KVM: vmx: disable APIC virtualization in nested guests
While running a nested guest, we should disable APIC virtualization controls (virtualized APIC register accesses, virtual interrupt delivery and posted interrupts), because we do not expose them to the nested guest. Reported-by: Hu Yaohui <loki2441@gmail.com> Suggested-by: Abel Gordon <abel@stratoscale.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
Paolo Bonzini
parent
89ca3b8819
commit
696dfd95ba
@ -7778,7 +7778,8 @@ static void prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
|
||||
|
||||
exec_control = vmcs12->pin_based_vm_exec_control;
|
||||
exec_control |= vmcs_config.pin_based_exec_ctrl;
|
||||
exec_control &= ~PIN_BASED_VMX_PREEMPTION_TIMER;
|
||||
exec_control &= ~(PIN_BASED_VMX_PREEMPTION_TIMER |
|
||||
PIN_BASED_POSTED_INTR);
|
||||
vmcs_write32(PIN_BASED_VM_EXEC_CONTROL, exec_control);
|
||||
|
||||
vmx->nested.preemption_timer_expired = false;
|
||||
@ -7815,7 +7816,9 @@ static void prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
|
||||
if (!vmx->rdtscp_enabled)
|
||||
exec_control &= ~SECONDARY_EXEC_RDTSCP;
|
||||
/* Take the following fields only from vmcs12 */
|
||||
exec_control &= ~SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES;
|
||||
exec_control &= ~(SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
|
||||
SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY |
|
||||
SECONDARY_EXEC_APIC_REGISTER_VIRT);
|
||||
if (nested_cpu_has(vmcs12,
|
||||
CPU_BASED_ACTIVATE_SECONDARY_CONTROLS))
|
||||
exec_control |= vmcs12->secondary_vm_exec_control;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user