Sean Christopherson <seanjc@xxxxxxxxxx> 于2023年3月16日周四 00:36写道:
> > Sorry I don't follow you.
> > My point is that, given it has passed kvm_is_valid_cr4() (in kvm_set_cr4()),
> > we can assert boot_cpu_has(X86_FEATURE_UMIP) and vmx_umip_emulated() must be
> > at least one true.
>
> This assertion is wrong for the case where guest.CR4.UMIP=0. The below code is
> not guarded with a check on guest.CR4.UMIP. If the vmx_umip_emulated() check goes
> away and guest.CR4.UMIP=0, KVM will attempt to write secondary controls.
>
Sorry still don't follow you. Do you mean in nested case? the "guest"
above is L1?
> Technically, now that controls_shadow exists, KVM won't actually do a VMWRITE,
> but I most definitely don't want to rely on controls_shadow for functional
> correctness. And controls_shadow aside, the "vmx_umip_emulated()" effectively
> serves as documentation for why KVM is mucking with UMIP when it's obviously not
> supported in hardware.
>
> if (!boot_cpu_has(X86_FEATURE_UMIP) && vmx_umip_emulated()) {
> if (cr4 & X86_CR4_UMIP) {
> secondary_exec_controls_setbit(vmx, SECONDARY_EXEC_DESC);
> hw_cr4 &= ~X86_CR4_UMIP;
> } else if (!is_guest_mode(vcpu) ||
> !nested_cpu_has2(get_vmcs12(vcpu), SECONDARY_EXEC_DESC)) {
> secondary_exec_controls_clearbit(vmx, SECONDARY_EXEC_DESC);
> }
> }
