Looks very good to me now. :) > /* > @@ -7820,6 +7834,88 @@ static int handle_preemption_timer(struct kvm_vcpu *vcpu) > return 1; > } > > +static bool valid_ept_address(struct kvm_vcpu *vcpu, u64 address) > +{ > + struct vcpu_vmx *vmx = to_vmx(vcpu); > + u64 mask = address & 0x7; > + int maxphyaddr = cpuid_maxphyaddr(vcpu); > + > + /* Check for memory type validity */ > + switch (mask) { > + case 0: > + if (!(vmx->nested.nested_vmx_ept_caps & VMX_EPTP_UC_BIT)) > + return false; > + break; > + case 6: > + if (!(vmx->nested.nested_vmx_ept_caps & VMX_EPTP_WB_BIT)) > + return false; > + break; KVM always sets 6 without checking. But there is also a TODO left in construct_eptp(). But we could hit this case probably only in very strange environments (e.g. revoking it for our L1, so it cannot use WB memory for L2). So we should be safe by requiring WB for now. >From 0ac06e7242d25ba1b66e4e6e2b20dbfa21ba4308 Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david@xxxxxxxxxx> Date: Fri, 4 Aug 2017 16:40:32 +0200 Subject: [PATCH v1] KVM: VMX: require EPT WB (Write Back) memory type support Signed-off-by: David Hildenbrand <david@xxxxxxxxxx> --- arch/x86/kvm/vmx.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 78c66a7..a2f8475 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -1192,6 +1192,11 @@ static inline bool cpu_has_vmx_ept_4levels(void) return vmx_capability.ept & VMX_EPT_PAGE_WALK_4_BIT; } +static inline bool cpu_has_vmx_ept_wb_bit(void) +{ + return vmx_capability.ept & VMX_EPTP_WB_BIT; +} + static inline bool cpu_has_vmx_ept_ad_bits(void) { return vmx_capability.ept & VMX_EPT_AD_BIT; @@ -4260,7 +4265,6 @@ static u64 construct_eptp(struct kvm_vcpu *vcpu, unsigned long root_hpa) { u64 eptp; - /* TODO write the value reading from MSR */ eptp = VMX_EPT_DEFAULT_MT | VMX_EPT_DEFAULT_GAW << VMX_EPT_GAW_EPTP_SHIFT; if (enable_ept_ad_bits && @@ -6579,7 +6583,8 @@ static __init int hardware_setup(void) init_vmcs_shadow_fields(); if (!cpu_has_vmx_ept() || - !cpu_has_vmx_ept_4levels()) { + !cpu_has_vmx_ept_4levels() || + !cpu_has_vmx_ept_wb_bit()) { enable_ept = 0; enable_unrestricted_guest = 0; enable_ept_ad_bits = 0; -- 2.9.4 -- Thanks, David