* [PATCH v1] x86/vvmx: don't enable vmcs shadowing for nested guests
@ 2017-10-23 9:33 Sergey Dyasli
2017-11-02 4:35 ` Tian, Kevin
0 siblings, 1 reply; 3+ messages in thread
From: Sergey Dyasli @ 2017-10-23 9:33 UTC (permalink / raw)
To: xen-devel
Cc: Andrew Cooper, Kevin Tian, Jan Beulich, Jun Nakajima, Sergey Dyasli
Running "./xtf_runner vvmx" in L1 Xen under L0 Xen produces the
following result on H/W with VMCS shadowing:
Test: vmxon
Failure in test_vmxon_in_root_cpl0()
Expected 0x8200000f: VMfailValid(15) VMXON_IN_ROOT
Got 0x82004400: VMfailValid(17408) <unknown>
Test result: FAILURE
This happens because SDM allows vmentries with enabled VMCS shadowing
VM-execution control and VMCS link pointer value of ~0ull. But results
of a nested VMREAD are undefined in such cases.
Fix this by not copying the value of VMCS shadowing control from vmcs01
to vmcs02.
Signed-off-by: Sergey Dyasli <sergey.dyasli@citrix.com>
---
xen/arch/x86/hvm/vmx/vvmx.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c
index dde02c076b..013d049f8a 100644
--- a/xen/arch/x86/hvm/vmx/vvmx.c
+++ b/xen/arch/x86/hvm/vmx/vvmx.c
@@ -633,6 +633,7 @@ void nvmx_update_secondary_exec_control(struct vcpu *v,
SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY;
host_cntrl &= ~apicv_bit;
+ host_cntrl &= ~SECONDARY_EXEC_ENABLE_VMCS_SHADOWING;
shadow_cntrl = get_vvmcs(v, SECONDARY_VM_EXEC_CONTROL);
/* No vAPIC-v support, so it shouldn't be set in vmcs12. */
--
2.11.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH v1] x86/vvmx: don't enable vmcs shadowing for nested guests
2017-10-23 9:33 [PATCH v1] x86/vvmx: don't enable vmcs shadowing for nested guests Sergey Dyasli
@ 2017-11-02 4:35 ` Tian, Kevin
2017-11-02 17:20 ` Andrew Cooper
0 siblings, 1 reply; 3+ messages in thread
From: Tian, Kevin @ 2017-11-02 4:35 UTC (permalink / raw)
To: Sergey Dyasli, xen-devel; +Cc: Andrew Cooper, Jan Beulich, Nakajima, Jun
> From: Sergey Dyasli [mailto:sergey.dyasli@citrix.com]
> Sent: Monday, October 23, 2017 5:33 PM
>
> Running "./xtf_runner vvmx" in L1 Xen under L0 Xen produces the
> following result on H/W with VMCS shadowing:
>
> Test: vmxon
> Failure in test_vmxon_in_root_cpl0()
> Expected 0x8200000f: VMfailValid(15) VMXON_IN_ROOT
> Got 0x82004400: VMfailValid(17408) <unknown>
> Test result: FAILURE
>
> This happens because SDM allows vmentries with enabled VMCS
> shadowing
> VM-execution control and VMCS link pointer value of ~0ull. But results
> of a nested VMREAD are undefined in such cases.
>
> Fix this by not copying the value of VMCS shadowing control from vmcs01
> to vmcs02.
>
> Signed-off-by: Sergey Dyasli <sergey.dyasli@citrix.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v1] x86/vvmx: don't enable vmcs shadowing for nested guests
2017-11-02 4:35 ` Tian, Kevin
@ 2017-11-02 17:20 ` Andrew Cooper
0 siblings, 0 replies; 3+ messages in thread
From: Andrew Cooper @ 2017-11-02 17:20 UTC (permalink / raw)
To: Tian, Kevin, Sergey Dyasli, xen-devel; +Cc: Jan Beulich, Nakajima, Jun
On 02/11/17 04:35, Tian, Kevin wrote:
>> From: Sergey Dyasli [mailto:sergey.dyasli@citrix.com]
>> Sent: Monday, October 23, 2017 5:33 PM
>>
>> Running "./xtf_runner vvmx" in L1 Xen under L0 Xen produces the
>> following result on H/W with VMCS shadowing:
>>
>> Test: vmxon
>> Failure in test_vmxon_in_root_cpl0()
>> Expected 0x8200000f: VMfailValid(15) VMXON_IN_ROOT
>> Got 0x82004400: VMfailValid(17408) <unknown>
>> Test result: FAILURE
>>
>> This happens because SDM allows vmentries with enabled VMCS
>> shadowing
>> VM-execution control and VMCS link pointer value of ~0ull. But results
>> of a nested VMREAD are undefined in such cases.
>>
>> Fix this by not copying the value of VMCS shadowing control from vmcs01
>> to vmcs02.
>>
>> Signed-off-by: Sergey Dyasli <sergey.dyasli@citrix.com>
> Acked-by: Kevin Tian <kevin.tian@intel.com>
Pulled into x86-next
~Andrew
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-11-02 17:20 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-10-23 9:33 [PATCH v1] x86/vvmx: don't enable vmcs shadowing for nested guests Sergey Dyasli
2017-11-02 4:35 ` Tian, Kevin
2017-11-02 17:20 ` Andrew Cooper
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.