vmentry should check whether the vmcs provided by the guest hypervisor is a shadow vmcs and fail. Also, vmptrld should check whether a shadow vmcs is being loaded by the guest without support being present but this check happens as part of checking the revision_id.
Signed-off-by: Bandan Das <b...@redhat.com> --- arch/x86/kvm/vmx.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 6291143..1b6f624 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -9924,6 +9924,10 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch) skip_emulated_instruction(vcpu); vmcs12 = get_vmcs12(vcpu); + if ((vmcs12->revision_id >> 31) & 1u) { + nested_vmx_failInvalid(vcpu); + return 1; + } if (enable_shadow_vmcs) copy_shadow_to_vmcs12(vmx); -- 2.5.5