[PATCH 1/5] KVM: nVMX: Skip VM-Execution Control vmentry checks that are necessary only if VMCS12 is dirty

Krish Sadhukhan <krish.sadhukhan@xxxxxxxxxx> · Sun, 7 Jul 2019 03:11:43 -0400

..so that every nested vmentry is not slowed down by those checks.

Signed-off-by: Krish Sadhukhan <krish.sadhukhan@xxxxxxxxxx>
---
 arch/x86/kvm/vmx/nested.c | 57 +++++++++++++++++++++++++--------------
 1 file changed, 37 insertions(+), 20 deletions(-)

diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index 856a83aa42f5..b0b59c78b3e8 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -2429,6 +2429,38 @@ static bool valid_ept_address(struct kvm_vcpu *vcpu, u64 address)
 	return true;
 }
 
+static int nested_check_vm_execution_controls_full(struct kvm_vcpu *vcpu,
+						   struct vmcs12 *vmcs12)
+{
+	struct vcpu_vmx *vmx = to_vmx(vcpu);
+
+	if (nested_vmx_check_msr_bitmap_controls(vcpu, vmcs12) ||
+	    nested_vmx_check_pml_controls(vcpu, vmcs12))
+		return -EINVAL;
+
+	if (nested_cpu_has_ept(vmcs12) &&
+	    !valid_ept_address(vcpu, vmcs12->ept_pointer))
+		return -EINVAL;
+
+	if (nested_cpu_has_vmfunc(vmcs12)) {
+		if (vmcs12->vm_function_control &
+		    ~vmx->nested.msrs.vmfunc_controls)
+			return -EINVAL;
+
+		if (nested_cpu_has_eptp_switching(vmcs12)) {
+			if (!nested_cpu_has_ept(vmcs12) ||
+			    !page_address_valid(vcpu,
+			     vmcs12->eptp_list_address))
+				return -EINVAL;
+		}
+	}
+
+	if (nested_cpu_has_vpid(vmcs12) && !vmcs12->virtual_processor_id)
+		return -EINVAL;
+
+	return 0;
+}
+
 /*
  * Checks related to VM-Execution Control Fields
  */
@@ -2437,6 +2469,10 @@ static int nested_check_vm_execution_controls(struct kvm_vcpu *vcpu,
 {
 	struct vcpu_vmx *vmx = to_vmx(vcpu);
 
+	if ((vmx->nested.dirty_vmcs12) &&
+	    nested_check_vm_execution_controls_full(vcpu, vmcs12))
+		return -EINVAL;
+
 	if (!vmx_control_verify(vmcs12->pin_based_vm_exec_control,
 				vmx->nested.msrs.pinbased_ctls_low,
 				vmx->nested.msrs.pinbased_ctls_high) ||
@@ -2453,38 +2489,19 @@ static int nested_check_vm_execution_controls(struct kvm_vcpu *vcpu,
 
 	if (vmcs12->cr3_target_count > nested_cpu_vmx_misc_cr3_count(vcpu) ||
 	    nested_vmx_check_io_bitmap_controls(vcpu, vmcs12) ||
-	    nested_vmx_check_msr_bitmap_controls(vcpu, vmcs12) ||
 	    nested_vmx_check_tpr_shadow_controls(vcpu, vmcs12) ||
 	    nested_vmx_check_apic_access_controls(vcpu, vmcs12) ||
 	    nested_vmx_check_apicv_controls(vcpu, vmcs12) ||
 	    nested_vmx_check_nmi_controls(vmcs12) ||
-	    nested_vmx_check_pml_controls(vcpu, vmcs12) ||
 	    nested_vmx_check_unrestricted_guest_controls(vcpu, vmcs12) ||
 	    nested_vmx_check_mode_based_ept_exec_controls(vcpu, vmcs12) ||
-	    nested_vmx_check_shadow_vmcs_controls(vcpu, vmcs12) ||
-	    (nested_cpu_has_vpid(vmcs12) && !vmcs12->virtual_processor_id))
+	    nested_vmx_check_shadow_vmcs_controls(vcpu, vmcs12))
 		return -EINVAL;
 
 	if (!nested_cpu_has_preemption_timer(vmcs12) &&
 	    nested_cpu_has_save_preemption_timer(vmcs12))
 		return -EINVAL;
 
-	if (nested_cpu_has_ept(vmcs12) &&
-	    !valid_ept_address(vcpu, vmcs12->ept_pointer))
-		return -EINVAL;
-
-	if (nested_cpu_has_vmfunc(vmcs12)) {
-		if (vmcs12->vm_function_control &
-		    ~vmx->nested.msrs.vmfunc_controls)
-			return -EINVAL;
-
-		if (nested_cpu_has_eptp_switching(vmcs12)) {
-			if (!nested_cpu_has_ept(vmcs12) ||
-			    !page_address_valid(vcpu, vmcs12->eptp_list_address))
-				return -EINVAL;
-		}
-	}
-
 	return 0;
 }
 
-- 
2.20.1







