Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp700058iog;
        Wed, 29 Jun 2022 08:29:53 -0700 (PDT)
X-Google-Smtp-Source: AGRyM1s1UCSK25AEPMgBF4ViGT+A81dl04SZeAULP3WANiCtmwmURYNbNzfINOjtUo4CeBZ6vTWh
X-Received: by 2002:a17:906:5d07:b0:722:e1e3:ab6b with SMTP id g7-20020a1709065d0700b00722e1e3ab6bmr4025110ejt.674.1656516592920;
        Wed, 29 Jun 2022 08:29:52 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1656516592; cv=none;
        d=google.com; s=arc-20160816;
        b=hadKFTP8ieGwW05WNERcpy82yl7tikmn/FTFAR1aHwFR2c9EZPrDCZbC8kIIef6sPP
         4SMUpJeDNaDI7ADaGqzR6V3AF4DeIReVlmvp4bmb69dRKT6VXYLM17dp0mRoaTvrLcZZ
         xrhXNj/oMV8U693gCsFYuDmiKGgwAiJcHJqdMJzTlxhCdR/k+32c7WycWKpMANkXv+pQ
         YeIXUhbqJQqyXBWZSE45dBReDDLOtD7gw1AEN7lerUYCmuECHuzoticRV1MUZeE8gBNw
         W63oj8XcBUG2r2I96onY6BdNONGWiN0Tboz1aCah41RBGZUx3n2UtUxWD8UdkHtufOdL
         WIOQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=JvNQT+qN6bTBHaZG9droaEPNc0w1Dg3fASCtJ6Fh/mw=;
        b=lYIylMGslVuqZKDJpqXYG+7krMvasxUVfd7OfkASe+QflkTxUbIJE7GyRCs665YEr2
         Vled6ntpw7e6zf6XiEgJ/KJXJZgLl62CY/NHcYn+Mwpkq8dj4x8CcNc0e9D/k6Hm1dU1
         CKmZ4L9vgR2zO6kKligOwi161B72WoVzm/hb8mT4xywxBX0TQgg8EZ+0dGjiJElDUtCE
         0SNaEOMvgNzAyEzjXTIOP6mgcWkQGdc3zwnJdg20m75C8m9pB1BXqIzTh2KdRtRfmJex
         fgwUoRBEOG5ec0vkIRidyN3e62IWzT8SiQHzBxwFs0hVwWZzJRJgD5HvXXwCqUYZZg2J
         7T+w==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=UXMWqrDu;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id ds22-20020a170907725600b00722e51021b3si4440643ejc.74.2022.06.29.08.29.27;
        Wed, 29 Jun 2022 08:29:52 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=UXMWqrDu;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234172AbiF2PIo (ORCPT <rfc822;alcock.james@gmail.com>
        + 99 others); Wed, 29 Jun 2022 11:08:44 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40956 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234060AbiF2PHb (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 29 Jun 2022 11:07:31 -0400
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
        by lindbergh.monkeyblade.net (Postfix) with ESMTP id B20343633E
        for <linux-kernel@vger.kernel.org>; Wed, 29 Jun 2022 08:07:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1656515244;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=JvNQT+qN6bTBHaZG9droaEPNc0w1Dg3fASCtJ6Fh/mw=;
        b=UXMWqrDuCQ/7aVcQ/+AfVyemzwnOAOJr1TSevtwuensGdq2HMx+HYLFTSEd0ryJv6mLcpO
        NPCiYJtITFwhIca6JyGWdk+pMnsx8M10pkOEbnty2KR9KIsgR6+2G7cwRMBPuWy6TJOSLS
        HYslGSwMsmuXNNiuVNdZhshH/rOoG4M=
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-336-MgICTUFVOI68_AzvHVTopw-1; Wed, 29 Jun 2022 11:07:21 -0400
X-MC-Unique: MgICTUFVOI68_AzvHVTopw-1
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mimecast-mx02.redhat.com (Postfix) with ESMTPS id B7F1E85A581;
        Wed, 29 Jun 2022 15:07:20 +0000 (UTC)
Received: from fedora.redhat.com (unknown [10.40.192.126])
        by smtp.corp.redhat.com (Postfix) with ESMTP id D9FAE40EC002;
        Wed, 29 Jun 2022 15:07:18 +0000 (UTC)
From:   Vitaly Kuznetsov <vkuznets@redhat.com>
To:     kvm@vger.kernel.org, Paolo Bonzini <pbonzini@redhat.com>,
        Sean Christopherson <seanjc@google.com>
Cc:     Anirudh Rayabharam <anrayabh@linux.microsoft.com>,
        Wanpeng Li <wanpengli@tencent.com>,
        Jim Mattson <jmattson@google.com>,
        Maxim Levitsky <mlevitsk@redhat.com>,
        linux-hyperv@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH v2 22/28] KVM: VMX: Clear controls obsoleted by EPT at runtime, not setup
Date:   Wed, 29 Jun 2022 17:06:19 +0200
Message-Id: <20220629150625.238286-23-vkuznets@redhat.com>
In-Reply-To: <20220629150625.238286-1-vkuznets@redhat.com>
References: <20220629150625.238286-1-vkuznets@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.84 on 10.11.54.2
X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Sean Christopherson <seanjc@google.com>

