Re: [PATCH 1/3] KVM: nVMX: include conditional controls in /dev/kvm KVM_GET_MSRS

Liran Alon <liran.alon@xxxxxxxxxx> · Tue, 2 Jul 2019 18:17:33 +0300



> On 2 Jul 2019, at 18:04, Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote:
> 
> Some secondary controls are automatically enabled/disabled based on the CPUID
> values that are set for the guest.  However, they are still available at a
> global level and therefore should be present when KVM_GET_MSRS is sent to
> /dev/kvm.
> 
> Fixes: 1389309c811 ("KVM: nVMX: expose VMX capabilities for nested hypervisors to userspace", 2018-02-26)
> Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

Reviewed-by: Liran Alon <liran.alon@xxxxxxxxxx>

> ---
> arch/x86/kvm/vmx/nested.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
> index 990e543f4531..c4e29ef0b21e 100644
> --- a/arch/x86/kvm/vmx/nested.c
> +++ b/arch/x86/kvm/vmx/nested.c
> @@ -5750,10 +5750,15 @@ void nested_vmx_setup_ctls_msrs(struct nested_vmx_msrs *msrs, u32 ept_caps,
> 	msrs->secondary_ctls_low = 0;
> 	msrs->secondary_ctls_high &=
> 		SECONDARY_EXEC_DESC |
> +		SECONDARY_EXEC_RDTSCP |
> 		SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
> +		SECONDARY_EXEC_WBINVD_EXITING |
> 		SECONDARY_EXEC_APIC_REGISTER_VIRT |
> 		SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY |
> -		SECONDARY_EXEC_WBINVD_EXITING;
> +		SECONDARY_EXEC_RDRAND_EXITING |
> +		SECONDARY_EXEC_ENABLE_INVPCID |
> +		SECONDARY_EXEC_RDSEED_EXITING |
> +		SECONDARY_EXEC_XSAVES;
> 
> 	/*
> 	 * We can emulate "VMCS shadowing," even if the hardware
> -- 
> 1.8.3.1
> 
>