On 26/09/2018 18:23, Sean Christopherson wrote: > KVM currently defers many VMX consistency checks to the CPU, including > checks that result in VMFail (as opposed to VMExit). This behavior > may be undesirable for some users since this means KVM detects certain > classes of VMFail only after it has processed guest state. Because > there is a strict ordering between checks that cause VMFail and those > that cause VMExit, i.e. all VMFail checks are performed before any > checks that cause VMExit, we can detect all VMFail conditions via a > dry run of sorts. > > The end goal of this series is to add an optional (param-controlled) > pre-run VMEnter into the nested_vmx_run() flow in order to perform > all VMFail consistency checks prior to actually running vmcs02. By > itself, this is not a complex process, but getting KVM to a point > where the approach is viable requires a fair amount of refactoring, > e.g. to split prepare_vmcs02() so that there is a point where vmcs02 > can pass the VMFail checks without first consuming guest state. > > And while the goal (and subject) of this series is to enable early > consistency checks, the vast majority of the series deals with bug > fixes and cleanups in the nested VMX code. During the refactoring > and testing, a number of pre-existing bugs, opportunities for code > cleanup and easy optimization points (which unconvered more bugs) > were encountered. > > Ideally, these patches would be split into 3-4 separate series, > especially the bug fix patches. I smushed everything into a single > series because the early VMEnter code breaks without the bug fixes > and the refactoring shuffles the same code, and some of the cleanup > and fixes are inter-dependent. I've now finished rebasing it, but haven't tested it yet. I made some small changes to patch 19: 1) remove auto mode and default to off for now (we can always add back auto mode if the defaults are changed) 2) rename the parameter to nested_early_check I'll push it tomorrow hopefully. Paolo
