KVM: SVM: Don't sync nested cr8 to lapic and back

This patch makes syncing of the guest tpr to the lapic conditional on !nested. Otherwise a nested guest using the TPR could freeze the guest. Another important change this patch introduces is that the cr8 intercept bits are no longer ORed at vmrun emulation if the guest sets VINTR_MASKING in its VMCB. The reason is that nested cr8 accesses need alway be handled by the nested hypervisor because they change the shadow version of the tpr. Cc: stable@kernel.org Signed-off-by: Joerg Roedel <joerg.roedel@amd.com> Signed-off-by: Avi Kivity <avi@redhat.com>
author: Joerg Roedel <joerg.roedel@amd.com> 2010-02-19 10:23:06 -0500
committer: Avi Kivity <avi@redhat.com> 2010-04-25 05:34:22 -0400
commit: 88ab24adc7142506c8583ac36a34fa388300b750 (patch)
tree: a3501849792f4fb681d0ccb6dc4135e455b9b57e /arch/x86/kvm/svm.c
parent: 4c7da8cb43c09e71a405b5aeaa58a1dbac3c39e9 (diff)
1 files changed, 31 insertions, 15 deletions
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 4459c477af9..481bd0ee5f7 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -1832,21 +1832,6 @@ static bool nested_svm_vmrun(struct vcpu_svm *svm)
        svm->vmcb->save.dr6 = nested_vmcb->save.dr6;
        svm->vmcb->save.cpl = nested_vmcb->save.cpl;
-        /* We don't want a nested guest to be more powerful than the guest,
-           so all intercepts are ORed */
-        svm->vmcb->control.intercept_cr_read |=
-                nested_vmcb->control.intercept_cr_read;
-        svm->vmcb->control.intercept_cr_write |=
-                nested_vmcb->control.intercept_cr_write;
-        svm->vmcb->control.intercept_dr_read |=
-                nested_vmcb->control.intercept_dr_read;
-        svm->vmcb->control.intercept_dr_write |=
-                nested_vmcb->control.intercept_dr_write;
-        svm->vmcb->control.intercept_exceptions |=
-                nested_vmcb->control.intercept_exceptions;
-        svm->vmcb->control.intercept |= nested_vmcb->control.intercept;
        svm->nested.vmcb_msrpm = nested_vmcb->control.msrpm_base_pa;
        /* cache intercepts */
@@ -1864,6 +1849,28 @@ static bool nested_svm_vmrun(struct vcpu_svm *svm)
        else
                svm->vcpu.arch.hflags &= ~HF_VINTR_MASK;
+        if (svm->vcpu.arch.hflags & HF_VINTR_MASK) {
+                /* We only want the cr8 intercept bits of the guest */
+                svm->vmcb->control.intercept_cr_read &= ~INTERCEPT_CR8_MASK;
+                svm->vmcb->control.intercept_cr_write &= ~INTERCEPT_CR8_MASK;
+        }
+        /* We don't want a nested guest to be more powerful than the guest,
+           so all intercepts are ORed */
+        svm->vmcb->control.intercept_cr_read |=
+                nested_vmcb->control.intercept_cr_read;
+        svm->vmcb->control.intercept_cr_write |=
+                nested_vmcb->control.intercept_cr_write;
+        svm->vmcb->control.intercept_dr_read |=
+                nested_vmcb->control.intercept_dr_read;
+        svm->vmcb->control.intercept_dr_write |=
+                nested_vmcb->control.intercept_dr_write;
+        svm->vmcb->control.intercept_exceptions |=
+                nested_vmcb->control.intercept_exceptions;
+        svm->vmcb->control.intercept |= nested_vmcb->control.intercept;
+        svm->vmcb->control.lbr_ctl = nested_vmcb->control.lbr_ctl;
        svm->vmcb->control.int_vector = nested_vmcb->control.int_vector;
        svm->vmcb->control.int_state = nested_vmcb->control.int_state;
        svm->vmcb->control.tsc_offset += nested_vmcb->control.tsc_offset;
@@ -2526,6 +2533,9 @@ static void update_cr8_intercept(struct kvm_vcpu *vcpu, int tpr, int irr)
 {
        struct vcpu_svm *svm = to_svm(vcpu);
+        if (is_nested(svm) && (vcpu->arch.hflags & HF_VINTR_MASK))
+                return;
        if (irr == -1)
                return;
@@ -2629,6 +2639,9 @@ static inline void sync_cr8_to_lapic(struct kvm_vcpu *vcpu)
 {
        struct vcpu_svm *svm = to_svm(vcpu);
+        if (is_nested(svm) && (vcpu->arch.hflags & HF_VINTR_MASK))
+                return;
        if (!(svm->vmcb->control.intercept_cr_write & INTERCEPT_CR8_MASK)) {
                int cr8 = svm->vmcb->control.int_ctl & V_TPR_MASK;
                kvm_set_cr8(vcpu, cr8);
@@ -2640,6 +2653,9 @@ static inline void sync_lapic_to_cr8(struct kvm_vcpu *vcpu)
        struct vcpu_svm *svm = to_svm(vcpu);
        u64 cr8;
+        if (is_nested(svm) && (vcpu->arch.hflags & HF_VINTR_MASK))
+                return;
        cr8 = kvm_get_cr8(vcpu);
        svm->vmcb->control.int_ctl &= ~V_TPR_MASK;
        svm->vmcb->control.int_ctl |= cr8 & V_TPR_MASK;
author	Joerg Roedel <joerg.roedel@amd.com>	2010-02-19 10:23:06 -0500
committer	Avi Kivity <avi@redhat.com>	2010-04-25 05:34:22 -0400
commit	88ab24adc7142506c8583ac36a34fa388300b750 (patch)
tree	a3501849792f4fb681d0ccb6dc4135e455b9b57e /arch/x86/kvm/svm.c
parent	4c7da8cb43c09e71a405b5aeaa58a1dbac3c39e9 (diff)