diff -r fe68405201d2 xen/arch/x86/hvm/vmx/vmcs.c --- a/xen/arch/x86/hvm/vmx/vmcs.c Wed May 27 15:55:29 2009 +0100 +++ b/xen/arch/x86/hvm/vmx/vmcs.c Wed May 27 11:05:52 2009 -0700 @@ -41,6 +41,9 @@ static int opt_vpid_enabled = 1; boolean_param("vpid", opt_vpid_enabled); +static int opt_unrestricted_guest_enabled = 1; +boolean_param("unrestricted_guest", opt_unrestricted_guest_enabled); + /* Dynamic (run-time adjusted) execution control flags. */ u32 vmx_pin_based_exec_control __read_mostly; u32 vmx_cpu_based_exec_control __read_mostly; @@ -68,6 +71,7 @@ P(cpu_has_vmx_vpid, "Virtual-Processor Identifiers (VPID)"); P(cpu_has_vmx_vnmi, "Virtual NMI"); P(cpu_has_vmx_msr_bitmap, "MSR direct-access bitmap"); + P(cpu_has_vmx_unrestricted_guest, "Unrestricted Guest"); #undef P if ( !printed ) @@ -139,6 +143,9 @@ SECONDARY_EXEC_ENABLE_EPT); if ( opt_vpid_enabled ) opt |= SECONDARY_EXEC_ENABLE_VPID; + if ( opt_unrestricted_guest_enabled ) + opt |= SECONDARY_EXEC_UNRESTRICTED_GUEST; + _vmx_secondary_exec_control = adjust_vmx_controls( min, opt, MSR_IA32_VMX_PROCBASED_CTLS2); } @@ -155,8 +162,10 @@ rdmsr(msr, must_be_one, must_be_zero); if ( must_be_one & (CPU_BASED_INVLPG_EXITING | CPU_BASED_CR3_LOAD_EXITING | - CPU_BASED_CR3_STORE_EXITING) ) - _vmx_secondary_exec_control &= ~SECONDARY_EXEC_ENABLE_EPT; + CPU_BASED_CR3_STORE_EXITING) ) { + _vmx_secondary_exec_control &= ~(SECONDARY_EXEC_ENABLE_EPT | + SECONDARY_EXEC_UNRESTRICTED_GUEST); + } } #if defined(__i386__) @@ -532,7 +541,9 @@ } else { - v->arch.hvm_vmx.secondary_exec_control &= ~SECONDARY_EXEC_ENABLE_EPT; + v->arch.hvm_vmx.secondary_exec_control &= + ~(SECONDARY_EXEC_ENABLE_EPT | + SECONDARY_EXEC_UNRESTRICTED_GUEST); vmx_vmexit_control &= ~(VM_EXIT_SAVE_GUEST_PAT | VM_EXIT_LOAD_HOST_PAT); vmx_vmentry_control &= ~VM_ENTRY_LOAD_GUEST_PAT; @@ -1108,6 +1119,10 @@ void setup_vmcs_dump(void) { register_keyhandler('v', vmcs_dump, "dump Intel's VMCS"); + + if ( !opt_unrestricted_guest_enabled ) + printk("VMX: Unrestricted Guest mode is disabled.\n"); + } diff -r fe68405201d2 xen/arch/x86/hvm/vmx/vmx.c --- a/xen/arch/x86/hvm/vmx/vmx.c Wed May 27 15:55:29 2009 +0100 +++ b/xen/arch/x86/hvm/vmx/vmx.c Wed May 27 11:05:52 2009 -0700 @@ -1062,8 +1062,10 @@ { case 0: { int realmode; - unsigned long hw_cr0_mask = - X86_CR0_NE | X86_CR0_PG | X86_CR0_PE; + unsigned long hw_cr0_mask = X86_CR0_NE; + + if (!vmx_unrestricted_guest(v)) + hw_cr0_mask |= X86_CR0_PG | X86_CR0_PE; if ( paging_mode_shadow(v->domain) ) hw_cr0_mask |= X86_CR0_WP; @@ -1091,7 +1093,9 @@ } realmode = !(v->arch.hvm_vcpu.guest_cr[0] & X86_CR0_PE); - if ( realmode != v->arch.hvm_vmx.vmx_realmode ) + + if ( (!vmx_unrestricted_guest(v)) && + (realmode != v->arch.hvm_vmx.vmx_realmode) ) { enum x86_segment s; struct segment_register reg[x86_seg_tr + 1]; @@ -1436,6 +1440,10 @@ vmx_function_table.hap_supported = 1; } + if ( cpu_has_vmx_unrestricted_guest ) { + printk("VMX: Unrestricted Guest feature is available.\n"); + } + if ( cpu_has_vmx_vpid ) { printk("VMX: VPID is available.\n"); diff -r fe68405201d2 xen/include/asm-x86/hvm/vmx/vmcs.h --- a/xen/include/asm-x86/hvm/vmx/vmcs.h Wed May 27 15:55:29 2009 +0100 +++ b/xen/include/asm-x86/hvm/vmx/vmcs.h Wed May 27 11:05:52 2009 -0700 @@ -170,6 +170,7 @@ #define SECONDARY_EXEC_ENABLE_EPT 0x00000002 #define SECONDARY_EXEC_ENABLE_VPID 0x00000020 #define SECONDARY_EXEC_WBINVD_EXITING 0x00000040 +#define SECONDARY_EXEC_UNRESTRICTED_GUEST 0x00000080 extern u32 vmx_secondary_exec_control; extern bool_t cpu_has_vmx_ins_outs_instr_info; @@ -194,6 +195,11 @@ (vmx_cpu_based_exec_control & CPU_BASED_MONITOR_TRAP_FLAG) #define cpu_has_vmx_pat \ (vmx_vmentry_control & VM_ENTRY_LOAD_GUEST_PAT) +#define cpu_has_vmx_unrestricted_guest \ + (vmx_secondary_exec_control & SECONDARY_EXEC_UNRESTRICTED_GUEST) +#define vmx_unrestricted_guest(v) (v->arch.hvm_vmx.secondary_exec_control & \ + SECONDARY_EXEC_UNRESTRICTED_GUEST) + /* GUEST_INTERRUPTIBILITY_INFO flags. */ #define VMX_INTR_SHADOW_STI 0x00000001