From 8565750bbe35cbf2953b7444e7ff7a6d14235cf0 Mon Sep 17 00:00:00 2001 From: Shuo A Liu Date: Tue, 25 May 2021 19:05:23 +0800 Subject: [PATCH] hv: nested: Hide some capability bits from L1 guest * Hide 5 level EPT capability, let L1 guest stick to 4 level EPT. * Access/Dirty bits are not support currently, hide corresponding EPT capability bits. * "Mode-based execute control for EPT" is also not support well currently, hide its capability bit from MSR_IA32_VMX_PROCBASED_CTLS2. Tracked-On: #5923 Signed-off-by: Sainath Grandhi Signed-off-by: Zide Chen Signed-off-by: Shuo A Liu Reviewed-by: Jason Chen CJ Acked-by: Eddie Dong --- hypervisor/arch/x86/guest/nested.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/hypervisor/arch/x86/guest/nested.c b/hypervisor/arch/x86/guest/nested.c index fbf4579c3..ea3d42c8b 100644 --- a/hypervisor/arch/x86/guest/nested.c +++ b/hypervisor/arch/x86/guest/nested.c @@ -141,7 +141,7 @@ void init_vmx_msrs(struct acrn_vcpu *vcpu) | VMX_PROCBASED_CTLS2_UNRESTRICT | VMX_PROCBASED_CTLS2_PAUSE_LOOP | VMX_PROCBASED_CTLS2_RDRAND | VMX_PROCBASED_CTLS2_INVPCID | VMX_PROCBASED_CTLS2_RDSEED | VMX_PROCBASED_CTLS2_XSVE_XRSTR - | VMX_PROCBASED_CTLS2_PT_USE_GPA | VMX_PROCBASED_CTLS2_TSC_SCALING; + | VMX_PROCBASED_CTLS2_TSC_SCALING; msr_value = adjust_vmx_ctrls(MSR_IA32_VMX_PROCBASED_CTLS2, request_bits); vcpu_set_guest_msr(vcpu, MSR_IA32_VMX_PROCBASED_CTLS2, msr_value); @@ -161,10 +161,15 @@ void init_vmx_msrs(struct acrn_vcpu *vcpu) vcpu_set_guest_msr(vcpu, MSR_IA32_VMX_ENTRY_CTLS, msr_value); vcpu_set_guest_msr(vcpu, MSR_IA32_VMX_TRUE_ENTRY_CTLS, msr_value); - /* For now passthru the value from physical MSR to L1 guest */ msr_value = msr_read(MSR_IA32_VMX_EPT_VPID_CAP); + /* + * Hide 5 level EPT capability + * Hide accessed and dirty flags for EPT + */ + msr_value &= ~(VMX_EPT_PAGE_WALK_5 | VMX_EPT_AD); vcpu_set_guest_msr(vcpu, MSR_IA32_VMX_EPT_VPID_CAP, msr_value); + /* For now passthru the value from physical MSR to L1 guest */ msr_value = msr_read(MSR_IA32_VMX_CR0_FIXED0); vcpu_set_guest_msr(vcpu, MSR_IA32_VMX_CR0_FIXED0, msr_value);