KVM: VMX: Fix x2APIC MSR intercept handling on !APICV platforms

Fix an inverted flag for intercepting x2APIC MSRs and intercept writes
by default, even when APICV is enabled.

Fixes: 3eb900173c71 ("KVM: x86: VMX: Prevent MSR passthrough when MSR access is denied")
Co-developed-by: Peter Xu <peterx@redhat.com>
[sean: added changelog]
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Message-Id: <20201005195532.8674-2-sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index f7b6677..4797ec9 100644 (file)
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -3787,9 +3787,10 @@ static void vmx_update_msr_bitmap_x2apic(struct kvm_vcpu *vcpu, u8 mode)
        int msr;
 
        for (msr = 0x800; msr <= 0x8ff; msr++) {
-               bool intercepted = !!(mode & MSR_BITMAP_MODE_X2APIC_APICV);
+               bool apicv = !!(mode & MSR_BITMAP_MODE_X2APIC_APICV);
 
-               vmx_set_intercept_for_msr(vcpu, msr, MSR_TYPE_RW, intercepted);
+               vmx_set_intercept_for_msr(vcpu, msr, MSR_TYPE_R, !apicv);
+               vmx_set_intercept_for_msr(vcpu, msr, MSR_TYPE_W, true);
        }
 
        if (mode & MSR_BITMAP_MODE_X2APIC) {