On 6/14/22 17:13, Anirudh Rayabharam wrote:
Sanitize at the end might not work because I see some cases in
nested_vmx_setup_ctls_msrs() where we want to expose some things to L1
even though the hardware doesn't support it.
Yes, but these will never include eVMCS-unsupported features.
How are you so sure?
For example, SECONDARY_EXEC_SHADOW_VMCS is unsupported in eVMCS but in
nested_vmx_setup_ctls_msrs() we do:
6675 /*
6676 * We can emulate "VMCS shadowing," even if the hardware
6677 * doesn't support it.
6678 */
6679 msrs->secondary_ctls_high |=
6680 SECONDARY_EXEC_SHADOW_VMCS;
If we sanitize this out it might cause some regression right?
Yes, you're right, shadow VMCS is special: it is not supported by
enlightened VMCS, but it is emulated rather than virtualized.
Therefore, if L1 does not use the enlightened VMCS, it can indeed use
shadow VMCS.
Paolo