On Wed, Sep 19, 2018 at 2:00 PM, Jim Mattson <jmattson@xxxxxxxxxx> wrote: > On Tue, Aug 28, 2018 at 9:04 AM, Sean Christopherson > <sean.j.christopherson@xxxxxxxxx> wrote: >> Write VM_EXIT_CONTROLS using vm_exit_controls_init() when configuring >> vmcs02, otherwise vm_exit_controls_shadow will be stale. EFER in >> particular can be corrupted if VM_EXIT_LOAD_IA32_EFER is not updated >> due to an incorrect shadow optimization, which can crash L0 due to >> EFER not being loaded on exit. This does not occur with the current >> code base simply because update_transition_efer() unconditionally >> clears VM_EXIT_LOAD_IA32_EFER before conditionally setting it, and >> because a nested guest always starts with VM_EXIT_LOAD_IA32_EFER >> clear, i.e. we'll only ever unnecessarily clear the bit. That is, >> until someone optimizes update_transition_efer()... >> >> Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx> > > Doesn't this also imply that we need a vm_exit_controls_init() when > returning to vmcs01, or vm_exit_controls_shadow will be stale after an > emulated VM-exit? Ah, vm_exit_controls_reset_shadow() does it. Okay. Reviewed-by: Jim Mattson <jmattson@xxxxxxxxxx>
