Re: [PATCH 3/6] KVM: VMX: Detect Tertiary VM-Execution control when setup VMCS config

Sean Christopherson <seanjc@xxxxxxxxxx> · Thu, 29 Jul 2021 00:03:55 +0000

On Fri, Jul 16, 2021, Zeng Guang wrote:
> @@ -4204,6 +4234,13 @@ vmx_adjust_secondary_exec_control(struct vcpu_vmx *vmx, u32 *exec_control,
>  #define vmx_adjust_sec_exec_exiting(vmx, exec_control, lname, uname) \
>  	vmx_adjust_sec_exec_control(vmx, exec_control, lname, uname, uname##_EXITING, true)
>  
> +static void vmx_compute_tertiary_exec_control(struct vcpu_vmx *vmx)
> +{
> +	u32 exec_control = vmcs_config.cpu_based_3rd_exec_ctrl;

This is incorrectly truncating the value.

> +
> +	vmx->tertiary_exec_control = exec_control;
> +}
> +
>  static void vmx_compute_secondary_exec_control(struct vcpu_vmx *vmx)
>  {
>  	struct kvm_vcpu *vcpu = &vmx->vcpu;
> @@ -4319,6 +4356,11 @@ static void init_vmcs(struct vcpu_vmx *vmx)
>  		secondary_exec_controls_set(vmx, vmx->secondary_exec_control);
>  	}
>  
> +	if (cpu_has_tertiary_exec_ctrls()) {
> +		vmx_compute_tertiary_exec_control(vmx);
> +		tertiary_exec_controls_set(vmx, vmx->tertiary_exec_control);

IMO, the existing vmx->secondary_exec_control is an abomination that should not
exist.  Looking at the code, it's actually not hard to get rid, there's just one
annoying use in prepare_vmcs02_early() that requires a bit of extra work to get
rid of.

Anyways, for tertiary controls, I'd prefer to avoid the same mess and instead
follow vmx_exec_control(), both in functionality and in name:

  static u64 vmx_tertiary_exec_control(struct vcpu_vmx *vmx)
  {
	return vmcs_config.cpu_based_3rd_exec_ctrl;
  }

and:

	if (cpu_has_tertiary_exec_ctrls())
		tertiary_exec_controls_set(vmx, vmx_tertiary_exec_control(vmx));

and then the next patch becomes:

  static u64 vmx_tertiary_exec_control(struct vcpu_vmx *vmx)
  {
	u64 exec_control = vmcs_config.cpu_based_3rd_exec_ctrl;

	if (!kvm_vcpu_apicv_active(vcpu))
		exec_control &= ~TERTIARY_EXEC_IPI_VIRT;

	return exec_control;
  }

And I'll work on a patch to purge vmx->secondary_exec_control.

> +	}
> +
>  	if (kvm_vcpu_apicv_active(&vmx->vcpu)) {
>  		vmcs_write64(EOI_EXIT_BITMAP0, 0);
>  		vmcs_write64(EOI_EXIT_BITMAP1, 0);
> diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
> index 945c6639ce24..c356ceebe84c 100644
> --- a/arch/x86/kvm/vmx/vmx.h
> +++ b/arch/x86/kvm/vmx/vmx.h
> @@ -266,6 +266,7 @@ struct vcpu_vmx {
>  	u32		      msr_ia32_umwait_control;
>  
>  	u32 secondary_exec_control;
> +	u64 tertiary_exec_control;
>  
>  	/*
>  	 * loaded_vmcs points to the VMCS currently used in this vcpu. For a
> -- 
> 2.25.1
> 