On Wed, Apr 17, 2013 at 06:18:27PM +0300, Abel Gordon wrote:
>
>
> Gleb Natapov <gleb@xxxxxxxxxx> wrote on 17/04/2013 05:41:07 PM:
>
> > On Wed, Apr 17, 2013 at 02:55:40PM +0300, Abel Gordon wrote:
> > > Once L1 loads VMCS12 we enable shadow-vmcs capability and copy allthe
> VMCS12
> > > shadowed fields to the shadow vmcs. When we release the VMCS12, we
> also
> > > disable shadow-vmcs capability.
> > >
> > > Signed-off-by: Abel Gordon <abelg@xxxxxxxxxx>
> > > ---
> > > arch/x86/kvm/vmx.c | 11 +++++++++++
> > > 1 file changed, 11 insertions(+)
> > >
> > > --- .before/arch/x86/kvm/vmx.c 2013-04-17 14:20:51.000000000 +0300
> > > +++ .after/arch/x86/kvm/vmx.c 2013-04-17 14:20:51.000000000 +0300
> > > @@ -5590,12 +5590,17 @@ static int nested_vmx_check_permission(s
> > >
> > > static inline void nested_release_vmcs12(struct vcpu_vmx *vmx)
> > > {
> > > + u32 exec_control;
> > > if (enable_shadow_vmcs) {
> > > if (vmx->nested.current_vmcs12 != NULL) {
> > > /* copy to memory all shadowed fields in case
> > > they were modified */
> > > copy_shadow_to_vmcs12(vmx);
> > > vmx->nested.sync_shadow_vmcs = false;
> > > + exec_control = vmcs_read32(SECONDARY_VM_EXEC_CONTROL);
> > > + exec_control &= ~SECONDARY_EXEC_SHADOW_VMCS;
> > > + vmcs_write32(SECONDARY_VM_EXEC_CONTROL, exec_control);
> > > + vmcs_write64(VMCS_LINK_POINTER, -1ull);
> > > free_vmcs(vmx->nested.current_shadow_vmcs);
> > > }
> > > }
> > > @@ -6084,6 +6089,7 @@ static int handle_vmptrld(struct kvm_vcp
> > > gpa_t vmptr;
> > > struct x86_exception e;
> > > struct vmcs *shadow_vmcs;
> > > + u32 exec_control;
> > >
> > > if (!nested_vmx_check_permission(vcpu))
> > > return 1;
> > > @@ -6140,6 +6146,11 @@ static int handle_vmptrld(struct kvm_vcp
> > > /* init shadow vmcs */
> > > vmcs_clear(shadow_vmcs);
> > > vmx->nested.current_shadow_vmcs = shadow_vmcs;
> > > + exec_control = vmcs_read32(SECONDARY_VM_EXEC_CONTROL);
> > > + exec_control |= SECONDARY_EXEC_SHADOW_VMCS;
> > > + vmcs_write32(SECONDARY_VM_EXEC_CONTROL, exec_control);
> > > + vmcs_write64(VMCS_LINK_POINTER,
> > > + __pa(shadow_vmcs));
> > How hard would it be to disable shadowing for individual vmcs if shadow
> > vmcs allocation fails? It bothers me a little that we can fail perfectly
> > valid vmptrld() because of failed allocation.
>
> That's really a corner case... IMHO, if we fail to allocate a shadow vmcs
> we may experience bigger issues, like failing to allocate VMCS02.
> Anyway, if we reuse the shadow vmcs as you requested, then we can allocate
> the shadow vmcs once in handle_vmon. In this case, handle_vmon will fail
> and
> not handle_vmptrld.
Yes, I agree that with shadow vmcs reuse the issue is almost non
existent.
--
Gleb.
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
