From eb68feea83c9d299c82ef673dd73aa04265292db Mon Sep 17 00:00:00 2001
From: Yang Zhang <yang.z.zhang@Intel.com>
Date: Mon, 30 Sep 2013 13:58:48 +0200
Subject: Nested VMX: Expose unrestricted guest feature to guest

With virtual unrestricted guest feature, L2 guest is allowed to run
with PG cleared. Also, allow PAE not set during virtual vmexit emulation.

Signed-off-by: Yang Zhang <yang.z.zhang@Intel.com>
Acked-by: Eddie.Dong@intel.com
---
 xen/arch/x86/hvm/hvm.c      | 3 ++-
 xen/arch/x86/hvm/vmx/vvmx.c | 3 +++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index e0e0f5ddb5..150b0ec460 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -1732,7 +1732,8 @@ int hvm_set_cr0(unsigned long value)
     {
         if ( v->arch.hvm_vcpu.guest_efer & EFER_LME )
         {
-            if ( !(v->arch.hvm_vcpu.guest_cr[4] & X86_CR4_PAE) )
+            if ( !(v->arch.hvm_vcpu.guest_cr[4] & X86_CR4_PAE) &&
+                 !nestedhvm_vmswitch_in_progress(v) )
             {
                 HVM_DBG_LOG(DBG_LEVEL_1, "Enable paging before PAE enable");
                 goto gpf;
diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c
index ba617fa9d2..d476f03dcd 100644
--- a/xen/arch/x86/hvm/vmx/vvmx.c
+++ b/xen/arch/x86/hvm/vmx/vvmx.c
@@ -1342,6 +1342,7 @@ static void virtual_vmexit(struct cpu_user_regs *regs)
 
     nestedhvm_vcpu_exit_guestmode(v);
     nvcpu->nv_vmexit_pending = 0;
+    nvcpu->nv_vmswitch_in_progress = 1;
 
     lm_l2 = !!hvm_long_mode_enabled(v);
     lm_l1 = !!(__get_vvmcs(nvcpu->nv_vvmcx, VM_EXIT_CONTROLS) &
@@ -1372,6 +1373,7 @@ static void virtual_vmexit(struct cpu_user_regs *regs)
     if ( cpu_has_vmx_virtual_intr_delivery )
         nvmx_update_apicv(v);
 
+    nvcpu->nv_vmswitch_in_progress = 0;
     vmreturn(regs, VMSUCCEED);
 }
 
@@ -1877,6 +1879,7 @@ int nvmx_msr_read_intercept(unsigned int msr, u64 *msr_content)
         data = SECONDARY_EXEC_DESCRIPTOR_TABLE_EXITING |
                SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
                SECONDARY_EXEC_ENABLE_VPID |
+               SECONDARY_EXEC_UNRESTRICTED_GUEST |
                SECONDARY_EXEC_ENABLE_EPT;
         data = gen_vmx_msr(data, 0, host_data);
         break;
-- 
cgit v1.2.3