Here are some of the easier fixes following on from the XSA-278 investigation. This series removes the duplicated checks left over from the security fix. I did have some further plans, but the embargo breaking early means I haven't had time to get them ready for posting.
A longer term plan is to model nested virt as an X86_EMU_ flag, but that requires a fair amount of untangling of various toolstack actions during create and migrate. Andrew Cooper (4): x86/vvmx: Unconditionally initialise vmxon_region_pa during vcpu construction x86/vvmx: Drop the now-obsolete vmx_inst_check_privilege() x86/vvmx: INVVPID instructions should be handled at by L1 x86/vvmx: Don't handle unknown nested vmexit reasons at L0 xen/arch/x86/hvm/vmx/vmx.c | 2 + xen/arch/x86/hvm/vmx/vvmx.c | 90 ++++++++++++--------------------------------- 2 files changed, 25 insertions(+), 67 deletions(-) -- 2.1.4 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel