On Thu, Jul 14, 2022, Vitaly Kuznetsov wrote: > diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h > index 286c88e285ea..89eaab3495a6 100644 > --- a/arch/x86/kvm/vmx/vmx.h > +++ b/arch/x86/kvm/vmx/vmx.h > @@ -467,6 +467,113 @@ static inline u8 vmx_get_rvi(void) > return vmcs_read16(GUEST_INTR_STATUS) & 0xff; > } > > +#define __KVM_REQ_VMX_VM_ENTRY_CONTROLS \ > + (VM_ENTRY_LOAD_DEBUG_CONTROLS) > +#ifdef CONFIG_X86_64 > + #define KVM_REQ_VMX_VM_ENTRY_CONTROLS \ > + (__KVM_REQ_VMX_VM_ENTRY_CONTROLS | \ > + VM_ENTRY_IA32E_MODE) This breaks 32-bit builds, but at least we know the assert works! vmx_set_efer() toggles VM_ENTRY_IA32E_MODE without a CONFIG_X86_64 guard. That should be easy enough to fix since KVM should never allow EFER_LMA. Compile tested patch at the bottom. More problematic is that clang-13 doesn't like the new asserts, and even worse gives a very cryptic error. I don't have bandwidth to look into this at the moment, and probably won't next week either. ERROR: modpost: "__compiletime_assert_533" [arch/x86/kvm/kvm-intel.ko] undefined! ERROR: modpost: "__compiletime_assert_531" [arch/x86/kvm/kvm-intel.ko] undefined! ERROR: modpost: "__compiletime_assert_532" [arch/x86/kvm/kvm-intel.ko] undefined! ERROR: modpost: "__compiletime_assert_530" [arch/x86/kvm/kvm-intel.ko] undefined! make[2]: *** [scripts/Makefile.modpost:128: modules-only.symvers] Error 1 make[1]: *** [Makefile:1753: modules] Error 2 make[1]: *** Waiting for unfinished jobs.... > +#else > + #define KVM_REQ_VMX_VM_ENTRY_CONTROLS \ > + __KVM_REQ_VMX_VM_ENTRY_CONTROLS > +#endif EFER.LMA patch, compile tested only. --- From: Sean Christopherson <seanjc@xxxxxxxxxx> Date: Fri, 22 Jul 2022 18:26:21 +0000 Subject: [PATCH] KVM: VMX: Don't toggle VM_ENTRY_IA32E_MODE for 32-bit kernels/KVM Don't toggle VM_ENTRY_IA32E_MODE in 32-bit kernels/KVM and instead bug the VM if KVM attempts to run the guest with EFER.LMA=1. KVM doesn't support running 64-bit guests with 32-bit hosts. Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx> --- arch/x86/kvm/vmx/vmx.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index bff97babf381..8623607e596d 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -2894,10 +2894,15 @@ int vmx_set_efer(struct kvm_vcpu *vcpu, u64 efer) return 0; vcpu->arch.efer = efer; +#ifdef CONFIG_X86_64 if (efer & EFER_LMA) vm_entry_controls_setbit(vmx, VM_ENTRY_IA32E_MODE); else vm_entry_controls_clearbit(vmx, VM_ENTRY_IA32E_MODE); +#else + if (KVM_BUG_ON(efer & EFER_LMA, vcpu->kvm)) + return 1; +#endif vmx_setup_uret_msrs(vmx); return 0; base-commit: e22e2665637151a321433b2bb705f5c3b8da40bc --
