On 07/07/19 09:11, Krish Sadhukhan wrote:
> ..so that every nested vmentry is not slowed down by those checks.
>
> Signed-off-by: Krish Sadhukhan <krish.sadhukhan@xxxxxxxxxx>
Here I think only the EFER check needs to be done always (before it
refers GUEST_CR0 which is shadowed).
Paolo
> ---
> arch/x86/kvm/vmx/nested.c | 20 ++++++++++++++++----
> 1 file changed, 16 insertions(+), 4 deletions(-)
>
> diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
> index b610f389a01b..095923b1d765 100644
> --- a/arch/x86/kvm/vmx/nested.c
> +++ b/arch/x86/kvm/vmx/nested.c
> @@ -2748,10 +2748,23 @@ static int nested_check_guest_non_reg_state(struct vmcs12 *vmcs12)
> return 0;
> }
>
> +static int nested_vmx_check_guest_state_full(struct kvm_vcpu *vcpu,
> + struct vmcs12 *vmcs12,
> + u32 *exit_qual)
> +{
> + if ((vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS) &&
> + (is_noncanonical_address(vmcs12->guest_bndcfgs & PAGE_MASK, vcpu) ||
> + (vmcs12->guest_bndcfgs & MSR_IA32_BNDCFGS_RSVD)))
> + return -EINVAL;
> +
> + return 0;
> +}
> +
> static int nested_vmx_check_guest_state(struct kvm_vcpu *vcpu,
> struct vmcs12 *vmcs12,
> u32 *exit_qual)
> {
> + struct vcpu_vmx *vmx = to_vmx(vcpu);
> bool ia32e;
>
> *exit_qual = ENTRY_FAIL_DEFAULT;
> @@ -2788,10 +2801,9 @@ static int nested_vmx_check_guest_state(struct kvm_vcpu *vcpu,
> return -EINVAL;
> }
>
> - if ((vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS) &&
> - (is_noncanonical_address(vmcs12->guest_bndcfgs & PAGE_MASK, vcpu) ||
> - (vmcs12->guest_bndcfgs & MSR_IA32_BNDCFGS_RSVD)))
> - return -EINVAL;
> + if (vmx->nested.dirty_vmcs12 &&
> + nested_vmx_check_guest_state_full(vcpu, vmcs12, exit_qual))
> + return -EINVAL;
>
> if (nested_check_guest_non_reg_state(vmcs12))
> return -EINVAL;
>