Clear the CR3 and INVLPG interception controls at runtime based on
whether or not EPT is being _used_, as opposed to clearing the bits at
setup if EPT is _supported_ in hardware, and then restoring them when EPT
is not used.  Not mucking with the base config will allow using the base
config as the starting point for emulating the VMX capability MSRs.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
---
 arch/x86/kvm/vmx/vmx.c | 18 +++++++-----------
 1 file changed, 7 insertions(+), 11 deletions(-)

diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index e5e4383d0cff..fb58b0be953d 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -2501,13 +2501,8 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf,
 	rdmsr_safe(MSR_IA32_VMX_EPT_VPID_CAP,
 		&vmx_cap->ept, &vmx_cap->vpid);
 
-	if (_cpu_based_2nd_exec_control & SECONDARY_EXEC_ENABLE_EPT) {
-		/* CR3 accesses and invlpg don't need to cause VM Exits when EPT
-		   enabled */
-		_cpu_based_exec_control &= ~(CPU_BASED_CR3_LOAD_EXITING |
-					     CPU_BASED_CR3_STORE_EXITING |
-					     CPU_BASED_INVLPG_EXITING);
-	} else if (vmx_cap->ept) {
+	if (!(_cpu_based_2nd_exec_control & SECONDARY_EXEC_ENABLE_EPT) &&
+	    vmx_cap->ept) {
 		pr_warn_once("EPT CAP should not exist if not support "
 				"1-setting enable EPT VM-execution control\n");
 
@@ -4268,10 +4263,11 @@ static u32 vmx_exec_control(struct vcpu_vmx *vmx)
 		exec_control |= CPU_BASED_CR8_STORE_EXITING |
 				CPU_BASED_CR8_LOAD_EXITING;
 #endif
-	if (!enable_ept)
-		exec_control |= CPU_BASED_CR3_STORE_EXITING |
-				CPU_BASED_CR3_LOAD_EXITING  |
-				CPU_BASED_INVLPG_EXITING;
+	/* No need to intercept CR3 access or INVPLG when using EPT. */
+	if (enable_ept)
+		exec_control &= ~(CPU_BASED_CR3_LOAD_EXITING |
+				  CPU_BASED_CR3_STORE_EXITING |
+				  CPU_BASED_INVLPG_EXITING);
 	if (kvm_mwait_in_guest(vmx->vcpu.kvm))
 		exec_control &= ~(CPU_BASED_MWAIT_EXITING |
 				CPU_BASED_MONITOR_EXITING);
-- 
2.35.3