From: Ladi Prosek <lprosek@xxxxxxxxxx> Per Hyper-V TLFS 5.0b: "The L1 hypervisor may choose to use enlightened VMCSs by writing 1 to the corresponding field in the VP assist page (see section 7.8.7). Another field in the VP assist page controls the currently active enlightened VMCS. Each enlightened VMCS is exactly one page (4 KB) in size and must be initially zeroed. No VMPTRLD instruction must be executed to make an enlightened VMCS active or current. After the L1 hypervisor performs a VM entry with an enlightened VMCS, the VMCS is considered active on the processor. An enlightened VMCS can only be active on a single processor at the same time. The L1 hypervisor can execute a VMCLEAR instruction to transition an enlightened VMCS from the active to the non-active state. Any VMREAD or VMWRITE instructions while an enlightened VMCS is active is unsupported and can result in unexpected behavior." Note that we choose to not modify our VMREAD, VMWRITE, and VMPTRLD handlers. They will not cause any explicit failure but may not have the intended effect. Signed-off-by: Ladi Prosek <lprosek@xxxxxxxxxx> Signed-off-by: Vitaly Kuznetsov <vkuznets@xxxxxxxxxx> --- arch/x86/kvm/vmx.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 00b4a362351d..f7f6f7d18ade 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -20,6 +20,7 @@ #include "mmu.h" #include "cpuid.h" #include "lapic.h" +#include "hyperv.h" #include <linux/kvm_host.h> #include <linux/module.h> @@ -7935,6 +7936,30 @@ static int handle_vmptrld(struct kvm_vcpu *vcpu) return kvm_skip_emulated_instruction(vcpu); } +static int nested_vmx_handle_enlightened_vmptrld(struct kvm_vcpu *vcpu) +{ + struct vcpu_vmx *vmx = to_vmx(vcpu); + struct hv_vp_assist_page assist_page; + + if (!vmx->nested.enlightened_vmcs_enabled) + return 1; + + vmx->nested.enlightened_vmcs_active = + kvm_hv_get_assist_page(vcpu, &assist_page) && + assist_page.enlighten_vmentry; + + if (vmx->nested.enlightened_vmcs_active && + assist_page.current_nested_vmcs != vmx->nested.current_vmptr) { + /* + * This is an equivalent of the nested hypervisor executing + * the vmptrld instruction. + */ + set_current_vmptr(vmx, assist_page.current_nested_vmcs); + copy_enlightened_to_vmcs12(vmx); + } + return 1; +} + /* Emulate the VMPTRST instruction */ static int handle_vmptrst(struct kvm_vcpu *vcpu) { @@ -11045,6 +11070,9 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch) if (!nested_vmx_check_permission(vcpu)) return 1; + if (!nested_vmx_handle_enlightened_vmptrld(vcpu)) + return 1; + if (!nested_vmx_check_vmcs12(vcpu)) goto out; -- 2.14.3