The following patch fixes a bug where the guest is still able to access the apic registers via mmio once the apic has been disabled.
8d860bbeedef kvm: vmx: Basic APIC virtualization controls have three settings
This causes the x86/apic kvm-unit-test to fail when run on a host missing this patch.
Without: FAIL: apic_disable: *0xfee00030: 50014 FAIL: apic_disable: CR8: f PASS: apic_disable: CR8: f FAIL: apic_disable: *0xfee00080: f0 With: PASS: apic_disable: *0xfee00030: ffffffff PASS: apic_disable: CR8: 0 PASS: apic_disable: CR8: f PASS: apic_disable: *0xfee00080: ffffffff
This patch has been upstream as of v4.18.
This patch has 3 dependencies which introduce no functional change, however they add context which allows the patch listed above to apply cleanly.
c2ba05ccfde2 KVM: X86: introduce invalidate_gpa argument to tlb flush 588716494258 kvm: vmx: Introduce lapic_mode enumeration a468f2dbf921 kvm: apic: Flush TLB after APIC mode/address change if VPIDs are in use
This patch series should be applied against 4.14.y