Xen devel - Jan 2013 - [PATCH 0/2] nested vmx: bug fixes for nested EPT

This patchset fixes some nested EPT issues, including the INVEPT emulation and
EPT pointer setting for L2 guest.

Please help to review and pull.

Thanks,
Dongxiao

Dongxiao Xu (2):
  nEPT: fix EPT pointer setting for L2 guest
  nEPT: fix INVEPT instruction parameter

 xen/arch/x86/hvm/vmx/vvmx.c |   12 +++++++++++-
 1 files changed, 11 insertions(+), 1 deletions(-)

Each time in virtual_vmentry(), the code needs to cover both EPT
and shadow mode for L2 guest, updating different EPT pointer to
shadow VMCS.

This fixes the issue that, launch a guest with EPT, then kill it
and launch a second guest with shadow, the second guest will hang
at the startup screen.

Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>
---
 xen/arch/x86/hvm/vmx/vvmx.c |   10 ++++++++++
 1 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c
index 3c152c5..a90736a 100644
--- a/xen/arch/x86/hvm/vmx/vvmx.c
+++ b/xen/arch/x86/hvm/vmx/vvmx.c
@@ -1076,6 +1076,14 @@ uint64_t get_shadow_eptp(struct vcpu *v)
     return ept_get_eptp(ept);
 }
 
+static uint64_t get_host_eptp(struct vcpu *v)
+{
+    struct domain *d = v->domain;
+    struct ept_data *ept_data = &p2m_get_hostp2m(d)->ept;
+
+    return ept_get_eptp(ept_data);
+}
+
 static bool_t nvmx_vpid_enabled(struct nestedvcpu *nvcpu)
 {
     uint32_t second_cntl;
@@ -1159,6 +1167,8 @@ static void virtual_vmentry(struct cpu_user_regs *regs)
     /* Setup virtual ETP for L2 guest*/
     if ( nestedhvm_paging_mode_hap(v) )
         __vmwrite(EPT_POINTER, get_shadow_eptp(v));
+    else
+        __vmwrite(EPT_POINTER, get_host_eptp(v));
 
     /* nested VPID support! */
     if ( cpu_has_vmx_vpid && nvmx_vpid_enabled(nvcpu) )
-- 
1.7.1

While emulating the INVEPT instruction in L0 VMM, the EPT pointer
should be fetched from the instruction decoding result, but not
the current loaded EPT pointer.

Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>
---
 xen/arch/x86/hvm/vmx/vvmx.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c
index a90736a..740972b 100644
--- a/xen/arch/x86/hvm/vmx/vvmx.c
+++ b/xen/arch/x86/hvm/vmx/vvmx.c
@@ -1706,7 +1706,7 @@ int nvmx_handle_invept(struct cpu_user_regs *regs)
     {
     case INVEPT_SINGLE_CONTEXT:
     {
-        struct p2m_domain *p2m = vcpu_nestedhvm(current).nv_p2m;
+        struct p2m_domain *p2m = p2m_get_nestedp2m(current, eptp);
         if ( p2m )
         {
             p2m_flush(current, p2m);
-- 
1.7.1