From patchwork Fri Nov 27 08:46:26 2009
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sheng Yang <sheng@linux.intel.com>
X-Patchwork-Id: 63298
Received: from vger.kernel.org (vger.kernel.org [209.132.176.167])
	by demeter.kernel.org (8.14.2/8.14.2) with ESMTP id nAR8khZP031802
	for <patchwork-kvm@patchwork.kernel.org>;
	Fri, 27 Nov 2009 08:46:43 GMT
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752527AbZK0Iqf (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Fri, 27 Nov 2009 03:46:35 -0500
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752196AbZK0Iqf
	(ORCPT <rfc822;kvm-outgoing>); Fri, 27 Nov 2009 03:46:35 -0500
Received: from mga09.intel.com ([134.134.136.24]:38759 "EHLO mga09.intel.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751862AbZK0Iqe (ORCPT <rfc822;kvm@vger.kernel.org>);
	Fri, 27 Nov 2009 03:46:34 -0500
Received: from orsmga001.jf.intel.com ([10.7.209.18])
	by orsmga102.jf.intel.com with ESMTP; 27 Nov 2009 00:46:23 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="4.47,300,1257148800"; d="scan'208";a="573550099"
Received: from syang10-desktop.sh.intel.com (HELO syang10-desktop)
	([10.239.36.163])
	by orsmga001.jf.intel.com with ESMTP; 27 Nov 2009 00:46:28 -0800
Received: from yasker by syang10-desktop with local (Exim 4.69)
	(envelope-from <sheng.yang@intel.com>)
	id 1NDwTJ-0005Wd-8V; Fri, 27 Nov 2009 16:46:33 +0800
From: Sheng Yang <sheng@linux.intel.com>
To: Marcelo Tosatti <mtosatti@redhat.com>, Avi Kivity <avi@redhat.com>
Cc: kvm@vger.kernel.org, Sheng Yang <sheng@linux.intel.com>
Subject: [PATCH] KVM: VMX: Disable unrestricted guest when EPT disabled
Date: Fri, 27 Nov 2009 16:46:26 +0800
Message-Id: <1259311586-21211-1-git-send-email-sheng@linux.intel.com>
X-Mailer: git-send-email 1.6.3.3
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org


diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 80367c5..1092e8a 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -2308,8 +2308,10 @@ static int vmx_vcpu_setup(struct vcpu_vmx *vmx)
 				~SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES;
 		if (vmx->vpid == 0)
 			exec_control &= ~SECONDARY_EXEC_ENABLE_VPID;
-		if (!enable_ept)
+		if (!enable_ept) {
 			exec_control &= ~SECONDARY_EXEC_ENABLE_EPT;
+			enable_unrestricted_guest = 0;
+		}
 		if (!enable_unrestricted_guest)
 			exec_control &= ~SECONDARY_EXEC_UNRESTRICTED_GUEST;
 		if (!ple_gap)