On 26/01/21 09:18, Wei Huang wrote:
Under the case of nested on nested (L0->L1->L2->L3), #GP triggered by SVM instructions can be hided from L1. Instead the hypervisor can inject the proper #VMEXIT to inform L1 of what is happening. Thus L1 can avoid invoking the #GP workaround. For this reason we turns on guest VM's X86_FEATURE_SVME_ADDR_CHK bit for KVM running inside VM to receive the notification and change behavior.
Slightly reworked commit message: KVM: SVM: Fix #GP handling for doubly-nested virtualization Under the case of nested on nested (L0, L1, L2 are all hypervisors), #GP triggered by SVM instructions can be hidden from L1. Because we do not support emulation of the vVMLOAD/VMSAVE feature, the L0 hypervisor can inject the proper #VMEXIT to inform L1 of what is happening and L1 can avoid invoking the #GP workaround. Thanks, Paolo
