|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen stable-4.7] x86/vvmx: don't enable vmcs shadowing for nested guests
commit caae05273342eaddc624de503b1dd3e5d462715e
Author: Sergey Dyasli <sergey.dyasli@xxxxxxxxxx>
AuthorDate: Wed Dec 20 16:22:58 2017 +0100
Commit: Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Wed Dec 20 16:22:58 2017 +0100
x86/vvmx: don't enable vmcs shadowing for nested guests
Running "./xtf_runner vvmx" in L1 Xen under L0 Xen produces the
following result on H/W with VMCS shadowing:
Test: vmxon
Failure in test_vmxon_in_root_cpl0()
Expected 0x8200000f: VMfailValid(15) VMXON_IN_ROOT
Got 0x82004400: VMfailValid(17408) <unknown>
Test result: FAILURE
This happens because SDM allows vmentries with enabled VMCS shadowing
VM-execution control and VMCS link pointer value of ~0ull. But results
of a nested VMREAD are undefined in such cases.
Fix this by not copying the value of VMCS shadowing control from vmcs01
to vmcs02.
Signed-off-by: Sergey Dyasli <sergey.dyasli@xxxxxxxxxx>
Acked-by: Kevin Tian <kevin.tian@xxxxxxxxx>
master commit: 19fdb8e258619aea265af9c183e035e545cbc2d2
master date: 2017-12-01 19:03:27 +0000
---
xen/arch/x86/hvm/vmx/vvmx.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c
index 314fec4..acf1805 100644
--- a/xen/arch/x86/hvm/vmx/vvmx.c
+++ b/xen/arch/x86/hvm/vmx/vvmx.c
@@ -591,6 +591,7 @@ void nvmx_update_secondary_exec_control(struct vcpu *v,
SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY;
host_cntrl &= ~apicv_bit;
+ host_cntrl &= ~SECONDARY_EXEC_ENABLE_VMCS_SHADOWING;
shadow_cntrl = get_vvmcs(v, SECONDARY_VM_EXEC_CONTROL);
/* No vAPIC-v support, so it shouldn't be set in vmcs12. */
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.7
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |