Re: [PATCH 1/2] KVM: VMX: Sanitize VM-Entry/VM-Exit control pairs at kvm_intel load time
From: Paolo Bonzini
Date: Thu May 26 2022 - 06:40:13 EST
On 5/25/22 23:04, Sean Christopherson wrote:
+#define VMCS_ENTRY_EXIT_PAIR(name, entry_action, exit_action) \
+ { VM_ENTRY_##entry_action##_##name, VM_EXIT_##exit_action##_##name }
+
static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf,
struct vmx_capability *vmx_cap)
{
@@ -2473,6 +2476,24 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf,
u64 _cpu_based_3rd_exec_control = 0;
u32 _vmexit_control = 0;
u32 _vmentry_control = 0;
+ int i;
+
+ /*
+ * LOAD/SAVE_DEBUG_CONTROLS are absent because both are mandatory.
+ * SAVE_IA32_PAT and SAVE_IA32_EFER are absent because KVM always
+ * intercepts writes to PAT and EFER, i.e. never enables those controls.
+ */
+ struct {
+ u32 entry_control;
+ u32 exit_control;
+ } vmcs_entry_exit_pairs[] = {
+ VMCS_ENTRY_EXIT_PAIR(IA32_PERF_GLOBAL_CTRL, LOAD, LOAD),
+ VMCS_ENTRY_EXIT_PAIR(IA32_PAT, LOAD, LOAD),
+ VMCS_ENTRY_EXIT_PAIR(IA32_EFER, LOAD, LOAD),
+ VMCS_ENTRY_EXIT_PAIR(BNDCFGS, LOAD, CLEAR),
+ VMCS_ENTRY_EXIT_PAIR(IA32_RTIT_CTL, LOAD, CLEAR),
+ VMCS_ENTRY_EXIT_PAIR(IA32_LBR_CTL, LOAD, CLEAR),
No macros please, it's just as clear to expand them especially since the
#define is far from the struct definition.
Paolo