Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp611754imw; Fri, 8 Jul 2022 08:34:45 -0700 (PDT) X-Google-Smtp-Source: AGRyM1unOPyPiF3BTM1NdG+5RAdhjsD9VwtLxXKCVWkXqY+QvT9iwk72bDVAUDySOMvbcVKNEoRN X-Received: by 2002:a05:6402:25c2:b0:431:932e:eb6f with SMTP id x2-20020a05640225c200b00431932eeb6fmr5556688edb.296.1657294485217; Fri, 08 Jul 2022 08:34:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1657294485; cv=none; d=google.com; s=arc-20160816; b=H6+ln3nD+ZjwOZERs5ArTm+nFLvJXuQ/0fL7rMsNmItejyfEwZOZZzxCBII87toBth 4fW6hifr+lJSyoI9cmgRkOkH+P0YPOehg8v7djrsEJA3WpIO6jFgMqvsWmgfv56STH2q uNki2464LYGh7enZ5UkKolMNCbyg/3uBbRaFY7Islegyfi/NUx1Sz/I0Xazxfj+TJTQk uf+tYq3Kbt8fQcTGshnHkF7S2R4axLfChS1udCLja/97tQ5t05uHQVYfRc7sOrbh5FWd fL/f5vyqW6/OQjYFf7VCzYE7R/5KAAsL0W0UF2Se3Mbft/X6/JEVbmnUPan9oRjOjceP qz3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=TJU1tqIyssdR8+cHqAJQo+nEZ37rlsQFDJ77NnCJZJ8=; b=igpxEFs9HquyQoMcpFQo3omNejt0A4qmAJEplVOZ5xEShvxHR/pWUKBtpyhVWI01qX qNicm0QC12Mt86S/3l2Qe4Nw9Mla69ddR56QSeAMt7MaJ7eVhrdHOf3FhA8rCXIQtCZF UoPDVK03eZm6oasTjcUo/FpqzNNrquHx4qNvSQIc6fCiSeCoqJh++Ztqvj9DdtgiOCEm rSRA69qFt4uzR5ICSjmv3+3R8LUY18WIB708aMl1Sm3cqwLkwYMPy59CclDyT4qRBvQO iGsimCT6OL/ovXr26k1o0k4OyRf0MaB6ZLvj28XwScrn0lnGSfkKV4UC6sNRykaaLKKg 6FGQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="b/E1c1Lf"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id gs13-20020a1709072d0d00b007269f9395d7si11102622ejc.482.2022.07.08.08.34.20; Fri, 08 Jul 2022 08:34:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="b/E1c1Lf"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238436AbiGHOnu (ORCPT + 99 others); Fri, 8 Jul 2022 10:43:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33710 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238494AbiGHOnT (ORCPT ); Fri, 8 Jul 2022 10:43:19 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 1C7AF5A2FB for ; Fri, 8 Jul 2022 07:43:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1657291397; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TJU1tqIyssdR8+cHqAJQo+nEZ37rlsQFDJ77NnCJZJ8=; b=b/E1c1LfzAK5ww9Y/wBGyJxctJElYbhBDMuBWmyjDIQQwvF9H37hoaT5qJ403+t1qcJCqx EembNRPGqoVi2GnPfxESMDid/EAxmNogPiBZWl8qznfECUprXZuf/b7RWhkuwj2QweBKCf P2ACglHqp7D0qPoGdDaN2P9gUJh2sDM= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-139-JMiPiuMJOESCOtZBtvMkjg-1; Fri, 08 Jul 2022 10:43:14 -0400 X-MC-Unique: JMiPiuMJOESCOtZBtvMkjg-1 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 936471C05AF1; Fri, 8 Jul 2022 14:43:13 +0000 (UTC) Received: from fedora.redhat.com (unknown [10.40.193.250]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8736F492C3B; Fri, 8 Jul 2022 14:43:11 +0000 (UTC) From: Vitaly Kuznetsov To: kvm@vger.kernel.org, Paolo Bonzini , Sean Christopherson Cc: Anirudh Rayabharam , Wanpeng Li , Jim Mattson , Maxim Levitsky , linux-hyperv@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v3 19/25] KVM: VMX: Adjust CR3/INVPLG interception for EPT=y at runtime, not setup Date: Fri, 8 Jul 2022 16:42:17 +0200 Message-Id: <20220708144223.610080-20-vkuznets@redhat.com> In-Reply-To: <20220708144223.610080-1-vkuznets@redhat.com> References: <20220708144223.610080-1-vkuznets@redhat.com> MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.85 on 10.11.54.10 X-Spam-Status: No, score=-3.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sean Christopherson Clear the CR3 and INVLPG interception controls at runtime based on whether or not EPT is being _used_, as opposed to clearing the bits at setup if EPT is _supported_ in hardware, and then restoring them when EPT is not used. Not mucking with the base config will allow using the base config as the starting point for emulating the VMX capability MSRs. Signed-off-by: Sean Christopherson Reviewed-by: Jim Mattson Signed-off-by: Vitaly Kuznetsov --- arch/x86/kvm/vmx/vmx.c | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 9771c771c8f5..eca6875d6732 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -2501,13 +2501,8 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf, rdmsr_safe(MSR_IA32_VMX_EPT_VPID_CAP, &vmx_cap->ept, &vmx_cap->vpid); - if (_cpu_based_2nd_exec_control & SECONDARY_EXEC_ENABLE_EPT) { - /* CR3 accesses and invlpg don't need to cause VM Exits when EPT - enabled */ - _cpu_based_exec_control &= ~(CPU_BASED_CR3_LOAD_EXITING | - CPU_BASED_CR3_STORE_EXITING | - CPU_BASED_INVLPG_EXITING); - } else if (vmx_cap->ept) { + if (!(_cpu_based_2nd_exec_control & SECONDARY_EXEC_ENABLE_EPT) && + vmx_cap->ept) { pr_warn_once("EPT CAP should not exist if not support " "1-setting enable EPT VM-execution control\n"); @@ -4264,10 +4259,11 @@ static u32 vmx_exec_control(struct vcpu_vmx *vmx) exec_control |= CPU_BASED_CR8_STORE_EXITING | CPU_BASED_CR8_LOAD_EXITING; #endif - if (!enable_ept) - exec_control |= CPU_BASED_CR3_STORE_EXITING | - CPU_BASED_CR3_LOAD_EXITING | - CPU_BASED_INVLPG_EXITING; + /* No need to intercept CR3 access or INVPLG when using EPT. */ + if (enable_ept) + exec_control &= ~(CPU_BASED_CR3_LOAD_EXITING | + CPU_BASED_CR3_STORE_EXITING | + CPU_BASED_INVLPG_EXITING); if (kvm_mwait_in_guest(vmx->vcpu.kvm)) exec_control &= ~(CPU_BASED_MWAIT_EXITING | CPU_BASED_MONITOR_EXITING); -- 2.35.3