kvm: nVMX: Split VMCS checks from nested_vmx_run()
The checks performed on the contents of the vmcs12 are extracted from nested_vmx_run so that they can be used to validate a vmcs12 that has been restored from a checkpoint. Signed-off-by: Jim Mattson <jmattson@google.com> [Change prepare_vmcs02 and nested_vmx_load_cr3's last argument to u32, to match check_vmentry_postreqs. Update comments for singlestep handling. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
parent
6beb7bd52e
commit
ca0bde28f2
|
@ -10035,7 +10035,7 @@ static bool nested_cr3_valid(struct kvm_vcpu *vcpu, unsigned long val)
|
||||||
* is assigned to entry_failure_code on failure.
|
* is assigned to entry_failure_code on failure.
|
||||||
*/
|
*/
|
||||||
static int nested_vmx_load_cr3(struct kvm_vcpu *vcpu, unsigned long cr3, bool nested_ept,
|
static int nested_vmx_load_cr3(struct kvm_vcpu *vcpu, unsigned long cr3, bool nested_ept,
|
||||||
unsigned long *entry_failure_code)
|
u32 *entry_failure_code)
|
||||||
{
|
{
|
||||||
if (cr3 != kvm_read_cr3(vcpu) || (!nested_ept && pdptrs_changed(vcpu))) {
|
if (cr3 != kvm_read_cr3(vcpu) || (!nested_ept && pdptrs_changed(vcpu))) {
|
||||||
if (!nested_cr3_valid(vcpu, cr3)) {
|
if (!nested_cr3_valid(vcpu, cr3)) {
|
||||||
|
@ -10075,7 +10075,7 @@ static int nested_vmx_load_cr3(struct kvm_vcpu *vcpu, unsigned long cr3, bool ne
|
||||||
* is assigned to entry_failure_code on failure.
|
* is assigned to entry_failure_code on failure.
|
||||||
*/
|
*/
|
||||||
static int prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12,
|
static int prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12,
|
||||||
bool from_vmentry, unsigned long *entry_failure_code)
|
bool from_vmentry, u32 *entry_failure_code)
|
||||||
{
|
{
|
||||||
struct vcpu_vmx *vmx = to_vmx(vcpu);
|
struct vcpu_vmx *vmx = to_vmx(vcpu);
|
||||||
u32 exec_control;
|
u32 exec_control;
|
||||||
|
@ -10411,6 +10411,102 @@ static int prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12,
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int check_vmentry_prereqs(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
|
||||||
|
{
|
||||||
|
struct vcpu_vmx *vmx = to_vmx(vcpu);
|
||||||
|
|
||||||
|
if (vmcs12->guest_activity_state != GUEST_ACTIVITY_ACTIVE &&
|
||||||
|
vmcs12->guest_activity_state != GUEST_ACTIVITY_HLT)
|
||||||
|
return VMXERR_ENTRY_INVALID_CONTROL_FIELD;
|
||||||
|
|
||||||
|
if (nested_vmx_check_msr_bitmap_controls(vcpu, vmcs12))
|
||||||
|
return VMXERR_ENTRY_INVALID_CONTROL_FIELD;
|
||||||
|
|
||||||
|
if (nested_vmx_check_apicv_controls(vcpu, vmcs12))
|
||||||
|
return VMXERR_ENTRY_INVALID_CONTROL_FIELD;
|
||||||
|
|
||||||
|
if (nested_vmx_check_msr_switch_controls(vcpu, vmcs12))
|
||||||
|
return VMXERR_ENTRY_INVALID_CONTROL_FIELD;
|
||||||
|
|
||||||
|
if (!vmx_control_verify(vmcs12->cpu_based_vm_exec_control,
|
||||||
|
vmx->nested.nested_vmx_procbased_ctls_low,
|
||||||
|
vmx->nested.nested_vmx_procbased_ctls_high) ||
|
||||||
|
!vmx_control_verify(vmcs12->secondary_vm_exec_control,
|
||||||
|
vmx->nested.nested_vmx_secondary_ctls_low,
|
||||||
|
vmx->nested.nested_vmx_secondary_ctls_high) ||
|
||||||
|
!vmx_control_verify(vmcs12->pin_based_vm_exec_control,
|
||||||
|
