On 24.08.2017 22:24, Jim Mattson wrote:
> According to the SDM, if the "use TPR shadow" VM-execution control is
> 1, bits 11:0 of the virtual-APIC address must be 0 and the address
> should set any bits beyond the processor's physical-address width.
>
> Signed-off-by: Jim Mattson <jmattson@xxxxxxxxxx>
> ---
> arch/x86/kvm/vmx.c | 15 +++++++++++++++
> 1 file changed, 15 insertions(+)
>
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index 19aa69af7c2d..abe8caf9756a 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -9915,6 +9915,18 @@ static int nested_vmx_check_msr_bitmap_controls(struct kvm_vcpu *vcpu,
> return 0;
> }
>
> +static int nested_vmx_check_tpr_shadow_controls(struct kvm_vcpu *vcpu,
> + struct vmcs12 *vmcs12)
> +{
> + if (!nested_cpu_has(vmcs12, CPU_BASED_TPR_SHADOW))
> + return 0;
> +
> + if (!page_address_valid(vcpu, vmcs12->virtual_apic_page_addr))
> + return -EINVAL;
> +
> + return 0;
> +}
> +
> /*
> * Merge L0's and L1's MSR bitmap, return false to indicate that
> * we do not use the hardware.
> @@ -10601,6 +10613,9 @@ static int check_vmentry_prereqs(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
> if (nested_vmx_check_msr_bitmap_controls(vcpu, vmcs12))
> return VMXERR_ENTRY_INVALID_CONTROL_FIELD;
>
> + if (nested_vmx_check_tpr_shadow_controls(vcpu, vmcs12))
> + return VMXERR_ENTRY_INVALID_CONTROL_FIELD;
> +
> if (nested_vmx_check_apicv_controls(vcpu, vmcs12))
> return VMXERR_ENTRY_INVALID_CONTROL_FIELD;
>
>
Should we also test for
If the “use TPR shadow” VM-execution control is 1 and the
“virtual-interrupt delivery” VM-execution control is
0, bits 31:4 of the TPR threshold VM-execution control field must be 0. 5
(I guess HW will implicitly check this for us?)
--
Thanks,
David
