On 07/05/19 21:18, Sean Christopherson wrote:
> KVM dynamically toggles SECONDARY_EXEC_DESC to intercept (a subset of)
> instructions that are subject to User-Mode Instruction Prevention, i.e.
> VMCS.SECONDARY_EXEC_DESC == CR4.UMIP when emulating UMIP. Preset the
> VMCS control when preparing vmcs02 to avoid unnecessarily VMWRITEs,
> e.g. KVM will clear VMCS.SECONDARY_EXEC_DESC in prepare_vmcs02_early()
> and then set it in vmx_set_cr4().
>
> Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
> ---
> arch/x86/kvm/vmx/nested.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
> index e4d363661ae7..4b5be38cfc86 100644
> --- a/arch/x86/kvm/vmx/nested.c
> +++ b/arch/x86/kvm/vmx/nested.c
> @@ -2057,6 +2057,11 @@ static void prepare_vmcs02_early(struct vcpu_vmx *vmx, struct vmcs12 *vmcs12)
> /* VMCS shadowing for L2 is emulated for now */
> exec_control &= ~SECONDARY_EXEC_SHADOW_VMCS;
>
> + /* Preset *DT exiting when emulating UMIP (vmx_set_cr4()). */
> + if (!boot_cpu_has(X86_FEATURE_UMIP) && vmx_umip_emulated() &&
> + (vmcs12->guest_cr4 & X86_CR4_UMIP))
> + exec_control |= SECONDARY_EXEC_DESC;
I am not sure how used this functionality is, but I guess it's not a big
price to pay. However, --verbose is preferred:
/*
* Preset *DT exiting when emulating UMIP, so that vmx_set_cr4()
* will not have to rewrite the controls just for this bit.
*/
Paolo
> if (exec_control & SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY)
> vmcs_write16(GUEST_INTR_STATUS,
> vmcs12->guest_intr_status);
>
