> > +static inline bool nested_cpu_has_monitor_trap_flag(struct kvm_vcpu *vcpu)
> > +{
> > + return to_vmx(vcpu)->nested.msrs.procbased_ctls_low &
>
> We should be looking at the _high bits of the MSR.
> (_low bits say if it must be enabled, _high if it can.)
Good catch. From the SDM:
value 7 (other event) is reserved on logical processors that **do not
support** the 1-setting of the “monitor trap flag” VM-execution
control.
>
> > + CPU_BASED_MONITOR_TRAP_FLAG;
> > +}
> > +
> > diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
> > @@ -110,6 +110,20 @@ static inline bool is_la57_mode(struct kvm_vcpu *vcpu)
> > #endif
> > }
> >
> > +/*
> > + * vector: x86 exception number; often called nr
> > + * protected_mode: true if !unrestricted-guest || protected mode
> > + */
> > +static inline bool x86_exception_has_error_code(unsigned int vector,
> > + bool protected_mode)
> > +{
> > + static u32 exception_has_error_code = BIT(DF_VECTOR) | BIT(TS_VECTOR) |
> > + BIT(NP_VECTOR) | BIT(SS_VECTOR) | BIT(GP_VECTOR) |
> > + BIT(PF_VECTOR) | BIT(AC_VECTOR);
> > +
> > + return protected_mode && ((1U << vector) & exception_has_error_code);
>
> This implies that exceptions only have an error code in protected mode.
> I think that moving protected_mode check to the condition in
> check_vmentry_prereqs would be better.
>
> I can change that while applying if you agree,
Yes, let's make the change you're suggesting. Krish suggested the same
change in his review. I can make the change as I need to incorporate
you previous comment anyway.
