Skip to content
Snippets Groups Projects
Commit 88656040 authored by Jim Mattson's avatar Jim Mattson Committed by Paolo Bonzini
Browse files

KVM: nVMX: Unrestricted guest mode requires EPT 


As specified in Intel's SDM, do not allow the L1 hypervisor to launch
an L2 guest with the VM-execution controls for "unrestricted guest" or
"mode-based execute control for EPT" set and the VM-execution control
for "enable EPT" clear.

Note that the VM-execution control for "mode-based execute control for
EPT" is not yet virtualized by kvm.

Reported-by: default avatarAndrew Thornton <andrewth@google.com>
Signed-off-by: default avatarJim Mattson <jmattson@google.com>
Reviewed-by: default avatarPeter Shier <pshier@google.com>
Reviewed-by: default avatarSean Christopherson <sean.j.christopherson@intel.com>
Reviewed-by: default avatarWanpeng Li <wanpengli@tencent.com>
Reviewed-by: default avatarLiran Alon <liran.alon@oracle.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parent 09f70c3b
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment