diff options
| author | Paolo Bonzini <pbonzini@redhat.com> | 2018-10-03 10:34:00 +0200 |
|---|---|---|
| committer | Paolo Bonzini <pbonzini@redhat.com> | 2018-10-04 13:40:44 +0200 |
| commit | 2cf7ea9f40fabee0f8b40db4eb2d1e85cc6c0a95 (patch) | |
| tree | a2fac261c821b28d52f42e54eaa725d08654d895 /crypto/ecb.c | |
| parent | fd6b6d9b82f97a851fb0078201ddc38fe9728cda (diff) | |
KVM: VMX: hide flexpriority from guest when disabled at the module level
As of commit 8d860bbeedef ("kvm: vmx: Basic APIC virtualization controls
have three settings"), KVM will disable VIRTUALIZE_APIC_ACCESSES when
a nested guest writes APIC_BASE MSR and kvm-intel.flexpriority=0,
whereas previously KVM would allow a nested guest to enable
VIRTUALIZE_APIC_ACCESSES so long as it's supported in hardware. That is,
KVM now advertises VIRTUALIZE_APIC_ACCESSES to a guest but doesn't
(always) allow setting it when kvm-intel.flexpriority=0, and may even
initially allow the control and then clear it when the nested guest
writes APIC_BASE MSR, which is decidedly odd even if it doesn't cause
functional issues.
Hide the control completely when the module parameter is cleared.
reported-by: Sean Christopherson <sean.j.christopherson@intel.com>
Fixes: 8d860bbeedef ("kvm: vmx: Basic APIC virtualization controls have three settings")
Cc: Jim Mattson <jmattson@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'crypto/ecb.c')
0 files changed, 0 insertions, 0 deletions