Set the LOADIWkey VM-exit bit in nested vmx ctrl MSR, and
let L1 intercept L2's LOADIWKEY VM-Exit.
Signed-off-by: Robert Hoo <robert.hu@xxxxxxxxxxxxxxx>
---
arch/x86/kvm/vmx/nested.c | 5 ++++-
arch/x86/kvm/vmx/nested.h | 7 +++++++
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index de36129..5a6b04d 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -5927,6 +5927,9 @@ static bool nested_vmx_l1_wants_exit(struct kvm_vcpu *vcpu, u32 exit_reason)
case EXIT_REASON_TPAUSE:
return nested_cpu_has2(vmcs12,
SECONDARY_EXEC_ENABLE_USR_WAIT_PAUSE);
+ case EXIT_REASON_LOADIWKEY:
+ return nested_cpu_has3(vmcs12,
+ TERTIARY_EXEC_LOADIWKEY_EXITING);
default:
return true;
}
@@ -6441,7 +6444,7 @@ void nested_vmx_setup_ctls_msrs(struct nested_vmx_msrs *msrs, u32 ept_caps)
if (msrs->procbased_ctls_high & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS)
rdmsrl(MSR_IA32_VMX_PROCBASED_CTLS3,
msrs->tertiary_ctls);
- msrs->tertiary_ctls &= ~TERTIARY_EXEC_LOADIWKEY_EXITING;
+ msrs->tertiary_ctls &= TERTIARY_EXEC_LOADIWKEY_EXITING;
/*
* We can emulate "VMCS shadowing," even if the hardware
* doesn't support it.
diff --git a/arch/x86/kvm/vmx/nested.h b/arch/x86/kvm/vmx/nested.h
index 197148d..3dda114 100644
--- a/arch/x86/kvm/vmx/nested.h
+++ b/arch/x86/kvm/vmx/nested.h
@@ -145,6 +145,13 @@ static inline bool nested_cpu_has2(struct vmcs12 *vmcs12, u32 bit)
(vmcs12->secondary_vm_exec_control & bit);
}
+static inline bool nested_cpu_has3(struct vmcs12 *vmcs12, u32 bit)
+{
+ return (vmcs12->cpu_based_vm_exec_control &
+ CPU_BASED_ACTIVATE_TERTIARY_CONTROLS) &&
+ (vmcs12->tertiary_vm_exec_control & bit);
+}
+
static inline bool nested_cpu_has_preemption_timer(struct vmcs12 *vmcs12)
{
return vmcs12->pin_based_vm_exec_control &
--
1.8.3.1
