On Thu, Sep 13, 2018 at 03:43:19PM +0300, Liran Alon wrote:
> L2 IA32_BNDCFGS should be updated with vmcs12->guest_bndcfgs only
> when VM_ENTRY_LOAD_BNDCFGS is specified in vmcs12->vm_entry_controls.
>
> Otherwise, L2 IA32_BNDCFGS should be set to vmcs01->guest_bndcfgs which
> is L1 IA32_BNDCFGS.
>
> Reviewed-by: Nikita Leshchenko <nikita.leshchenko@xxxxxxxxxx>
> Reviewed-by: Darren Kenny <darren.kenny@xxxxxxxxxx>
> Signed-off-by: Liran Alon <liran.alon@xxxxxxxxxx>
> ---
> arch/x86/kvm/vmx.c | 12 ++++++++++--
> 1 file changed, 10 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index 6a82e603f2c5..3259775814d0 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -856,6 +856,7 @@ struct nested_vmx {
>
> /* to migrate it to L2 if VM_ENTRY_LOAD_DEBUG_CONTROLS is off */
> u64 vmcs01_debugctl;
> + u64 vmcs01_guest_bndcfgs;
>
> u16 vpid02;
> u16 last_vpid;
> @@ -12028,8 +12029,13 @@ static void prepare_vmcs02_full(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
>
> set_cr4_guest_host_mask(vmx);
>
> - if (vmx_mpx_supported())
> - vmcs_write64(GUEST_BNDCFGS, vmcs12->guest_bndcfgs);
> + if (vmx_mpx_supported()) {
> + if (vmx->nested.nested_run_pending &&
> + (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS))
> + vmcs_write64(GUEST_BNDCFGS, vmcs12->guest_bndcfgs);
> + else
> + vmcs_write64(GUEST_BNDCFGS, vmx->nested.vmcs01_guest_bndcfgs);
> + }
>
> if (enable_vpid) {
> u16 vmcs02_vpid;
> @@ -12597,6 +12603,8 @@ static int enter_vmx_non_root_mode(struct kvm_vcpu *vcpu, u32 *exit_qual)
>
> if (!(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_DEBUG_CONTROLS))
> vmx->nested.vmcs01_debugctl = vmcs_read64(GUEST_IA32_DEBUGCTL);
> + if (!(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS))
> + vmx->nested.vmcs01_guest_bndcfgs = vmcs_read64(GUEST_BNDCFGS);
This needs to be wrapped with vmx_mpx_supported() else you'll VMREAD a
non-existent field.
>
> vmx_switch_vmcs(vcpu, &vmx->nested.vmcs02);
> vmx_segment_cache_clear(vmx);
> --
> 2.16.1
>
