| Message ID | 20171023093302.27953-1-sergey.dyasli@citrix.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
> From: Sergey Dyasli [mailto:sergey.dyasli@citrix.com] > Sent: Monday, October 23, 2017 5:33 PM > > Running "./xtf_runner vvmx" in L1 Xen under L0 Xen produces the > following result on H/W with VMCS shadowing: > > Test: vmxon > Failure in test_vmxon_in_root_cpl0() > Expected 0x8200000f: VMfailValid(15) VMXON_IN_ROOT > Got 0x82004400: VMfailValid(17408) <unknown> > Test result: FAILURE > > This happens because SDM allows vmentries with enabled VMCS > shadowing > VM-execution control and VMCS link pointer value of ~0ull. But results > of a nested VMREAD are undefined in such cases. > > Fix this by not copying the value of VMCS shadowing control from vmcs01 > to vmcs02. > > Signed-off-by: Sergey Dyasli <sergey.dyasli@citrix.com> Acked-by: Kevin Tian <kevin.tian@intel.com>
On 02/11/17 04:35, Tian, Kevin wrote: >> From: Sergey Dyasli [mailto:sergey.dyasli@citrix.com] >> Sent: Monday, October 23, 2017 5:33 PM >> >> Running "./xtf_runner vvmx" in L1 Xen under L0 Xen produces the >> following result on H/W with VMCS shadowing: >> >> Test: vmxon >> Failure in test_vmxon_in_root_cpl0() >> Expected 0x8200000f: VMfailValid(15) VMXON_IN_ROOT >> Got 0x82004400: VMfailValid(17408) <unknown> >> Test result: FAILURE >> >> This happens because SDM allows vmentries with enabled VMCS >> shadowing >> VM-execution control and VMCS link pointer value of ~0ull. But results >> of a nested VMREAD are undefined in such cases. >> >> Fix this by not copying the value of VMCS shadowing control from vmcs01 >> to vmcs02. >> >> Signed-off-by: Sergey Dyasli <sergey.dyasli@citrix.com> > Acked-by: Kevin Tian <kevin.tian@intel.com> Pulled into x86-next ~Andrew
diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c index dde02c076b..013d049f8a 100644 --- a/xen/arch/x86/hvm/vmx/vvmx.c +++ b/xen/arch/x86/hvm/vmx/vvmx.c @@ -633,6 +633,7 @@ void nvmx_update_secondary_exec_control(struct vcpu *v, SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY; host_cntrl &= ~apicv_bit; + host_cntrl &= ~SECONDARY_EXEC_ENABLE_VMCS_SHADOWING; shadow_cntrl = get_vvmcs(v, SECONDARY_VM_EXEC_CONTROL); /* No vAPIC-v support, so it shouldn't be set in vmcs12. */
Running "./xtf_runner vvmx" in L1 Xen under L0 Xen produces the following result on H/W with VMCS shadowing: Test: vmxon Failure in test_vmxon_in_root_cpl0() Expected 0x8200000f: VMfailValid(15) VMXON_IN_ROOT Got 0x82004400: VMfailValid(17408) <unknown> Test result: FAILURE This happens because SDM allows vmentries with enabled VMCS shadowing VM-execution control and VMCS link pointer value of ~0ull. But results of a nested VMREAD are undefined in such cases. Fix this by not copying the value of VMCS shadowing control from vmcs01 to vmcs02. Signed-off-by: Sergey Dyasli <sergey.dyasli@citrix.com> --- xen/arch/x86/hvm/vmx/vvmx.c | 1 + 1 file changed, 1 insertion(+)