vmx->nested.nested_vmx_pinbased_ctls_low,
|
||||||
|
vmx->nested.nested_vmx_pinbased_ctls_high) ||
|
||||||
|
!vmx_control_verify(vmcs12->vm_exit_controls,
|
||||||
|
vmx->nested.nested_vmx_exit_ctls_low,
|
||||||
|
vmx->nested.nested_vmx_exit_ctls_high) ||
|
||||||
|
!vmx_control_verify(vmcs12->vm_entry_controls,
|
||||||
|
vmx->nested.nested_vmx_entry_ctls_low,
|
||||||
|
vmx->nested.nested_vmx_entry_ctls_high))
|
||||||
|
return VMXERR_ENTRY_INVALID_CONTROL_FIELD;
|
||||||
|
|
||||||
|
if (!nested_host_cr0_valid(vcpu, vmcs12->host_cr0) ||
|
||||||
|
!nested_host_cr4_valid(vcpu, vmcs12->host_cr4) ||
|
||||||
|
!nested_cr3_valid(vcpu, vmcs12->host_cr3))
|
||||||
|
return VMXERR_ENTRY_INVALID_HOST_STATE_FIELD;
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int check_vmentry_postreqs(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12,
|
||||||
|
u32 *exit_qual)
|
||||||
|
{
|
||||||
|
bool ia32e;
|
||||||
|
|
||||||
|
*exit_qual = ENTRY_FAIL_DEFAULT;
|
||||||
|
|
||||||
|
if (!nested_guest_cr0_valid(vcpu, vmcs12->guest_cr0) ||
|
||||||
|
!nested_guest_cr4_valid(vcpu, vmcs12->guest_cr4))
|
||||||
|
return 1;
|
||||||
|
|
||||||
|
if (!nested_cpu_has2(vmcs12, SECONDARY_EXEC_SHADOW_VMCS) &&
|
||||||
|
vmcs12->vmcs_link_pointer != -1ull) {
|
||||||
|
*exit_qual = ENTRY_FAIL_VMCS_LINK_PTR;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* If the load IA32_EFER VM-entry control is 1, the following checks
|
||||||
|
* are performed on the field for the IA32_EFER MSR:
|
||||||
|
* - Bits reserved in the IA32_EFER MSR must be 0.
|
||||||
|
* - Bit 10 (corresponding to IA32_EFER.LMA) must equal the value of
|
||||||
|
* the IA-32e mode guest VM-exit control. It must also be identical
|
||||||
|
* to bit 8 (LME) if bit 31 in the CR0 field (corresponding to
|
||||||
|
* CR0.PG) is 1.
|
||||||
|
*/
|
||||||
|
if (to_vmx(vcpu)->nested.nested_run_pending &&
|
||||||
|
(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_IA32_EFER)) {
|
||||||
|
ia32e = (vmcs12->vm_entry_controls & VM_ENTRY_IA32E_MODE) != 0;
|
||||||
|
if (!kvm_valid_efer(vcpu, vmcs12->guest_ia32_efer) ||
|
||||||
|
ia32e != !!(vmcs12->guest_ia32_efer & EFER_LMA) ||
|
||||||
|
((vmcs12->guest_cr0 & X86_CR0_PG) &&
|
||||||
|
ia32e != !!(vmcs12->guest_ia32_efer & EFER_LME)))
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* If the load IA32_EFER VM-exit control is 1, bits reserved in the
|
||||||
|
* IA32_EFER MSR must be 0 in the field for that register. In addition,
|
||||||
|
* the values of the LMA and LME bits in the field must each be that of
|
||||||
|
* the host address-space size VM-exit control.
|
||||||
|
*/
|
||||||
|
if (vmcs12->vm_exit_controls & VM_EXIT_LOAD_IA32_EFER) {
|
||||||
|
ia32e = (vmcs12->vm_exit_controls &
|
||||||
|
VM_EXIT_HOST_ADDR_SPACE_SIZE) != 0;
|
||||||
|
if (!kvm_valid_efer(vcpu, vmcs12->host_ia32_efer) ||
|
||||||
|
ia32e != !!(vmcs12->host_ia32_efer & EFER_LMA) ||
|
||||||
|
ia32e != !!(vmcs12->host_ia32_efer & EFER_LME))
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* nested_vmx_run() handles a nested entry, i.e., a VMLAUNCH or VMRESUME on L1
|
* nested_vmx_run() handles a nested entry, i.e., a VMLAUNCH or VMRESUME on L1
|
||||||
* for running an L2 nested guest.
|
* for running an L2 nested guest.
