]> www.infradead.org Git - nvme.git/commitdiff
kvm: nVMX: Eliminate APIC access page sharing between L1 and L2
authorJim Mattson <jmattson@google.com>
Wed, 9 May 2018 21:02:03 +0000 (17:02 -0400)
committerPaolo Bonzini <pbonzini@redhat.com>
Mon, 14 May 2018 16:24:24 +0000 (18:24 +0200)
It is only possible to share the APIC access page between L1 and L2 if
they also share the virtual-APIC page.  If L2 has its own virtual-APIC
page, then MMIO accesses to L1's TPR from L2 will access L2's TPR
instead.  Moreover, L1's local APIC has to be in xAPIC mode, which is
another condition that hasn't been checked.

Signed-off-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
arch/x86/kvm/vmx.c

index 4149c5ee09fc63cb54f1a7e0d34a101fc71b0996..ea098131dcce52098057c9896cebdd806ba148f2 100644 (file)
@@ -8871,11 +8871,13 @@ static bool nested_vmx_exit_reflected(struct kvm_vcpu *vcpu, u32 exit_reason)
        case EXIT_REASON_TPR_BELOW_THRESHOLD:
                return nested_cpu_has(vmcs12, CPU_BASED_TPR_SHADOW);
        case EXIT_REASON_APIC_ACCESS:
-               return nested_cpu_has2(vmcs12,
-                       SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES);
        case EXIT_REASON_APIC_WRITE:
        case EXIT_REASON_EOI_INDUCED:
-               /* apic_write and eoi_induced should exit unconditionally. */
+               /*
+                * The controls for "virtualize APIC accesses," "APIC-
+                * register virtualization," and "virtual-interrupt
+                * delivery" only come from vmcs12.
+                */
                return true;
        case EXIT_REASON_EPT_VIOLATION:
                /*
@@ -9327,24 +9329,7 @@ static void vmx_set_virtual_apic_mode(struct kvm_vcpu *vcpu)
 
 static void vmx_set_apic_access_page_addr(struct kvm_vcpu *vcpu, hpa_t hpa)
 {
-       struct vcpu_vmx *vmx = to_vmx(vcpu);
-
-       /*
-        * Currently we do not handle the nested case where L2 has an
-        * APIC access page of its own; that page is still pinned.
-        * Hence, we skip the case where the VCPU is in guest mode _and_
-        * L1 prepared an APIC access page for L2.
-        *
-        * For the case where L1 and L2 share the same APIC access page
-        * (flexpriority=Y but SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES clear
-        * in the vmcs12), this function will only update either the vmcs01
-        * or the vmcs02.  If the former, the vmcs02 will be updated by
-        * prepare_vmcs02.  If the latter, the vmcs01 will be updated in
-        * the next L2->L1 exit.
-        */
-       if (!is_guest_mode(vcpu) ||
-           !nested_cpu_has2(get_vmcs12(&vmx->vcpu),
-                            SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES)) {
+       if (!is_guest_mode(vcpu)) {
                vmcs_write64(APIC_ACCESS_ADDR, hpa);
                vmx_flush_tlb(vcpu, true);
        }
@@ -10418,11 +10403,6 @@ static void nested_get_vmcs12_pages(struct kvm_vcpu *vcpu,
                        vmcs_clear_bits(SECONDARY_VM_EXEC_CONTROL,
                                        SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES);
                }
-       } else if (!(nested_cpu_has_virt_x2apic_mode(vmcs12)) &&
-                  cpu_need_virtualize_apic_accesses(&vmx->vcpu)) {
-               vmcs_set_bits(SECONDARY_VM_EXEC_CONTROL,
-                             SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES);
-               kvm_vcpu_reload_apic_access_page(vcpu);
        }
 
        if (nested_cpu_has(vmcs12, CPU_BASED_TPR_SHADOW)) {