On 26.04.2017 17:53, Jim Mattson wrote:
> According to the Intel SDM, "Certain exceptions have priority over VM
> exits. These include invalid-opcode exceptions, faults based on
> privilege level*, and general-protection exceptions that are based on
> checking I/O permission bits in the task-state segment (TSS)."
>
> There is no need to check for faulting conditions that the hardware
> has already checked.
>
> * These include faults generated by attempts to execute, in
> virtual-8086 mode, privileged instructions that are not recognized
> in that mode.
>
> Signed-off-by: Jim Mattson <jmattson@xxxxxxxxxx>
> ---
> arch/x86/kvm/vmx.c | 55 ++++++++----------------------------------------------
> 1 file changed, 8 insertions(+), 47 deletions(-)
Nice! So we really only have to check vmxon / pointer / features for
vmxon and for the others only vmxon.
Reviewed-by: David Hildenbrand <david@xxxxxxxxxx>
[...]
> if (vmx->nested.vmxon) {
> nested_vmx_failValid(vcpu, VMXERR_VMXON_IN_VMX_ROOT_OPERATION);
> return kvm_skip_emulated_instruction(vcpu);
> @@ -7161,29 +7141,15 @@ static int handle_vmon(struct kvm_vcpu *vcpu)
> * Intel's VMX Instruction Reference specifies a common set of prerequisites
> * for running VMX instructions (except VMXON, whose prerequisites are
> * slightly different). It also specifies what exception to inject otherwise.
> + * Note that many of these exceptions have priority over VM exits, so they
> + * don't have to be checked again here.
> */
I think we could rename that one to nested_vmx_check_vmxon() now and
drop the complete comment. Maybe as a cleanup patch. Do we have some
nVMX documentation where we could put such information (so we could also
remove the comment from handle_vmon())?
> static int nested_vmx_check_permission(struct kvm_vcpu *vcpu)
> {
--
Thanks,
David
