As an alternative to forcing early consistency checks in hardware (to avoid reaching nested_vmx_restore_host_state() due to a missed VM-FAIL), stuff vmcs01.GUEST_CR3 with L1's desired CR3 prior to nested VM-Entry so that nested_vmx_restore_host_state() loads the correct L1 state when EPT is disabled in L0. Code complexity in the two approaches is roughly similar, although the GUEST_CR3 stuffing is definitely more subtle. The primary motiviation is performance, e.g. VMWRITE is less than 30 cyles, whereas doing consistency checks via hardware is several hundred cycles. Arguably performance may be somewhat of a moot point when EPT is disabled, but Nehalem hardware isn't *that* old. :-) Sean Christopherson (2): KVM: nVMX: Stash L1's CR3 in vmcs01.GUEST_CR3 on nested entry w/o EPT Revert "KVM: nVMX: always use early vmcs check when EPT is disabled" arch/x86/include/uapi/asm/vmx.h | 1 - arch/x86/kvm/vmx/nested.c | 27 ++++++--------------------- 2 files changed, 6 insertions(+), 22 deletions(-) -- 2.21.0
