According to section "Checks on VMX Controls" in Intel SDM vol 3C, the
following check needs to be enforced on vmentry of L2 guests:
If the “process posted interrupts” VM-execution control is 1, the
following must be true:
- The “virtual-interrupt delivery” VM-execution control is 1.
- The “acknowledge interrupt on exit” VM-exit control is 1.
- The posted-interrupt notification vector has a value in the
- range 0–255 (bits 15:8 are all 0).
- Bits 5:0 of the posted-interrupt descriptor address are all 0.
- The posted-interrupt descriptor address does not set any bits
beyond the processor's physical-address width.
The first patch adds the required check in KVM while the second one adds a
KVM unit test.
[PATCH 1/2] [KVM] nVMX x86: check posted-interrupt descriptor addresss on
[PATCH 2/2] [kvm-unit-test] nVMX x86: check posted-interrupt control on vmentry
arch/x86/kvm/vmx.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
Krish Sadhukhan (1):
nVMX x86: check posted-interrupt descriptor addresss on vmentry of L2
x86/vmx.h | 1 +
x86/vmx_tests.c | 174 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 175 insertions(+)
Krish Sadhukhan (2):
nVMX x86: "external-interrupt exiting” must be set if "virtual-interrupt delivery” is set
nVMX x86: check posted-interrupt control on vmentry of L2
