diff options
| author | Krish Sadhukhan <krish.sadhukhan@oracle.com> | 2020-09-21 11:10:25 +0300 |
|---|---|---|
| committer | Paolo Bonzini <pbonzini@redhat.com> | 2020-09-28 14:57:18 +0300 |
| commit | bddd82d19e2e580b11e62f7a1d86ee52d8e437b6 (patch) | |
| tree | 57e9b8a1de95aa67a3bf696327bfefb8beedf7d2 /arch/x86/kvm/vmx/vmx.h | |
| parent | cc5b54dd58d0420c1b1f1e9b29f53327076e9355 (diff) | |
| download | linux-bddd82d19e2e580b11e62f7a1d86ee52d8e437b6.tar.xz | |
KVM: nVMX: KVM needs to unset "unrestricted guest" VM-execution control in vmcs02 if vmcs12 doesn't set it
Currently, prepare_vmcs02_early() does not check if the "unrestricted guest"
VM-execution control in vmcs12 is turned off and leaves the corresponding
bit on in vmcs02. Due to this setting, vmentry checks which are supposed to
render the nested guest state as invalid when this VM-execution control is
not set, are passing in hardware.
This patch turns off the "unrestricted guest" VM-execution control in vmcs02
if vmcs12 has turned it off.
Suggested-by: Jim Mattson <jmattson@google.com>
Suggested-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Message-Id: <20200921081027.23047-2-krish.sadhukhan@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'arch/x86/kvm/vmx/vmx.h')
| -rw-r--r-- | arch/x86/kvm/vmx/vmx.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h index d7ec66db5eb8..941336dc5ee4 100644 --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -553,6 +553,13 @@ static inline bool vmx_need_pf_intercept(struct kvm_vcpu *vcpu) return !enable_ept || cpuid_maxphyaddr(vcpu) < boot_cpu_data.x86_phys_bits; } +static inline bool is_unrestricted_guest(struct kvm_vcpu *vcpu) +{ + return enable_unrestricted_guest && (!is_guest_mode(vcpu) || + (secondary_exec_controls_get(to_vmx(vcpu)) & + SECONDARY_EXEC_UNRESTRICTED_GUEST)); +} + void dump_vmcs(void); #endif /* __KVM_X86_VMX_H */ |