upstream. Adds Vm::msr_filter so the vmm can deny MSR accesses that don't fit the active CPU profile. - New crate-level type MsrFilterRange<'a> in hypervisor/src/lib.rs describing a (flags, base, nmsrs, bitmap) range, with a with_read_write_flags helper. - New HypervisorVmError variants: TooManyMsrFilterRanges, MissingMsrFilterCapability, MsrFilter. - Vm::msr_filter trait method, called once before vCPUs are created. Implemented on KvmVm via raw KVM_X86_SET_MSR_FILTER ioctl (workaround until rust-vmm/kvm#359 lands). MSHV impl is todo!() (matches cyberus). - vmm seccomp ioctl rule whitelists KVM_X86_SET_MSR_FILTER.
albertilagan
added a commit
to albertilagan/cloud-hypervisor
that referenced
this pull request
Apr 26, 2026
Port of cyberus 04402ac onto current upstream. Adds Vm::msr_filter so the vmm can deny MSR accesses that don't fit the active CPU profile. - New crate-level type MsrFilterRange<'a> in hypervisor/src/lib.rs describing a (flags, base, nmsrs, bitmap) range, with a with_read_write_flags helper. - New HypervisorVmError variants: TooManyMsrFilterRanges, MissingMsrFilterCapability, MsrFilter. - Vm::msr_filter trait method, called once before vCPUs are created. Implemented on KvmVm via raw KVM_X86_SET_MSR_FILTER ioctl (workaround until rust-vmm/kvm#359 lands). MSHV impl is todo!() (matches cyberus). - vmm seccomp ioctl rule whitelists KVM_X86_SET_MSR_FILTER.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary of the PR
Adds KVM_X86_SET_MSR_FILTER vm ioctl. This is my first contribution so I might be missing something, feedback greatly appreciated. I'm not sure whether there needs to be an actual test running vcpu that tries to read/write some MSR
Closes #358
Requirements
Before submitting your PR, please make sure you addressed the following
requirements:
git commit -s), and the commit message has max 60 characters for thesummary and max 75 characters for each description line.
test.
Release" section of CHANGELOG.md (if no such section exists, please create one).
unsafecode is properly documented.