From 05bb1116b8c1fc42527bf3b2406eef86a27e3dc3 Mon Sep 17 00:00:00 2001 From: Brian Woods Date: Mon, 5 Feb 2018 10:14:48 +0100 Subject: [PATCH] x86/svm: update VGIF support There are places where the GIF value is checked. A guest with VGIF enabled can change the GIF value without the host being involved, therefore it needs to check the GIF value in the VMCB rather the one in the nestedsvm struct. Signed-off-by: Brian Woods Reviewed-by: Boris Ostrovsky --- xen/arch/x86/hvm/svm/nestedsvm.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/hvm/svm/nestedsvm.c b/xen/arch/x86/hvm/svm/nestedsvm.c index b6f6449d75..1f7b0d3e88 100644 --- a/xen/arch/x86/hvm/svm/nestedsvm.c +++ b/xen/arch/x86/hvm/svm/nestedsvm.c @@ -800,8 +800,13 @@ nsvm_vcpu_vmexit_inject(struct vcpu *v, struct cpu_user_regs *regs, struct nestedvcpu *nv = &vcpu_nestedhvm(v); struct nestedsvm *svm = &vcpu_nestedsvm(v); struct vmcb_struct *ns_vmcb; + struct vmcb_struct *vmcb = v->arch.hvm_svm.vmcb; + + if ( vmcb->_vintr.fields.vgif_enable ) + ASSERT(vmcb->_vintr.fields.vgif == 0); + else + ASSERT(svm->ns_gif == 0); - ASSERT(svm->ns_gif == 0); ns_vmcb = nv->nv_vvmcx; if (nv->nv_vmexit_pending) { @@ -1343,8 +1348,13 @@ nestedsvm_vmexit_defer(struct vcpu *v, uint64_t exitcode, uint64_t exitinfo1, uint64_t exitinfo2) { struct nestedsvm *svm = &vcpu_nestedsvm(v); + struct vmcb_struct *vmcb = v->arch.hvm_svm.vmcb; + + if ( vmcb->_vintr.fields.vgif_enable ) + vmcb->_vintr.fields.vgif = 0; + else + nestedsvm_vcpu_clgi(v); - nestedsvm_vcpu_clgi(v); svm->ns_vmexit.exitcode = exitcode; svm->ns_vmexit.exitinfo1 = exitinfo1; svm->ns_vmexit.exitinfo2 = exitinfo2; -- 2.30.2