From: Igor Druzhinin Date: Thu, 4 Apr 2019 16:25:10 +0000 (+0100) Subject: x86/vmx: Fixup removals of MSR load/save list entries X-Git-Tag: archive/raspbian/4.14.0+80-gd101b417b7-1+rpi1^2~63^2~2339 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=e28c0ee3356f52f589bbae54e89aaed25c1f599d;p=xen.git x86/vmx: Fixup removals of MSR load/save list entries Commit 540d5422 ("x86/vmx: Support removing MSRs from the host/guest load/save lists") introduced infrastructure finally exposed by commit fd32dcfe ("x86/vmx: Don't leak EFER.NXE into guest context") that led to a functional regression on Harpertown and earlier cores (Gen 1 VT-x) due to MSR count being incorrectly set in VMCS. As the result, as soon as guest EFER becomes equal to Xen EFER (which eventually happens in almost every 64-bit VM) and its MSR entry is supposed to be removed, a stale version of EFER is loaded into a guest instead causing almost immediate guest failure. Signed-off-by: Igor Druzhinin Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper Acked-by: Kevin Tian --- diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 74f2a08cfd..45d18493df 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -1490,15 +1490,15 @@ int vmx_del_msr(struct vcpu *v, uint32_t msr, enum vmx_msr_list_type type) switch ( type ) { case VMX_MSR_HOST: - __vmwrite(VM_EXIT_MSR_LOAD_COUNT, vmx->host_msr_count--); + __vmwrite(VM_EXIT_MSR_LOAD_COUNT, --vmx->host_msr_count); break; case VMX_MSR_GUEST: - __vmwrite(VM_EXIT_MSR_STORE_COUNT, vmx->msr_save_count--); + __vmwrite(VM_EXIT_MSR_STORE_COUNT, --vmx->msr_save_count); /* Fallthrough */ case VMX_MSR_GUEST_LOADONLY: - __vmwrite(VM_ENTRY_MSR_LOAD_COUNT, vmx->msr_load_count--); + __vmwrite(VM_ENTRY_MSR_LOAD_COUNT, --vmx->msr_load_count); break; }