KVM: nVMX: Allow to disable CR3 access interception

We already have this control enabled by exposing a broken MSR_IA32_VMX_PROCBASED_CTLS value. This will properly advertise our capability once the value is fixed by clearing the right bits in MSR_IA32_VMX_TRUE_PROCBASED_CTLS. We also have to ensure to test the right value on L2 entry. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
author: Jan Kiszka <jan.kiszka@siemens.com> 2014-06-16 07:59:41 -0400
committer: Paolo Bonzini <pbonzini@redhat.com> 2014-06-19 06:52:12 -0400
commit: 3dcdf3ec6e48d918741ea11349d4436d0c5aac93 (patch)
tree: 47595f1b874e4ac9b79ce8500e5f105226dc0f97 /arch/x86/kvm/vmx.c
parent: 3dbcd8da7b564194f93271b003a1c46ef404cbdb (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 31379faf952e..e55e404b5dba 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -2239,6 +2239,7 @@ static inline bool nested_vmx_allowed(struct kvm_vcpu *vcpu)
 * or other means.
 */
 static u32 nested_vmx_procbased_ctls_low, nested_vmx_procbased_ctls_high;
+static u32 nested_vmx_true_procbased_ctls_low;
 static u32 nested_vmx_secondary_ctls_low, nested_vmx_secondary_ctls_high;
 static u32 nested_vmx_pinbased_ctls_low, nested_vmx_pinbased_ctls_high;
 static u32 nested_vmx_exit_ctls_low, nested_vmx_exit_ctls_high;
@@ -2328,6 +2329,10 @@ static __init void nested_vmx_setup_ctls_msrs(void)
         */
        nested_vmx_procbased_ctls_high |= CPU_BASED_USE_MSR_BITMAPS;
+        /* We support free control of CR3 access interception. */
+        nested_vmx_true_procbased_ctls_low = nested_vmx_procbased_ctls_low &
+                ~(CPU_BASED_CR3_LOAD_EXITING | CPU_BASED_CR3_STORE_EXITING);
        /* secondary cpu-based controls */
        rdmsr(MSR_IA32_VMX_PROCBASED_CTLS2,
                nested_vmx_secondary_ctls_low, nested_vmx_secondary_ctls_high);
@@ -2395,6 +2400,9 @@ static int vmx_get_vmx_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 *pdata)
                                        nested_vmx_pinbased_ctls_high);
                break;
        case MSR_IA32_VMX_TRUE_PROCBASED_CTLS:
+                *pdata = vmx_control_msr(nested_vmx_true_procbased_ctls_low,
+                                        nested_vmx_procbased_ctls_high);
+                break;
        case MSR_IA32_VMX_PROCBASED_CTLS:
                *pdata = vmx_control_msr(nested_vmx_procbased_ctls_low,
                                        nested_vmx_procbased_ctls_high);
@@ -8127,7 +8135,8 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch)
        }
        if (!vmx_control_verify(vmcs12->cpu_based_vm_exec_control,
-              nested_vmx_procbased_ctls_low, nested_vmx_procbased_ctls_high) ||
+                                nested_vmx_true_procbased_ctls_low,
+                                nested_vmx_procbased_ctls_high) ||
            !vmx_control_verify(vmcs12->secondary_vm_exec_control,
              nested_vmx_secondary_ctls_low, nested_vmx_secondary_ctls_high) ||
            !vmx_control_verify(vmcs12->pin_based_vm_exec_control,
author	Jan Kiszka <jan.kiszka@siemens.com>	2014-06-16 07:59:41 -0400
committer	Paolo Bonzini <pbonzini@redhat.com>	2014-06-19 06:52:12 -0400
commit	3dcdf3ec6e48d918741ea11349d4436d0c5aac93 (patch)
tree	47595f1b874e4ac9b79ce8500e5f105226dc0f97 /arch/x86/kvm/vmx.c
parent	3dbcd8da7b564194f93271b003a1c46ef404cbdb (diff)