p***@xen.org
2018-10-30 13:44:45 UTC
commit 18cef4df8f8bd04a59a218e5f67e7896e43fd07d
Author: Andrew Cooper <***@citrix.com>
AuthorDate: Thu Oct 25 14:40:11 2018 +0100
Commit: Andrew Cooper <***@citrix.com>
CommitDate: Tue Oct 30 13:26:21 2018 +0000
x86/vvmx: Unconditionally initialise vmxon_region_pa during vcpu construction
This is a stopgap solution until the toolstack side of initialisation can be
sorted out, but it does result in the nvmx_vcpu_in_vmx() predicate working
correctly even when nested virt hasn't been enabled for the domain.
Update nvmx_handle_vmx_insn() to include the in-vmx mode check (for all
instructions other than VMXON) to complete the set of #UD checks.
In addition, sanity check that the nested vmexit handler has worked correctly,
and that we are only providing emulation of the VT-x instructions to L1
guests.
Signed-off-by: Andrew Cooper <***@citrix.com>
Reviewed-by: Sergey Dyasli <***@citrix.com>
Reviewed-by: Jan Beulich <***@suse.com>
Acked-by: Kevin Tian <***@intel.com>
---
xen/arch/x86/hvm/vmx/vmx.c | 2 ++
xen/arch/x86/hvm/vmx/vvmx.c | 11 ++++++++++-
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index 8d0e4b682c..a6e6dc6c45 100644
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -429,6 +429,8 @@ static int vmx_vcpu_initialise(struct vcpu *v)
INIT_LIST_HEAD(&v->arch.hvm.vmx.pi_blocking.list);
+ vcpu_2_nvmx(v).vmxon_region_pa = INVALID_PADDR;
+
if ( (rc = vmx_create_vmcs(v)) != 0 )
{
dprintk(XENLOG_WARNING,
diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c
index 7051eb3509..eb176c23ab 100644
--- a/xen/arch/x86/hvm/vmx/vvmx.c
+++ b/xen/arch/x86/hvm/vmx/vvmx.c
@@ -1987,7 +1987,8 @@ int nvmx_handle_vmx_insn(struct cpu_user_regs *regs, unsigned int exit_reason)
if ( !(curr->arch.hvm.guest_cr[4] & X86_CR4_VMXE) ||
!nestedhvm_enabled(curr->domain) ||
- (vmx_guest_x86_mode(curr) < (hvm_long_mode_active(curr) ? 8 : 2)) )
+ (vmx_guest_x86_mode(curr) < (hvm_long_mode_active(curr) ? 8 : 2)) ||
+ (exit_reason != EXIT_REASON_VMXON && !nvmx_vcpu_in_vmx(curr)) )
{
hvm_inject_hw_exception(TRAP_invalid_op, X86_EVENT_NO_EC);
return X86EMUL_EXCEPTION;
@@ -1999,6 +2000,14 @@ int nvmx_handle_vmx_insn(struct cpu_user_regs *regs, unsigned int exit_reason)
return X86EMUL_EXCEPTION;
}
+ if ( nestedhvm_vcpu_in_guestmode(curr) )
+ {
+ /* Should have been handled by nvmx_n2_vmexit_handler()... */
+ ASSERT_UNREACHABLE();
+ domain_crash(curr->domain);
+ return X86EMUL_UNHANDLEABLE;
+ }
+
switch ( exit_reason )
{
case EXIT_REASON_VMXOFF:
--
generated by git-patchbot for /home/xen/git/xen.git#staging
Author: Andrew Cooper <***@citrix.com>
AuthorDate: Thu Oct 25 14:40:11 2018 +0100
Commit: Andrew Cooper <***@citrix.com>
CommitDate: Tue Oct 30 13:26:21 2018 +0000
x86/vvmx: Unconditionally initialise vmxon_region_pa during vcpu construction
This is a stopgap solution until the toolstack side of initialisation can be
sorted out, but it does result in the nvmx_vcpu_in_vmx() predicate working
correctly even when nested virt hasn't been enabled for the domain.
Update nvmx_handle_vmx_insn() to include the in-vmx mode check (for all
instructions other than VMXON) to complete the set of #UD checks.
In addition, sanity check that the nested vmexit handler has worked correctly,
and that we are only providing emulation of the VT-x instructions to L1
guests.
Signed-off-by: Andrew Cooper <***@citrix.com>
Reviewed-by: Sergey Dyasli <***@citrix.com>
Reviewed-by: Jan Beulich <***@suse.com>
Acked-by: Kevin Tian <***@intel.com>
---
xen/arch/x86/hvm/vmx/vmx.c | 2 ++
xen/arch/x86/hvm/vmx/vvmx.c | 11 ++++++++++-
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index 8d0e4b682c..a6e6dc6c45 100644
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -429,6 +429,8 @@ static int vmx_vcpu_initialise(struct vcpu *v)
INIT_LIST_HEAD(&v->arch.hvm.vmx.pi_blocking.list);
+ vcpu_2_nvmx(v).vmxon_region_pa = INVALID_PADDR;
+
if ( (rc = vmx_create_vmcs(v)) != 0 )
{
dprintk(XENLOG_WARNING,
diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c
index 7051eb3509..eb176c23ab 100644
--- a/xen/arch/x86/hvm/vmx/vvmx.c
+++ b/xen/arch/x86/hvm/vmx/vvmx.c
@@ -1987,7 +1987,8 @@ int nvmx_handle_vmx_insn(struct cpu_user_regs *regs, unsigned int exit_reason)
if ( !(curr->arch.hvm.guest_cr[4] & X86_CR4_VMXE) ||
!nestedhvm_enabled(curr->domain) ||
- (vmx_guest_x86_mode(curr) < (hvm_long_mode_active(curr) ? 8 : 2)) )
+ (vmx_guest_x86_mode(curr) < (hvm_long_mode_active(curr) ? 8 : 2)) ||
+ (exit_reason != EXIT_REASON_VMXON && !nvmx_vcpu_in_vmx(curr)) )
{
hvm_inject_hw_exception(TRAP_invalid_op, X86_EVENT_NO_EC);
return X86EMUL_EXCEPTION;
@@ -1999,6 +2000,14 @@ int nvmx_handle_vmx_insn(struct cpu_user_regs *regs, unsigned int exit_reason)
return X86EMUL_EXCEPTION;
}
+ if ( nestedhvm_vcpu_in_guestmode(curr) )
+ {
+ /* Should have been handled by nvmx_n2_vmexit_handler()... */
+ ASSERT_UNREACHABLE();
+ domain_crash(curr->domain);
+ return X86EMUL_UNHANDLEABLE;
+ }
+
switch ( exit_reason )
{
case EXIT_REASON_VMXOFF:
--
generated by git-patchbot for /home/xen/git/xen.git#staging