[PATCH 0/3 v2] Expose VMFUNC to the nested hypervisor

From: Bandan Das
Date: Thu Jul 06 2017 - 19:03:48 EST

1/3: Patch to enable vmfunc on the host but cause a #UD if
L1 tries to use it directly. (new)
2/3: Expose vmfunc to the nested hypervisor, but no vm functions
are exposed and L0 emulates a vmfunc vmexit to L1.
3/3: Force a vmfunc vmexit when L2 tries to use vmfunc and emulate
eptp switching. Unconditionally expose EPTP switching to the
L1 hypervisor since L0 fakes eptp switching via a mmu reload.

These patches expose eptp switching/vmfunc to the nested hypervisor.
vmfunc is enabled in the secondary controls for the host and is
exposed to the nested hypervisor. However, if the nested hypervisor
decides to use eptp switching, L0 emulates it.


Bandan Das (3):
KVM: vmx: Enable VMFUNCs
KVM: nVMX: Enable VMFUNC for the L1 hypervisor
KVM: nVMX: Emulate EPTP switching for the L1 hypervisor

arch/x86/include/asm/vmx.h | 9 ++++
arch/x86/kvm/vmx.c | 122 ++++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 129 insertions(+), 2 deletions(-)