Nested VMX: Expose unrestricted guest feature to guest

With virtual unrestricted guest feature, L2 guest is allowed to run
with PG cleared. Also, allow PAE not set during virtual vmexit emulation.

Signed-off-by: Yang Zhang <yang.z.zhang@Intel.com>
Acked-by: Eddie.Dong@intel.com

diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index e0e0f5ddb5d67fa9782b2d101a491f0f5548dccd..150b0ec460bc28db77596365211197fa7d5770ab 100644 (file)
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -1732,7 +1732,8 @@ int hvm_set_cr0(unsigned long value)
     {
         if ( v->arch.hvm_vcpu.guest_efer & EFER_LME )
         {
-            if ( !(v->arch.hvm_vcpu.guest_cr[4] & X86_CR4_PAE) )
+            if ( !(v->arch.hvm_vcpu.guest_cr[4] & X86_CR4_PAE) &&
+                 !nestedhvm_vmswitch_in_progress(v) )
             {
                 HVM_DBG_LOG(DBG_LEVEL_1, "Enable paging before PAE enable");
                 goto gpf;

diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c
index ba617fa9d250a9fd2b8b6402281b69ae765d433d..d476f03dcd4eacf25ff01c73a5d7d1c9dc026274 100644 (file)
--- a/xen/arch/x86/hvm/vmx/vvmx.c
+++ b/xen/arch/x86/hvm/vmx/vvmx.c
@@ -1342,6 +1342,7 @@ static void virtual_vmexit(struct cpu_user_regs *regs)
 
     nestedhvm_vcpu_exit_guestmode(v);
     nvcpu->nv_vmexit_pending = 0;
+    nvcpu->nv_vmswitch_in_progress = 1;
 
     lm_l2 = !!hvm_long_mode_enabled(v);
     lm_l1 = !!(__get_vvmcs(nvcpu->nv_vvmcx, VM_EXIT_CONTROLS) &
@@ -1372,6 +1373,7 @@ static void virtual_vmexit(struct cpu_user_regs *regs)
     if ( cpu_has_vmx_virtual_intr_delivery )
         nvmx_update_apicv(v);
 
+    nvcpu->nv_vmswitch_in_progress = 0;
     vmreturn(regs, VMSUCCEED);
 }
 
@@ -1877,6 +1879,7 @@ int nvmx_msr_read_intercept(unsigned int msr, u64 *msr_content)
         data = SECONDARY_EXEC_DESCRIPTOR_TABLE_EXITING |
                SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
                SECONDARY_EXEC_ENABLE_VPID |
+               SECONDARY_EXEC_UNRESTRICTED_GUEST |
                SECONDARY_EXEC_ENABLE_EPT;
         data = gen_vmx_msr(data, 0, host_data);
         break;