KVM: nVMX: move vmcs12 EPTP consistency check to check_vmentry_prereqs()

An invalid EPTP causes a VMFail(VMXERR_ENTRY_INVALID_CONTROL_FIELD),
not a VMExit.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Reviewed-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index a914e7ca044cd89139fc47c24d99887f9ed25d93..3831e0968d6a6b6a1d1cb1426ddb9b6b01fff61d 100644 (file)
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -11327,11 +11327,9 @@ static unsigned long nested_ept_get_cr3(struct kvm_vcpu *vcpu)
        return get_vmcs12(vcpu)->ept_pointer;
 }
 
-static int nested_ept_init_mmu_context(struct kvm_vcpu *vcpu)
+static void nested_ept_init_mmu_context(struct kvm_vcpu *vcpu)
 {
        WARN_ON(mmu_is_nested(vcpu));
-       if (!valid_ept_address(vcpu, nested_ept_get_cr3(vcpu)))
-               return 1;
 
        kvm_init_shadow_ept_mmu(vcpu,
                        to_vmx(vcpu)->nested.msrs.ept_caps &
@@ -11343,7 +11341,6 @@ static int nested_ept_init_mmu_context(struct kvm_vcpu *vcpu)
        vcpu->arch.mmu.inject_page_fault = nested_ept_inject_page_fault;
 
        vcpu->arch.walk_mmu              = &vcpu->arch.nested_mmu;
-       return 0;
 }
 
 static void nested_ept_uninit_mmu_context(struct kvm_vcpu *vcpu)
@@ -12327,15 +12324,11 @@ static int prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12,
                vmcs_write16(GUEST_PML_INDEX, PML_ENTITY_NUM - 1);
        }
 
-       if (nested_cpu_has_ept(vmcs12)) {
-               if (nested_ept_init_mmu_context(vcpu)) {
-                       *entry_failure_code = ENTRY_FAIL_DEFAULT;
-                       return 1;
-               }
-       } else if (nested_cpu_has2(vmcs12,
-                                  SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES)) {
+       if (nested_cpu_has_ept(vmcs12))
+               nested_ept_init_mmu_context(vcpu);
+       else if (nested_cpu_has2(vmcs12,
+                                SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES))
                vmx_flush_tlb(vcpu, true);
-       }
 
        /*
         * This sets GUEST_CR0 to vmcs12->guest_cr0, possibly modifying those
@@ -12545,6 +12538,10 @@ static int check_vmentry_prereqs(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
                }
        }
 
+       if (nested_cpu_has_ept(vmcs12) &&
+           !valid_ept_address(vcpu, vmcs12->ept_pointer))
+               return VMXERR_ENTRY_INVALID_CONTROL_FIELD;
+
        return 0;
 }