From 873ed752d4e010fc971a1cf548644e05af66123f Mon Sep 17 00:00:00 2001
From: Zide Chen <zide.chen@intel.com>
Date: Fri, 26 Mar 2021 23:25:42 -0700
Subject: [PATCH] misc: sanity check VM config for nested virtualization

- SOS does not allow LAPIC passthru unless nested virtualization is
  enabled on SOS.

- Currently nested virtualization requires LAPIC passthru, so if
  GUEST_FLAG_VMX_ENABLED is set, GUEST_FLAG_LAPIC_PASSTHROUGH must be
  set in same VM.

- Per VM GUEST_FLAG_VMX_ENABLED can be set only if CONFIG_VMX_ENABLED
  is set.

Tracked-On: #5923
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
---
 misc/config_tools/schema/VMtypes.xsd |  5 +++++
 misc/config_tools/schema/config.xsd  | 12 ++++++++++++
 misc/hv_prebuild/vm_cfg_checks.c     |  3 ---
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/misc/config_tools/schema/VMtypes.xsd b/misc/config_tools/schema/VMtypes.xsd
index 7b9046cd7..3cc93c613 100644
--- a/misc/config_tools/schema/VMtypes.xsd
+++ b/misc/config_tools/schema/VMtypes.xsd
@@ -60,6 +60,11 @@
       </xs:annotation>
     </xs:element>
   </xs:sequence>
+  <xs:assert test="count(guest_flag[text() = 'GUEST_FLAG_NVMX_ENABLED']) = 0 or count(guest_flag[text() = 'GUEST_FLAG_LAPIC_PASSTHROUGH']) > 0">
+    <xs:annotation>
+      <xs:documentation>If the GUEST_FLAG_NVMX_ENABLED is set, GUEST_FLAG_LAPIC_PASSTHROUGH must be set as well.</xs:documentation>
+    </xs:annotation>
+  </xs:assert>
 </xs:complexType>
 
 <xs:complexType name="CPUAffinityConfiguration">
diff --git a/misc/config_tools/schema/config.xsd b/misc/config_tools/schema/config.xsd
index 778098e7c..4ce021be8 100644
--- a/misc/config_tools/schema/config.xsd
+++ b/misc/config_tools/schema/config.xsd
@@ -422,6 +422,12 @@ its ``id`` attribute. When it is enabled, specify which target VM's vUART the cu
     <xs:element name="board_private" type="BoardPrivateConfiguration" minOccurs="0" />
   </xs:all>
   <xs:attribute name="id" type="xs:integer" />
+
+  <xs:assert test="vm_type != 'SOS_VM' or count(guest_flags[guest_flag = 'GUEST_FLAG_LAPIC_PASSTHROUGH']) = 0 or count(guest_flags[guest_flag = 'GUEST_FLAG_NVMX_ENABLED']) > 0">
+    <xs:annotation>
+      <xs:documentation>SOS cannot use LAPIC passthrough unless GUEST_FLAG_NVMX_ENABLED is set.</xs:documentation>
+    </xs:annotation>
+  </xs:assert>
 </xs:complexType>
 
 <xs:complexType name="ACRNConfigType">
@@ -445,6 +451,12 @@ to launch post-launched User VMs.</xs:documentation>
   </xs:all>
   <xs:attribute name="board" type="xs:string" use="required" />
   <xs:attribute name="scenario" type="xs:string" use="required" />
+
+  <xs:assert test="count(//guest_flag[text() = 'GUEST_FLAG_NVMX_ENABLED']) = 0 or //NVMX_ENABLED = 'y'">
+    <xs:annotation>
+      <xs:documentation>Per VM GUEST_FLAG_NVMX_ENABLED can be set only if CONFIG_NVMX_ENABLED is set.</xs:documentation>
+    </xs:annotation>
+  </xs:assert>
 </xs:complexType>
 
 <xs:element name="acrn-config" type="ACRNConfigType" />
diff --git a/misc/hv_prebuild/vm_cfg_checks.c b/misc/hv_prebuild/vm_cfg_checks.c
index 3c628cb0b..8620c1580 100644
--- a/misc/hv_prebuild/vm_cfg_checks.c
+++ b/misc/hv_prebuild/vm_cfg_checks.c
@@ -140,9 +140,6 @@ bool sanitize_vm_config(void)
 			}
 			break;
 		case SOS_VM:
-			if ((vm_config->severity != (uint8_t)SEVERITY_SOS) || ((vm_config->guest_flags & GUEST_FLAG_LAPIC_PASSTHROUGH) != 0U)) {
-				ret = false;
-			}
 			break;
 		case POST_LAUNCHED_VM:
 			if ((vm_config->severity == (uint8_t)SEVERITY_SAFETY_VM) || (vm_config->severity == (uint8_t)SEVERITY_SOS)) {