On 04/05/2017 20:51, Jim Mattson wrote: > According to the SDM, if the "activate secondary controls" primary > processor-based VM-execution control is 0, no checks are performed on > the secondary processor-based VM-execution controls. > > Signed-off-by: Jim Mattson <jmattson@xxxxxxxxxx> > --- > arch/x86/kvm/vmx.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c > index b2daee0bfb35..9142b31ae9d2 100644 > --- a/arch/x86/kvm/vmx.c > +++ b/arch/x86/kvm/vmx.c > @@ -10314,9 +10314,10 @@ static int check_vmentry_prereqs(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12) > if (!vmx_control_verify(vmcs12->cpu_based_vm_exec_control, > vmx->nested.nested_vmx_procbased_ctls_low, > vmx->nested.nested_vmx_procbased_ctls_high) || > - !vmx_control_verify(vmcs12->secondary_vm_exec_control, > - vmx->nested.nested_vmx_secondary_ctls_low, > - vmx->nested.nested_vmx_secondary_ctls_high) || > + (nested_cpu_has(vmcs12, CPU_BASED_ACTIVATE_SECONDARY_CONTROLS) && > + !vmx_control_verify(vmcs12->secondary_vm_exec_control, > + vmx->nested.nested_vmx_secondary_ctls_low, > + vmx->nested.nested_vmx_secondary_ctls_high)) || > !vmx_control_verify(vmcs12->pin_based_vm_exec_control, > vmx->nested.nested_vmx_pinbased_ctls_low, > vmx->nested.nested_vmx_pinbased_ctls_high) || > Applied to kvm/queue, thanks. Paolo
