Re: [PATCH v3 07/15] KVM: nVMX: Use KVM-governed feature framework to track "nested VMX enabled"
From: Huang, Kai
Date: Tue Aug 15 2023 - 22:46:42 EST
On Tue, 2023-08-15 at 13:36 -0700, Sean Christopherson wrote:
> Track "VMX exposed to L1" via a governed feature flag instead of using a
> dedicated helper to provide the same functionality. The main goal is to
> drive convergence between VMX and SVM with respect to querying features
> that are controllable via module param (SVM likes to cache nested
> features), avoiding the guest CPUID lookups at runtime is just a bonus
> and unlikely to provide any meaningful performance benefits.
>
> No functional change intended.
>
>
[...]
>
> -/*
> - * nested_vmx_allowed() checks whether a guest should be allowed to use VMX
> - * instructions and MSRs (i.e., nested VMX). Nested VMX is disabled for
> - * all guests if the "nested" module option is off, and can also be disabled
> - * for a single guest by disabling its VMX cpuid bit.
> - */
> -bool nested_vmx_allowed(struct kvm_vcpu *vcpu)
> -{
> - return nested && guest_cpuid_has(vcpu, X86_FEATURE_VMX);
> -}
> -
>
[...]
> @@ -7750,13 +7739,15 @@ static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu)
> guest_cpuid_has(vcpu, X86_FEATURE_XSAVE))
> kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_XSAVES);
>
> + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_VMX);
> +
>
Nit:
nested_vmx_allowed() also checks 'nested' global variable. However
kvm_governed_feature_check_and_set() is called unconditionally. Although IIUC
it should never actually set the VMX governed bit when 'nested=0', it's not that
obvious in _this_ patch.
Should we explicitly call this out in the changelog so git blamers can
understand this more easily in the future?