On Mon, Nov 07, 2022 at 06:20:23PM +0100, Paolo Bonzini wrote: > On 11/7/22 09:27, Yu Zhang wrote: > > VMFUNC is not supported for L1 guests, and executing VMFUNC in > > L1 shall generate a #UD directly. Just disable it in secondary > > proc-based execution control for L1, instead of intercepting it > > and inject the #UD again. > > > > Signed-off-by: Yu Zhang<yu.c.zhang@xxxxxxxxxxxxxxx> > > Is this for TDX or similar? The reason for a patch should be mentioned in > the commit message. Thanks for your quick reply, Paolo. It is not a new feature. Just a clean up for VMFUNC, which is not supported by KVM for L1 guest. According to Intel SDM 25.5.6.2 - "General Operation of the VMFUNC Instruction", The VMFUNC instruction causes an invalid-opcode exception (#UD) if the “enable VM functions” VM-execution controls is 0 or the value of EAX is greater than 63 (only VM functions 0–63 can be enable). Otherwise, the instruction causes a VM exit if the bit at position EAX is 0 in the VM-function controls (the selected VM function is not enabled) And since KVM only provides emulation of VMFUNC for nested guests, it is uncessary for KVM to intercept it and reinject a #UD. So just disable VMFUNC in VM-execution control for L1 guests. But please feel free to educate me if I missed some backgrounds about why this is enabled in the first place. Thanks! B.R. Yu
