git.samba.org - sfrench/cifs-2.6.git/commit

author	Jim Mattson <jmattson@google.com>
	Mon, 24 Sep 2018 18:05:43 +0000 (11:05 -0700)
committer	Paolo Bonzini <pbonzini@redhat.com>
	Tue, 27 Nov 2018 11:53:45 +0000 (12:53 +0100)
commit	88656040b0c0c09202fbcb461a8c33d2ec1c0c19
tree	3cbdd01563c49cd361344fa52050c073de5551bf	tree
parent	09f70c3b70e7d9e209a820b54dda42502fa40711	commit \| diff

KVM: nVMX: Unrestricted guest mode requires EPT

As specified in Intel's SDM, do not allow the L1 hypervisor to launch
an L2 guest with the VM-execution controls for "unrestricted guest" or
"mode-based execute control for EPT" set and the VM-execution control
for "enable EPT" clear.

Note that the VM-execution control for "mode-based execute control for
EPT" is not yet virtualized by kvm.

Reported-by: Andrew Thornton <andrewth@google.com>
Signed-off-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Peter Shier <pshier@google.com>
Reviewed-by: Sean Christopherson <sean.j.christopherson@intel.com>
Reviewed-by: Wanpeng Li <wanpengli@tencent.com>
Reviewed-by: Liran Alon <liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

arch/x86/include/asm/vmx.h		diff \| blob \| history
arch/x86/kvm/vmx.c		diff \| blob \| history