If VPID is disabled on a guest, upon VM entries, TLB entries associated
with VPID 0000H will be invalidated. Enable VPID for host VM to improve
VMX transition overhead.
Signed-off-by: Zide Chen <zide.chen@xxxxxxxxx>
Signed-off-by: Jason Chen CJ <jason.cj.chen@xxxxxxxxx>
---
arch/x86/kvm/vmx/pkvm/hyp/init_finalise.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/arch/x86/kvm/vmx/pkvm/hyp/init_finalise.c b/arch/x86/kvm/vmx/pkvm/hyp/init_finalise.c
index ae10d550448d..e0c74d5ac2fa 100644
--- a/arch/x86/kvm/vmx/pkvm/hyp/init_finalise.c
+++ b/arch/x86/kvm/vmx/pkvm/hyp/init_finalise.c
@@ -289,6 +289,21 @@ int __pkvm_init_finalise(struct kvm_vcpu *vcpu, struct pkvm_section sections[],
secondary_exec_controls_setbit(&pkvm_host_vcpu->vmx, SECONDARY_EXEC_ENABLE_EPT);
vmcs_write64(EPT_POINTER, eptp);
+ /* enable vpid */
+ if (pkvm_hyp->vmcs_config.cpu_based_2nd_exec_ctrl & SECONDARY_EXEC_ENABLE_VPID) {
+ static u16 pkvm_host_vpid = VMX_NR_VPIDS - 1;
+
+ /*
+ * Fixed VPIDs for the host vCPUs, which implies that it could conflict
+ * with VPIDs from nested guests.
+ *
+ * It's safe because cached mappings used in non-root mode are associated
+ * with EP4TA, which is managed by pKVM and unique for every guest.
+ */
+ vmcs_write16(VIRTUAL_PROCESSOR_ID, pkvm_host_vpid--);
+ secondary_exec_controls_setbit(&pkvm_host_vcpu->vmx, SECONDARY_EXEC_ENABLE_VPID);
+ }
+
ept_sync_global();
out:
--
2.25.1
