[PATCH v6 0/3] Expose VMFUNC to the nested hypervisor
From: Bandan Das
Date: Tue Aug 01 2017 - 19:24:58 EST
Fix check for memory type in address
Change check function name as requested in the review
Move setting of mmu->ept_ad to after calling mmu_unload
and also reset base_role.ad_disabled appropriately
Replace IS_ALIGN with page_address_valid()
1/3 and 2/3 are unchanged but some changes in 3/3. I left
the mmu_load failure path untouched because I am not sure what's
the right thing to do here.
Move the eptp switching logic to a different function
Add check for EPTP_ADDRESS in check_vmentry_prereq
Add check for validity of ept pointer
Check if AD bit is set and set ept_ad
Add TODO item about mmu_unload failure
2/3: Use WARN_ONCE to avoid logging dos
3/3: Add missing nested_release_page_clean() and check the
eptp as mentioned in SDM 24.6.14
1/3: Patch to enable vmfunc on the host but cause a #UD if
L1 tries to use it directly. (new)
2/3: Expose vmfunc to the nested hypervisor, but no vm functions
are exposed and L0 emulates a vmfunc vmexit to L1.
3/3: Force a vmfunc vmexit when L2 tries to use vmfunc and emulate
eptp switching. Unconditionally expose EPTP switching to the
L1 hypervisor since L0 fakes eptp switching via a mmu reload.
These patches expose eptp switching/vmfunc to the nested hypervisor.
vmfunc is enabled in the secondary controls for the host and is
exposed to the nested hypervisor. However, if the nested hypervisor
decides to use eptp switching, L0 emulates it.
Bandan Das (3):
KVM: vmx: Enable VMFUNCs
KVM: nVMX: Enable VMFUNC for the L1 hypervisor
KVM: nVMX: Emulate EPTP switching for the L1 hypervisor
arch/x86/include/asm/vmx.h | 9 +++
arch/x86/kvm/vmx.c | 191 ++++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 198 insertions(+), 2 deletions(-)