kvm: nVMX: Don't validate disabled secondary controls
authorJim Mattson <jmattson@google.com>
Thu, 4 May 2017 18:51:58 +0000 (11:51 -0700)
committerPaolo Bonzini <pbonzini@redhat.com>
Fri, 5 May 2017 08:08:31 +0000 (10:08 +0200)
According to the SDM, if the "activate secondary controls" primary
processor-based VM-execution control is 0, no checks are performed on
the secondary processor-based VM-execution controls.

Signed-off-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
arch/x86/kvm/vmx.c

index 75e6cc945be029b7b61e492b4a9f2f33f7b7cddf..e7d929103f4af6297f47d093017c3ead20c44c36 100644 (file)
@@ -10240,9 +10240,10 @@ static int check_vmentry_prereqs(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
        if (!vmx_control_verify(vmcs12->cpu_based_vm_exec_control,
                                vmx->nested.nested_vmx_procbased_ctls_low,
                                vmx->nested.nested_vmx_procbased_ctls_high) ||
-           !vmx_control_verify(vmcs12->secondary_vm_exec_control,
-                               vmx->nested.nested_vmx_secondary_ctls_low,
-                               vmx->nested.nested_vmx_secondary_ctls_high) ||
+           (nested_cpu_has(vmcs12, CPU_BASED_ACTIVATE_SECONDARY_CONTROLS) &&
+            !vmx_control_verify(vmcs12->secondary_vm_exec_control,
+                                vmx->nested.nested_vmx_secondary_ctls_low,
+                                vmx->nested.nested_vmx_secondary_ctls_high)) ||
            !vmx_control_verify(vmcs12->pin_based_vm_exec_control,
                                vmx->nested.nested_vmx_pinbased_ctls_low,
                                vmx->nested.nested_vmx_pinbased_ctls_high) ||