|
||||||
|
@ -10421,9 +10517,9 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch)
|
||||||
struct vcpu_vmx *vmx = to_vmx(vcpu);
|
struct vcpu_vmx *vmx = to_vmx(vcpu);
|
||||||
int cpu;
|
int cpu;
|
||||||
struct loaded_vmcs *vmcs02;
|
struct loaded_vmcs *vmcs02;
|
||||||
bool ia32e;
|
|
||||||
u32 msr_entry_idx;
|
u32 msr_entry_idx;
|
||||||
unsigned long exit_qualification;
|
u32 exit_qual;
|
||||||
|
int ret;
|
||||||
|
|
||||||
if (!nested_vmx_check_permission(vcpu))
|
if (!nested_vmx_check_permission(vcpu))
|
||||||
return 1;
|
return 1;
|
||||||
|
@ -10453,105 +10549,27 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (vmcs12->guest_activity_state != GUEST_ACTIVITY_ACTIVE &&
|
ret = check_vmentry_prereqs(vcpu, vmcs12);
|
||||||
vmcs12->guest_activity_state != GUEST_ACTIVITY_HLT) {
|
if (ret) {
|
||||||
nested_vmx_failValid(vcpu, VMXERR_ENTRY_INVALID_CONTROL_FIELD);
|
nested_vmx_failValid(vcpu, ret);
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (nested_vmx_check_msr_bitmap_controls(vcpu, vmcs12)) {
|
|
||||||
nested_vmx_failValid(vcpu, VMXERR_ENTRY_INVALID_CONTROL_FIELD);
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (nested_vmx_check_apicv_controls(vcpu, vmcs12)) {
|
|
||||||
nested_vmx_failValid(vcpu, VMXERR_ENTRY_INVALID_CONTROL_FIELD);
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (nested_vmx_check_msr_switch_controls(vcpu, vmcs12)) {
|
|
||||||
nested_vmx_failValid(vcpu, VMXERR_ENTRY_INVALID_CONTROL_FIELD);
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!vmx_control_verify(vmcs12->cpu_based_vm_exec_control,
|
|
||||||
vmx->nested.nested_vmx_procbased_ctls_low,
|
|
||||||
vmx->nested.nested_vmx_procbased_ctls_high) ||
|
|
||||||
!vmx_control_verify(vmcs12->secondary_vm_exec_control,
|
|
||||||
vmx->nested.nested_vmx_secondary_ctls_low,
|
|
||||||
vmx->nested.nested_vmx_secondary_ctls_high) ||
|
|
||||||
!vmx_control_verify(vmcs12->pin_based_vm_exec_control,
|
|
||||||
vmx->nested.nested_vmx_pinbased_ctls_low,
|
|
||||||
vmx->nested.nested_vmx_pinbased_ctls_high) ||
|
|
||||||
!vmx_control_verify(vmcs12->vm_exit_controls,
|
|
||||||
vmx->nested.nested_vmx_exit_ctls_low,
|
|
||||||
vmx->nested.nested_vmx_exit_ctls_high) ||
|
|
||||||
!vmx_control_verify(vmcs12->vm_entry_controls,
|
|
||||||
vmx->nested.nested_vmx_entry_ctls_low,
|
|
||||||
vmx->nested.nested_vmx_entry_ctls_high))
|
|
||||||
{
|
|
||||||
nested_vmx_failValid(vcpu, VMXERR_ENTRY_INVALID_CONTROL_FIELD);
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!nested_host_cr0_valid(vcpu, vmcs12->host_cr0) ||
|
|
||||||
!nested_host_cr4_valid(vcpu, vmcs12->host_cr4) ||
|
|
||||||
!nested_cr3_valid(vcpu, vmcs12->host_cr3)) {
|
|
||||||
nested_vmx_failValid(vcpu,
|
|
||||||
VMXERR_ENTRY_INVALID_HOST_STATE_FIELD);
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!nested_guest_cr0_valid(vcpu, vmcs12->guest_cr0) ||
|
|
||||||
!nested_guest_cr4_valid(vcpu, vmcs12->guest_cr4)) {
|
|
||||||
nested_vmx_entry_failure(vcpu, vmcs12,
|
|
||||||
EXIT_REASON_INVALID_STATE, ENTRY_FAIL_DEFAULT);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
if (vmcs12->vmcs_link_pointer != -1ull) {
|
|
||||||
nested_vmx_entry_failure(vcpu, vmcs12,
|
|
||||||
EXIT_REASON_INVALID_STATE, ENTRY_FAIL_VMCS_LINK_PTR);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* If the load IA32_EFER VM-entry control is 1, the following checks
|
* After this point, the trap flag no longer triggers a singlestep trap
|
||||||
* are performed on the field for the IA32_EFER MSR:
|
* on the vm entry instructions; don't call kvm_skip_emulated_instruction.
|
||||||
* - Bits reserved in the IA32_EFER MSR must be 0.
|
* This is not 100% correct; for performance reasons, we delegate most
|
||||||
* - Bit 10 (corresponding to IA32_EFER.LMA) must equal the value of
|
* of the checks on host state to the processor. If those fail,
|
||||||
* the IA-32e mode guest VM-exit control. It must also be identical
|
* the singlestep trap is missed.
|
||||||
* to bit 8 (LME) if bit 31 in the CR0 field (corresponding to
|
|
||||||
* CR0.PG) is 1.
