hypervisor: kvm: KVM_GET_MSRS writes to its parameter

The KVM code that retrieves MSRs was using ioctl_with_ref(), which is
supposed to have a read-only reference, but KVM_GET_MSRS needs to write
via the provided reference.

Change-Id: I2f0972463c99d7d97f19834d23040ab49bbee20d
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5847468
Reviewed-by: Frederick Mayle <fmayle@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Elie Kheirallah <khei@google.com>

hypervisor/src/kvm/x86_64.rs

@@ -869,7 +869,7 @@ impl VcpuX86_64 for KvmVcpu {
         let ret = {
             // SAFETY:
             // Here we trust the kernel not to read or write past the end of the kvm_msrs struct.
-            unsafe { ioctl_with_ref(self, KVM_GET_MSRS, &msrs[0]) }
+            unsafe { ioctl_with_mut_ref(self, KVM_GET_MSRS, &mut msrs[0]) }
         };
         if ret < 0 {
             return errno_result();
@@ -909,7 +909,7 @@ impl VcpuX86_64 for KvmVcpu {
         let ret = {
             // SAFETY:
             // Here we trust the kernel not to read or write past the end of the kvm_msrs struct.
-            unsafe { ioctl_with_ref(self, KVM_GET_MSRS, &kvm_msrs[0]) }
+            unsafe { ioctl_with_mut_ref(self, KVM_GET_MSRS, &mut kvm_msrs[0]) }
         };
         if ret < 0 {
             return errno_result();

kvm/src/lib.rs

@@ -1355,7 +1355,7 @@ impl Vcpu {
         let ret = {
             // SAFETY:
             // Here we trust the kernel not to read or write past the end of the kvm_msrs struct.
-            unsafe { ioctl_with_ref(self, KVM_GET_MSRS, &msrs[0]) }
+            unsafe { ioctl_with_mut_ref(self, KVM_GET_MSRS, &mut msrs[0]) }
         };
         if ret < 0 {
             // KVM_SET_MSRS actually returns the number of msr entries written.