| Message ID | 1366958611-6935-7-git-send-email-jun.nakajima@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 2013-04-26 08:43, Jun Nakajima wrote: > Advertise the support of EPT to the L1 guest, through the appropriate MSR. > > This is the last patch of the basic Nested EPT feature, so as to allow > bisection through this patch series: The guest will not see EPT support until > this last patch, and will not attempt to use the half-applied feature. > > Signed-off-by: Nadav Har'El <nyh@il.ibm.com> > Signed-off-by: Jun Nakajima <jun.nakajima@intel.com> > Signed-off-by: Xinhao Xu <xinhao.xu@intel.com> > --- > arch/x86/kvm/vmx.c | 17 +++++++++++++++-- > 1 file changed, 15 insertions(+), 2 deletions(-) > > diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c > index 66ead51..76df3a8 100644 > --- a/arch/x86/kvm/vmx.c > +++ b/arch/x86/kvm/vmx.c > @@ -2027,6 +2027,7 @@ static u32 nested_vmx_secondary_ctls_low, nested_vmx_secondary_ctls_high; > static u32 nested_vmx_pinbased_ctls_low, nested_vmx_pinbased_ctls_high; > static u32 nested_vmx_exit_ctls_low, nested_vmx_exit_ctls_high; > static u32 nested_vmx_entry_ctls_low, nested_vmx_entry_ctls_high; > +static u32 nested_vmx_ept_caps; > static __init void nested_vmx_setup_ctls_msrs(void) > { > /* > @@ -2102,6 +2103,18 @@ static __init void nested_vmx_setup_ctls_msrs(void) > nested_vmx_secondary_ctls_low = 0; > nested_vmx_secondary_ctls_high &= > SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES; > + if (enable_ept) { > + /* nested EPT: emulate EPT also to L1 */ > + nested_vmx_secondary_ctls_high |= SECONDARY_EXEC_ENABLE_EPT; > + nested_vmx_ept_caps = VMX_EPT_PAGE_WALK_4_BIT; > + nested_vmx_ept_caps |= > + VMX_EPT_INVEPT_BIT | VMX_EPT_EXTENT_GLOBAL_BIT | > + VMX_EPT_EXTENT_CONTEXT_BIT | > + VMX_EPT_EXTENT_INDIVIDUAL_BIT; > + nested_vmx_ept_caps &= vmx_capability.ept; > + } else > + nested_vmx_ept_caps = 0; > + > } > > static inline bool vmx_control_verify(u32 control, u32 low, u32 high) > @@ -2201,8 +2214,8 @@ static int vmx_get_vmx_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 *pdata) > nested_vmx_secondary_ctls_high); > break; > case MSR_IA32_VMX_EPT_VPID_CAP: > - /* Currently, no nested ept or nested vpid */ > - *pdata = 0; > + /* Currently, no nested vpid support */ > + *pdata = nested_vmx_ept_caps; > break; > default: > return 0; > This patch depends on #defines from the next one. Jan
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 66ead51..76df3a8 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -2027,6 +2027,7 @@ static u32 nested_vmx_secondary_ctls_low, nested_vmx_secondary_ctls_high; static u32 nested_vmx_pinbased_ctls_low, nested_vmx_pinbased_ctls_high; static u32 nested_vmx_exit_ctls_low, nested_vmx_exit_ctls_high; static u32 nested_vmx_entry_ctls_low, nested_vmx_entry_ctls_high; +static u32 nested_vmx_ept_caps; static __init void nested_vmx_setup_ctls_msrs(void) { /* @@ -2102,6 +2103,18 @@ static __init void nested_vmx_setup_ctls_msrs(void) nested_vmx_secondary_ctls_low = 0; nested_vmx_secondary_ctls_high &= SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES; + if (enable_ept) { + /* nested EPT: emulate EPT also to L1 */ + nested_vmx_secondary_ctls_high |= SECONDARY_EXEC_ENABLE_EPT; + nested_vmx_ept_caps = VMX_EPT_PAGE_WALK_4_BIT; + nested_vmx_ept_caps |= + VMX_EPT_INVEPT_BIT | VMX_EPT_EXTENT_GLOBAL_BIT | + VMX_EPT_EXTENT_CONTEXT_BIT | + VMX_EPT_EXTENT_INDIVIDUAL_BIT; + nested_vmx_ept_caps &= vmx_capability.ept; + } else + nested_vmx_ept_caps = 0; + } static inline bool vmx_control_verify(u32 control, u32 low, u32 high) @@ -2201,8 +2214,8 @@ static int vmx_get_vmx_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 *pdata) nested_vmx_secondary_ctls_high); break; case MSR_IA32_VMX_EPT_VPID_CAP: - /* Currently, no nested ept or nested vpid */ - *pdata = 0; + /* Currently, no nested vpid support */ + *pdata = nested_vmx_ept_caps; break; default: return 0;