Re: [PATCH v2 2/2] KVM: SVM: Use a separate vmcb for the nested L2 guest

From: Paolo Bonzini
Date: Fri Nov 13 2020 - 12:58:52 EST

Next message: nikitos . tr: "[PATCH 1/6] arm64: dts: qcom: msm8916-longcheer-l8150: Enable PM8916 vibrator"
Previous message: Linus Torvalds: "Re: [GIT PULL] bootconfig: Extend the magic check range to the preceding 3 bytes"
In reply to: Paolo Bonzini: "Re: [PATCH v2 2/2] KVM: SVM: Use a separate vmcb for the nested L2 guest"
Next in thread: Paolo Bonzini: "Re: [PATCH v2 2/2] KVM: SVM: Use a separate vmcb for the nested L2 guest"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/10/20 20:48, Cathy Avery wrote:

@@ -432,6 +432,16 @@ int enter_svm_guest_mode(struct vcpu_svm *svm, u64 vmcb_gpa,
int ret;
svm->nested.vmcb = vmcb_gpa;
+
+ WARN_ON(svm->vmcb == svm->nested.vmcb02);
+
+ svm->nested.vmcb02->control = svm->vmcb01->control;

This assignment of the control area should be in nested_prepare_vmcb_control, which is already filling in most of vmcb02->control.

Right now, we save a copy_vmcb_control-area in nested_svm_vmexit so it evens out.

Later, it should be possible to remove most of the assignments from nested_prepare_vmcb_control.

+ svm->nested.vmcb02->save.cr4 = svm->vmcb01->save.cr4;

I cannot understand this statement.

+ nested_svm_vmloadsave(svm->vmcb01, svm->nested.vmcb02);

This is because the vmsave just after the vmexit has moved the vmloadsave registers from vmcb12 to vmcb01, but the next vmload will use vmcb02.

+ svm->vmcb = svm->nested.vmcb02;
+ svm->vmcb_pa = svm->nested.vmcb02_pa;
load_nested_vmcb_control(svm, &nested_vmcb->control);
nested_prepare_vmcb_save(svm, nested_vmcb);
nested_prepare_vmcb_control(svm);

@@ -628,8 +620,10 @@ int nested_svm_vmexit(struct vcpu_svm *svm)
nested_vmcb->control.pause_filter_thresh =
svm->vmcb->control.pause_filter_thresh;
- /* Restore the original control entries */
- copy_vmcb_control_area(&vmcb->control, &hsave->control);
+ nested_svm_vmloadsave(svm->nested.vmcb02, svm->vmcb01);

Same here: the next vmentry's vmload will move the vmloadsave registers from vmcb01 to vmcb12, but for now they are in vmcb02.

It's 16+16 memory-to-memory u64 copies. They mostly even out with the 14+14 copies that we don't have to do anymore on registers handled by VMRUN (es/cs/ss/ds/gdt/idt/rsp/rax---they don't have to be stashed away in hsave anymore). Also, we are able to reuse nested_svm_vmloadsave, which makes it overall a fair tradeoff... but it would have been worth a comment or two. :)

+ svm->nested.vmcb02->control = svm->vmcb01->control;
+ svm->nested.vmcb02->save = svm->vmcb01->save;
+ svm->vmcb01->save = save;

I would have moved these after the comment, matching the existing copy_vmcb_control_area and save-area assignment.

Also, the first save-area assignment should be (because the WARN_ON below must be removed)

svm->nested.vmcb02->save = svm->vmcb->save;

or

if (svm->vmcb == svm->vmcb01)
svm->nested.vmcb02->save = svm->vmcb01->save;

I have applied the patch and fixed the conflicts, so when I have some time I will play a bit more with it and/or pass the updated version back to you.

In the meanwhile, perhaps you could write a new selftests testcase that tries to do KVM_SET_NESTED_STATE while in L2. It can be a simplified version of state-test that invokes KVM_GET_NESTED_STATE + KVM_SET_NESTED_STATE when it gets back to L0.

Paolo

Next message: nikitos . tr: "[PATCH 1/6] arm64: dts: qcom: msm8916-longcheer-l8150: Enable PM8916 vibrator"
Previous message: Linus Torvalds: "Re: [GIT PULL] bootconfig: Extend the magic check range to the preceding 3 bytes"
In reply to: Paolo Bonzini: "Re: [PATCH v2 2/2] KVM: SVM: Use a separate vmcb for the nested L2 guest"
Next in thread: Paolo Bonzini: "Re: [PATCH v2 2/2] KVM: SVM: Use a separate vmcb for the nested L2 guest"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]