|
|
||||||
*/
|
*/
|
||||||
if (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_IA32_EFER) {
|
skip_emulated_instruction(vcpu);
|
||||||
ia32e = (vmcs12->vm_entry_controls & VM_ENTRY_IA32E_MODE) != 0;
|
|
||||||
if (!kvm_valid_efer(vcpu, vmcs12->guest_ia32_efer) ||
|
|
||||||
ia32e != !!(vmcs12->guest_ia32_efer & EFER_LMA) ||
|
|
||||||
((vmcs12->guest_cr0 & X86_CR0_PG) &&
|
|
||||||
ia32e != !!(vmcs12->guest_ia32_efer & EFER_LME))) {
|
|
||||||
nested_vmx_entry_failure(vcpu, vmcs12,
|
|
||||||
EXIT_REASON_INVALID_STATE, ENTRY_FAIL_DEFAULT);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
ret = check_vmentry_postreqs(vcpu, vmcs12, &exit_qual);
|
||||||
* If the load IA32_EFER VM-exit control is 1, bits reserved in the
|
if (ret) {
|
||||||
* IA32_EFER MSR must be 0 in the field for that register. In addition,
|
|
||||||
* the values of the LMA and LME bits in the field must each be that of
|
|
||||||
* the host address-space size VM-exit control.
|
|
||||||
*/
|
|
||||||
if (vmcs12->vm_exit_controls & VM_EXIT_LOAD_IA32_EFER) {
|
|
||||||
ia32e = (vmcs12->vm_exit_controls &
|
|
||||||
VM_EXIT_HOST_ADDR_SPACE_SIZE) != 0;
|
|
||||||
if (!kvm_valid_efer(vcpu, vmcs12->host_ia32_efer) ||
|
|
||||||
ia32e != !!(vmcs12->host_ia32_efer & EFER_LMA) ||
|
|
||||||
ia32e != !!(vmcs12->host_ia32_efer & EFER_LME)) {
|
|
||||||
nested_vmx_entry_failure(vcpu, vmcs12,
|
nested_vmx_entry_failure(vcpu, vmcs12,
|
||||||
EXIT_REASON_INVALID_STATE, ENTRY_FAIL_DEFAULT);
|
EXIT_REASON_INVALID_STATE, exit_qual);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* We're finally done with prerequisite checking, and can start with
|
* We're finally done with prerequisite checking, and can start with
|
||||||
|
@ -10562,12 +10580,6 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch)
|
||||||
if (!vmcs02)
|
if (!vmcs02)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
/*
|
|
||||||
* After this point, the trap flag no longer triggers a singlestep trap
|
|
||||||
* on the vm entry instructions. Don't call
|
|
||||||
* kvm_skip_emulated_instruction.
|
|
||||||
*/
|
|
||||||
skip_emulated_instruction(vcpu);
|
|
||||||
enter_guest_mode(vcpu);
|
enter_guest_mode(vcpu);
|
||||||
|
|
||||||
if (!(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_DEBUG_CONTROLS))
|
if (!(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_DEBUG_CONTROLS))
|
||||||
|
@ -10582,11 +10594,11 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch)
|
||||||
|
|
||||||
vmx_segment_cache_clear(vmx);
|
vmx_segment_cache_clear(vmx);
|
||||||
|
|
||||||
if (prepare_vmcs02(vcpu, vmcs12, true, &exit_qualification)) {
|
if (prepare_vmcs02(vcpu, vmcs12, true, &exit_qual)) {
|
||||||
leave_guest_mode(vcpu);
|
leave_guest_mode(vcpu);
|
||||||
vmx_load_vmcs01(vcpu);
|
vmx_load_vmcs01(vcpu);
|
||||||
nested_vmx_entry_failure(vcpu, vmcs12,
|
nested_vmx_entry_failure(vcpu, vmcs12,
|
||||||
EXIT_REASON_INVALID_STATE, exit_qualification);
|
EXIT_REASON_INVALID_STATE, exit_qual);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -10937,7 +10949,7 @@ static void load_vmcs12_host_state(struct kvm_vcpu *vcpu,
|
||||||
struct vmcs12 *vmcs12)
|
struct vmcs12 *vmcs12)
|
||||||
{
|
{
|
||||||
struct kvm_segment seg;
|
struct kvm_segment seg;
|
||||||
unsigned long entry_failure_code;
|
u32 entry_failure_code;
|
||||||
|
|
||||||
if (vmcs12->vm_exit_controls & VM_EXIT_LOAD_IA32_EFER)
|
if (vmcs12->vm_exit_controls & VM_EXIT_LOAD_IA32_EFER)
|
||||||
vcpu->arch.efer = vmcs12->host_ia32_efer;
|
vcpu->arch.efer = vmcs12->host_ia32_efer;
|
||||||
|
|
Loading…
Reference in New Issue