Xen project Mailing List

[Xen-devel] [PATCH v1] x86/vvmx: don't enable vmcs shadowing for nested guests

From: Sergey Dyasli <sergey.dyasli@xxxxxxxxxx>

Date: Mon, 23 Oct 2017 10:33:02 +0100

Cc: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, Sergey Dyasli <sergey.dyasli@xxxxxxxxxx>

Delivery-date: Mon, 23 Oct 2017 09:33:25 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

Running "./xtf_runner vvmx" in L1 Xen under L0 Xen produces the following result on H/W with VMCS shadowing: Test: vmxon Failure in test_vmxon_in_root_cpl0() Expected 0x8200000f: VMfailValid(15) VMXON_IN_ROOT Got 0x82004400: VMfailValid(17408) <unknown> Test result: FAILURE This happens because SDM allows vmentries with enabled VMCS shadowing VM-execution control and VMCS link pointer value of ~0ull. But results of a nested VMREAD are undefined in such cases. Fix this by not copying the value of VMCS shadowing control from vmcs01 to vmcs02. Signed-off-by: Sergey Dyasli <sergey.dyasli@xxxxxxxxxx> --- xen/arch/x86/hvm/vmx/vvmx.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c index dde02c076b..013d049f8a 100644 --- a/xen/arch/x86/hvm/vmx/vvmx.c +++ b/xen/arch/x86/hvm/vmx/vvmx.c @@ -633,6 +633,7 @@ void nvmx_update_secondary_exec_control(struct vcpu *v, SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY; host_cntrl &= ~apicv_bit; + host_cntrl &= ~SECONDARY_EXEC_ENABLE_VMCS_SHADOWING; shadow_cntrl = get_vvmcs(v, SECONDARY_VM_EXEC_CONTROL); /* No vAPIC-v support, so it shouldn't be set in vmcs12. */ -- 2.11.0 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.