KVM: nVMX: Don't advertise single context invalidation for invept
For single context invalidation, we fall through to global invalidation in handle_invept() except for one case - when the operand supplied by L1 is different from what we have in vmcs12. However, typically hypervisors will only call invept for the currently loaded eptp, so the condition will never be true. Signed-off-by: Bandan Das <bsd@redhat.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
This commit is contained in:
parent
fd2a445a94
commit
4b85507860
@ -2353,12 +2353,11 @@ static __init void nested_vmx_setup_ctls_msrs(void)
|
|||||||
VMX_EPT_INVEPT_BIT;
|
VMX_EPT_INVEPT_BIT;
|
||||||
nested_vmx_ept_caps &= vmx_capability.ept;
|
nested_vmx_ept_caps &= vmx_capability.ept;
|
||||||
/*
|
/*
|
||||||
* Since invept is completely emulated we support both global
|
* For nested guests, we don't do anything specific
|
||||||
* and context invalidation independent of what host cpu
|
* for single context invalidation. Hence, only advertise
|
||||||
* supports
|
* support for global context invalidation.
|
||||||
*/
|
*/
|
||||||
nested_vmx_ept_caps |= VMX_EPT_EXTENT_GLOBAL_BIT |
|
nested_vmx_ept_caps |= VMX_EPT_EXTENT_GLOBAL_BIT;
|
||||||
VMX_EPT_EXTENT_CONTEXT_BIT;
|
|
||||||
} else
|
} else
|
||||||
nested_vmx_ept_caps = 0;
|
nested_vmx_ept_caps = 0;
|
||||||
|
|
||||||
@ -6441,7 +6440,6 @@ static int handle_invept(struct kvm_vcpu *vcpu)
|
|||||||
struct {
|
struct {
|
||||||
u64 eptp, gpa;
|
u64 eptp, gpa;
|
||||||
} operand;
|
} operand;
|
||||||
u64 eptp_mask = ((1ull << 51) - 1) & PAGE_MASK;
|
|
||||||
|
|
||||||
if (!(nested_vmx_secondary_ctls_high & SECONDARY_EXEC_ENABLE_EPT) ||
|
if (!(nested_vmx_secondary_ctls_high & SECONDARY_EXEC_ENABLE_EPT) ||
|
||||||
!(nested_vmx_ept_caps & VMX_EPT_INVEPT_BIT)) {
|
!(nested_vmx_ept_caps & VMX_EPT_INVEPT_BIT)) {
|
||||||
@ -6481,16 +6479,13 @@ static int handle_invept(struct kvm_vcpu *vcpu)
|
|||||||
}
|
}
|
||||||
|
|
||||||
switch (type) {
|
switch (type) {
|
||||||
case VMX_EPT_EXTENT_CONTEXT:
|
|
||||||
if ((operand.eptp & eptp_mask) !=
|
|
||||||
(nested_ept_get_cr3(vcpu) & eptp_mask))
|
|
||||||
break;
|
|
||||||
case VMX_EPT_EXTENT_GLOBAL:
|
case VMX_EPT_EXTENT_GLOBAL:
|
||||||
kvm_mmu_sync_roots(vcpu);
|
kvm_mmu_sync_roots(vcpu);
|
||||||
kvm_mmu_flush_tlb(vcpu);
|
kvm_mmu_flush_tlb(vcpu);
|
||||||
nested_vmx_succeed(vcpu);
|
nested_vmx_succeed(vcpu);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
/* Trap single context invalidation invept calls */
|
||||||
BUG_ON(1);
|
BUG_ON(1);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user