Re: [PATCH v2 4/4] kvm: vmx: fix VMfailValid when write vmcs02/vmcs01

From: Paolo Bonzini
Date: Thu Dec 04 2014 - 09:28:31 EST

On 04/12/2014 12:11, Wanpeng Li wrote:
> ELSIF secondary source operand does not correspond to any VMCS field
> THEN VMfailValid(VMREAD/VMWRITE from/to unsupported VMCS component);
> We can't suppose L1 VMM expose MPX to L2 just if L0 support MPX. There
> will be VMfailValid if L0 doesn't support MPX and L1 expose MPX to L2
> when L0 writes vmcs02/vmcs01, in addition, there is no need to read
> GUEST_BNDCFGS if L1 VMM doesn't expose it to L2. This patch fix it by
> both check L0 support xsaves and L1 expose MPX to L2.

Did you have a reproducer for this? It should not be needed, because
the bndcfgs entry/exit controls are hidden from
nested_vmx_exit_ctls_high and nested_vmx_entry_ctls_high if

This hunk is also not correct:

> - if (vmx_mpx_supported())
> + if (vmx_mpx_supported() &&
> + (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS))
> vmcs12->guest_bndcfgs = vmcs_read64(GUEST_BNDCFGS);
> if (nested_cpu_has_xsaves(vmcs12))
> vmcs12->xss_exit_bitmap = vmcs_read64(XSS_EXIT_BITMAP);

because there is no "save BNDCFGS" exit control; the guest BNDCFGS is
saved unconditionally into the vmcs.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at