nVMX x86: Check VPID value on vmentry of L2 guests
authorKrish Sadhukhan <krish.sadhukhan@oracle.com>
Tue, 4 Sep 2018 18:42:58 +0000 (14:42 -0400)
committerPaolo Bonzini <pbonzini@redhat.com>
Wed, 19 Sep 2018 22:51:45 +0000 (00:51 +0200)
According to section "Checks on VMX Controls" in Intel SDM vol 3C, the
following check needs to be enforced on vmentry of L2 guests:

    If the 'enable VPID' VM-execution control is 1, the value of the
    of the VPID VM-execution control field must not be 0000H.

Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Reviewed-by: Mark Kanda <mark.kanda@oracle.com>
Reviewed-by: Liran Alon <liran.alon@oracle.com>
Reviewed-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
arch/x86/kvm/vmx.c

index 581bdbd9844b4b448ab1c7040b85b19a21055146..06412ba46aa36eaca6cd1f111a6b8df6d795d969 100644 (file)
@@ -12373,6 +12373,9 @@ static int check_vmentry_prereqs(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
            vmcs12->guest_activity_state != GUEST_ACTIVITY_HLT)
                return VMXERR_ENTRY_INVALID_CONTROL_FIELD;
 
+       if (nested_cpu_has_vpid(vmcs12) && !vmcs12->virtual_processor_id)
+               return VMXERR_ENTRY_INVALID_CONTROL_FIELD;
+
        if (nested_vmx_check_io_bitmap_controls(vcpu, vmcs12))
                return VMXERR_ENTRY_INVALID_CONTROL_FIELD;