Re: [PATCH v2 06/18] KVM: nVMX: try to set EFER bits correctly when init'ing entry controls

Sean Christopherson <sean.j.christopherson@xxxxxxxxx> · Wed, 19 Sep 2018 15:19:16 -0700

On Wed, Sep 19, 2018 at 02:57:25PM -0700, Jim Mattson wrote:
> On Tue, Aug 28, 2018 at 9:04 AM, Sean Christopherson
> <sean.j.christopherson@xxxxxxxxx> wrote:
> > VM_ENTRY_IA32E_MODE and VM_{ENTRY,EXIT}_LOAD_IA32_EFER will be
> > explicitly set/cleared as needed by vmx_set_efer(), but attempt
> > to get the bits set correctly when intializing the control fields.
> > Setting the value correctly can avoid multiple VMWrites.
> >
> > Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
> > ---
> >  arch/x86/kvm/vmx.c | 44 ++++++++++++++++++++++++++++++--------------
> >  1 file changed, 30 insertions(+), 14 deletions(-)
> >
> > diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> > index 1fcf374a1475..e58dd3a66abf 100644
> > --- a/arch/x86/kvm/vmx.c
> > +++ b/arch/x86/kvm/vmx.c
> > @@ -11896,6 +11896,17 @@ static int nested_vmx_load_cr3(struct kvm_vcpu *vcpu, unsigned long cr3, bool ne
> >         return 0;
> >  }
> >
> > +static u64 nested_vmx_calc_efer(struct vcpu_vmx *vmx, struct vmcs12 *vmcs12)
> > +{
> > +       if (vmx->nested.nested_run_pending &&
> > +           (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_IA32_EFER))
> > +               return vmcs12->guest_ia32_efer;
> > +       else if (vmcs12->vm_entry_controls & VM_ENTRY_IA32E_MODE)
> > +               return vmx->vcpu.arch.efer | (EFER_LMA | EFER_LME);
> > +       else
> > +               return vmx->vcpu.arch.efer & ~(EFER_LMA | EFER_LME);
> > +}
> 
> This makes me a little uncomfortable from the save/restore standpoint,
> though it does work given kvm's current behavior. VM-entry controls
> should really only be applied when vmx->nested.nested_run_pending is
> true. Can this be changed to:

nested_vmx_calc_efer() was copied verbatim from the existing code that
calculates vcpu->arch.efer.  I don't have any objections the proposed
change, but it would need to be done in a separate patch.

> 
> if (!vmx->nested.nested_run_pending) {
>         return vmx->vcpu.arch.efer;
> } else {
>         if (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_IA32_EFER)
>                 return vmcs12->guest_ia32_efer;
>         else if (vmcs12->vm_entry_controls & VM_ENTRY_IA32E_MODE)
>                 return vmx->vcpu.arch.efer | (EFER_LMA | EFER_LME);
>         else
>                 return vmx->vcpu.arch.efer & ~(EFER_LMA | EFER_LME);
> }
> 
> Reviewed-by: Jim Mattson <jmattson@xxxxxxxxxx>