KVM: nVMX: Add consistency check for TPR_THRESHOLD[31:4]!=0 without VID

Add a missing consistency check on the TPR Threshold. Per the SDM If the "use TPR shadow" VM-execution control is 1 and the "virtual- interrupt delivery" VM-execution control is 0, bits 31:4 of the TPR threshold VM-execution control field must be 0. Note, nested_vmx_check_tpr_shadow_controls() bails early if "use TPR shadow" is 0. Link: https://lore.kernel.org/r/20250919005955.1366256-6-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc@google.com>
author: Sean Christopherson <seanjc@google.com> 2025-09-18 17:59:51 -0700
committer: Sean Christopherson <seanjc@google.com> 2025-10-17 15:11:26 -0700
commit: 15fe455dd1a011bbc8f9e512c6dc324cfca028c4 (patch)
tree: 0009340a1c4c3946722d60f323703ef6b6d5a4b6
parent: 2f723a86342355fee85574352a165e8bf6fa5372 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index 0a4b4e790f9f..ffd2628b9c1e 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -555,6 +555,9 @@ static int nested_vmx_check_tpr_shadow_controls(struct kvm_vcpu *vcpu,
 	if (CC(!page_address_valid(vcpu, vmcs12->virtual_apic_page_addr)))
 		return -EINVAL;
 
+	if (CC(!nested_cpu_has_vid(vmcs12) && vmcs12->tpr_threshold >> 4))
+		return -EINVAL;
+
 	return 0;
 }
author	Sean Christopherson <seanjc@google.com>	2025-09-18 17:59:51 -0700
committer	Sean Christopherson <seanjc@google.com>	2025-10-17 15:11:26 -0700
commit	15fe455dd1a011bbc8f9e512c6dc324cfca028c4 (patch)
tree	0009340a1c4c3946722d60f323703ef6b6d5a4b6
parent	2f723a86342355fee85574352a165e8bf6fa5372 (diff)