From mboxrd@z Thu Jan 1 00:00:00 1970 From: Gleb Natapov Subject: Re: [PATCH 10/10] KVM: nVMX: Enable and disable shadow vmcs functionality Date: Wed, 17 Apr 2013 17:41:07 +0300 Message-ID: <20130417144107.GL1682@redhat.com> References: <1366199437-abelg@il.ibm.com> <20130417115541.064183806E7@moren.haifa.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: kvm@vger.kernel.org, owasserm@redhat.com, nadav@harel.org.il, jun.nakajima@intel.com, dongxiao.xu@intel.com To: Abel Gordon Return-path: Received: from mx1.redhat.com ([209.132.183.28]:53783 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S966466Ab3DQOlO (ORCPT ); Wed, 17 Apr 2013 10:41:14 -0400 Content-Disposition: inline In-Reply-To: <20130417115541.064183806E7@moren.haifa.ibm.com> Sender: kvm-owner@vger.kernel.org List-ID: On Wed, Apr 17, 2013 at 02:55:40PM +0300, Abel Gordon wrote: > Once L1 loads VMCS12 we enable shadow-vmcs capability and copy all the VMCS12 > shadowed fields to the shadow vmcs. When we release the VMCS12, we also > disable shadow-vmcs capability. > > Signed-off-by: Abel Gordon > --- > arch/x86/kvm/vmx.c | 11 +++++++++++ > 1 file changed, 11 insertions(+) > > --- .before/arch/x86/kvm/vmx.c 2013-04-17 14:20:51.000000000 +0300 > +++ .after/arch/x86/kvm/vmx.c 2013-04-17 14:20:51.000000000 +0300 > @@ -5590,12 +5590,17 @@ static int nested_vmx_check_permission(s > > static inline void nested_release_vmcs12(struct vcpu_vmx *vmx) > { > + u32 exec_control; > if (enable_shadow_vmcs) { > if (vmx->nested.current_vmcs12 != NULL) { > /* copy to memory all shadowed fields in case > they were modified */ > copy_shadow_to_vmcs12(vmx); > vmx->nested.sync_shadow_vmcs = false; > + exec_control = vmcs_read32(SECONDARY_VM_EXEC_CONTROL); > + exec_control &= ~SECONDARY_EXEC_SHADOW_VMCS; > + vmcs_write32(SECONDARY_VM_EXEC_CONTROL, exec_control); > + vmcs_write64(VMCS_LINK_POINTER, -1ull); > free_vmcs(vmx->nested.current_shadow_vmcs); > } > } > @@ -6084,6 +6089,7 @@ static int handle_vmptrld(struct kvm_vcp > gpa_t vmptr; > struct x86_exception e; > struct vmcs *shadow_vmcs; > + u32 exec_control; > > if (!nested_vmx_check_permission(vcpu)) > return 1; > @@ -6140,6 +6146,11 @@ static int handle_vmptrld(struct kvm_vcp > /* init shadow vmcs */ > vmcs_clear(shadow_vmcs); > vmx->nested.current_shadow_vmcs = shadow_vmcs; > + exec_control = vmcs_read32(SECONDARY_VM_EXEC_CONTROL); > + exec_control |= SECONDARY_EXEC_SHADOW_VMCS; > + vmcs_write32(SECONDARY_VM_EXEC_CONTROL, exec_control); > + vmcs_write64(VMCS_LINK_POINTER, > + __pa(shadow_vmcs)); How hard would it be to disable shadowing for individual vmcs if shadow vmcs allocation fails? It bothers me a little that we can fail perfectly valid vmptrld() because of failed allocation. > vmx->nested.sync_shadow_vmcs = true; > } > } > > -- > To unsubscribe from this list: send the line "unsubscribe kvm" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- Gleb.