On 14/09/2018 02:38, Liran Alon wrote:
> Kernel commit 8fcc4b5923af ("kvm: nVMX: Introduce KVM_CAP_NESTED_STATE")
> introduced new IOCTLs to extract and restore KVM internal state used to
> run a VM that is in VMX operation.
>
> Utilize these IOCTLs to add support of migration of VMs which are
> running nested hypervisors.
>
> Reviewed-by: Nikita Leshchenko <nikita.leshchenko@xxxxxxxxxx>
> Reviewed-by: Patrick Colp <patrick.colp@xxxxxxxxxx>
> Signed-off-by: Liran Alon <liran.alon@xxxxxxxxxx>
Heh, I was going to send a similar patch. However, things are a bit
more complex for two reason.
First, I'd prefer to reuse the hflags and hflags2 fields that we already
have, and only store the VMCS blob in the subsection. For example,
HF_SVMI_MASK is really the same as HF_GUEST_MASK in KVM source code and
KVM_STATE_NESTED_GUEST_MODE in the nested virt state.
More important, this:
>
> +static int nested_state_post_load(void *opaque, int version_id)
> +{
> + X86CPU *cpu = opaque;
> + CPUX86State *env = &cpu->env;
> +
> + /*
> + * Verify that the size specified in given struct is set
> + * to no more than the size that our kernel support
> + */
> + if (env->nested_state->size > env->nested_state_len) {
> + return -EINVAL;
> + }
> +
> + return 0;
> +}
> +
> +static bool nested_state_needed(void *opaque)
doesn't work if nested_state_len differs between source and destination,
and could overflow the nested_state buffer if nested_state_len is larger
on the source.
I'll send my version today or next Monday.
Thanks,
Paolo
