VMX: only check the PB VM EC2 if EC1 is ok
authorBarret Rhoden <brho@cs.berkeley.edu>
Wed, 1 Jul 2015 17:09:01 +0000 (10:09 -0700)
committerBarret Rhoden <brho@cs.berkeley.edu>
Mon, 2 Nov 2015 23:24:25 +0000 (18:24 -0500)
We should only check the Secondary Processor-Based VM-Execution controls
if the bit is present in the primary controls.  It's one of our
set-to-one bits.

If we do the secondary checks without that magic bit set, we'll GPF.  We
don't have rdmsr_safe() or anything like that either.

Ultimately, once 'ok' is false, we're going to fail anyway.  It's just a
question of how much info we get.

Signed-off-by: Barret Rhoden <brho@cs.berkeley.edu>
kern/arch/x86/vmm/intel/vmx.c

index b3922e5..71cf929 100644 (file)
@@ -611,8 +611,9 @@ static void setup_vmcs_config(void *p)
                                  &vmcs_conf->pin_based_exec_ctrl);
        ok = check_vmxec_controls(&cbec, have_true_msrs,
                                  &vmcs_conf->cpu_based_exec_ctrl) && ok;
-       ok = check_vmxec_controls(&cb2ec, have_true_msrs,
-                                 &vmcs_conf->cpu_based_2nd_exec_ctrl) && ok;
+       /* Only check cb2ec if we're still ok, o/w we may GPF */
+       ok = ok && check_vmxec_controls(&cb2ec, have_true_msrs,
+                                       &vmcs_conf->cpu_based_2nd_exec_ctrl);
        ok = check_vmxec_controls(&vmentry, have_true_msrs,
                                  &vmcs_conf->vmentry_ctrl) && ok;
        ok = check_vmxec_controls(&vmexit, have_true_msrs,