According to the sub-section titled 'VM-Execution Control Fields' in the
section titled 'Basic VM-Entry Checks' in Intel SDM vol. 3C, the following
vmentry check must be enforced:
If the “virtualize APIC-accesses” VM-execution control is 1, the
APIC-access address must satisfy the following checks:
- Bits 11:0 of the address must be 0.
- The address should not set any bits beyond the processor’s
physical-address width.
This patch adds,
i) the necessary KVM check to enforce the rule
ii) a unit test to validate the rule
[PATCH nVMX 1/2] x86: Add check for APIC access address for vmentry of L2
[PATCH nVMX TEST 2/2] x86: Add test for checking APIC-access page on vmentry of L2
arch/x86/kvm/vmx.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
Krish Sadhukhan (1):
x86: Add check for APIC access address for vmentry of L2 guests
x86/vmx_tests.c | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++---------
1 file changed, 50 insertions(+), 9 deletions(-)
Krish Sadhukhan (1):
x86: Add test for checking APIC-access page on vmentry of L2 guests
