Il 19/08/2014 10:30, Wanpeng Li ha scritto: > + if (vmx->nested.virtual_apic_page) > + nested_release_page(vmx->nested.virtual_apic_page); > + vmx->nested.virtual_apic_page = > + nested_get_page(vcpu, vmcs12->virtual_apic_page_addr); > + if (!vmx->nested.virtual_apic_page) > + exec_control &= > + ~CPU_BASED_TPR_SHADOW; > + else > + vmcs_write64(VIRTUAL_APIC_PAGE_ADDR, > + page_to_phys(vmx->nested.virtual_apic_page)); > + > + /* > + * If CR8 load exits are enabled, CR8 store exits are enabled, > + * and virtualize APIC access is disabled, the processor would > + * never notice. Doing it unconditionally is not correct, but > + * it is the simplest thing. > + */ > + if (!(exec_control & CPU_BASED_TPR_SHADOW) && > + !((exec_control & CPU_BASED_CR8_LOAD_EXITING) && > + (exec_control & CPU_BASED_CR8_STORE_EXITING))) > + nested_vmx_failValid(vcpu, > VMXERR_ENTRY_INVALID_CONTROL_FIELD); > +
You aren't checking "virtualize APIC access" here, but the comment mentions it. As the comment says, failing the entry unconditionally could be the simplest thing, which means moving the nested_vmx_failValid call inside the "if (!vmx->nested.virtual_apic_page)". If you want to check all of CR8_LOAD/CR8_STORE/VIRTUALIZE_APIC_ACCESS, please mention in the comment that failing the vm entry is _not_ what the processor does but it's basically the only possibility we have. In that case, I would also place the "if" within the "if (!vmx->nested.virtual_apic_page)": it also simplifies the condition because you don't have to check CPU_BASED_TPR_SHADOW anymore. You can send v5 with these changes, and I'll apply it for 3.18. Thanks! Paolo -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
