[PATCH RFC 7/7] KVM: nVMX: implement enlightened VMPTRLD

From: Vitaly Kuznetsov
Date: Mon Dec 18 2017 - 12:18:36 EST

Next message: Vitaly Kuznetsov: "[PATCH RFC 5/7] KVM: nVMX: add KVM_CAP_HYPERV_ENLIGHTENED_VMCS capability"
Previous message: Vitaly Kuznetsov: "[PATCH RFC 6/7] KVM: nVMX: add enlightened VMCS state"
In reply to: Vitaly Kuznetsov: "[PATCH RFC 6/7] KVM: nVMX: add enlightened VMCS state"
Next in thread: Vitaly Kuznetsov: "[PATCH RFC 5/7] KVM: nVMX: add KVM_CAP_HYPERV_ENLIGHTENED_VMCS capability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Ladi Prosek <lprosek@xxxxxxxxxx>

Per Hyper-V TLFS 5.0b:

"The L1 hypervisor may choose to use enlightened VMCSs by writing 1 to
the corresponding field in the VP assist page (see section 7.8.7).
Another field in the VP assist page controls the currently active
enlightened VMCS. Each enlightened VMCS is exactly one page (4 KB) in
size and must be initially zeroed. No VMPTRLD instruction must be
executed to make an enlightened VMCS active or current.

After the L1 hypervisor performs a VM entry with an enlightened VMCS,
the VMCS is considered active on the processor. An enlightened VMCS
can only be active on a single processor at the same time. The L1
hypervisor can execute a VMCLEAR instruction to transition an
enlightened VMCS from the active to the non-active state. Any VMREAD
or VMWRITE instructions while an enlightened VMCS is active is
unsupported and can result in unexpected behavior."

Note that we choose to not modify our VMREAD, VMWRITE, and VMPTRLD
handlers. They will not cause any explicit failure but may not have
the intended effect.

Signed-off-by: Ladi Prosek <lprosek@xxxxxxxxxx>
Signed-off-by: Vitaly Kuznetsov <vkuznets@xxxxxxxxxx>
---
arch/x86/kvm/vmx.c | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 00b4a362351d..f7f6f7d18ade 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -20,6 +20,7 @@
#include "mmu.h"
#include "cpuid.h"
#include "lapic.h"
+#include "hyperv.h"

#include <linux/kvm_host.h>
#include <linux/module.h>
@@ -7935,6 +7936,30 @@ static int handle_vmptrld(struct kvm_vcpu *vcpu)
return kvm_skip_emulated_instruction(vcpu);
}

+static int nested_vmx_handle_enlightened_vmptrld(struct kvm_vcpu *vcpu)
+{
+ struct vcpu_vmx *vmx = to_vmx(vcpu);
+ struct hv_vp_assist_page assist_page;
+
+ if (!vmx->nested.enlightened_vmcs_enabled)
+ return 1;
+
+ vmx->nested.enlightened_vmcs_active =
+ kvm_hv_get_assist_page(vcpu, &assist_page) &&
+ assist_page.enlighten_vmentry;
+
+ if (vmx->nested.enlightened_vmcs_active &&
+ assist_page.current_nested_vmcs != vmx->nested.current_vmptr) {
+ /*
+ * This is an equivalent of the nested hypervisor executing
+ * the vmptrld instruction.
+ */
+ set_current_vmptr(vmx, assist_page.current_nested_vmcs);
+ copy_enlightened_to_vmcs12(vmx);
+ }
+ return 1;
+}
+
/* Emulate the VMPTRST instruction */
static int handle_vmptrst(struct kvm_vcpu *vcpu)
{
@@ -11045,6 +11070,9 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch)
if (!nested_vmx_check_permission(vcpu))
return 1;

+ if (!nested_vmx_handle_enlightened_vmptrld(vcpu))
+ return 1;
+
if (!nested_vmx_check_vmcs12(vcpu))
goto out;

--
2.14.3

Next message: Vitaly Kuznetsov: "[PATCH RFC 5/7] KVM: nVMX: add KVM_CAP_HYPERV_ENLIGHTENED_VMCS capability"
Previous message: Vitaly Kuznetsov: "[PATCH RFC 6/7] KVM: nVMX: add enlightened VMCS state"
In reply to: Vitaly Kuznetsov: "[PATCH RFC 6/7] KVM: nVMX: add enlightened VMCS state"
Next in thread: Vitaly Kuznetsov: "[PATCH RFC 5/7] KVM: nVMX: add KVM_CAP_HYPERV_ENLIGHTENED_VMCS capability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]