From patchwork Mon May 6 07:04:28 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nakajima, Jun" X-Patchwork-Id: 2522911 Return-Path: X-Original-To: patchwork-kvm@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork2.kernel.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by patchwork2.kernel.org (Postfix) with ESMTP id 3F379DF230 for ; Mon, 6 May 2013 07:05:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752997Ab3EFHE7 (ORCPT ); Mon, 6 May 2013 03:04:59 -0400 Received: from mail-pd0-f180.google.com ([209.85.192.180]:48590 "EHLO mail-pd0-f180.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752973Ab3EFHE6 (ORCPT ); Mon, 6 May 2013 03:04:58 -0400 Received: by mail-pd0-f180.google.com with SMTP id t10so1868393pdi.39 for ; Mon, 06 May 2013 00:04:57 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:from:to:subject:date:message-id:x-mailer:in-reply-to :references:x-gm-message-state; bh=3YXQGlyI9/om8FCQWsM/D6ZY8HaXgpy+dCV6aSJqGUs=; b=I7JFgL0tkYA+GEkiAUCos+kaVm2RA96lVteq/a0gyq3QpdWCCnFofUbKUL4gNgFqX9 EoJyxabZTYv03LbnPJaOp/NHeoPob9WfZTHGDtccZWVQelobUbikLhpHTNF8HeBhJ0IY kk00jK+vGX5mxNhxy5oZqTMXsWi3bQmLav5HcAulVQUnZKMujrcalYbi6+Wa0r1/46Iw vuICR0S/DTCtRETEVV72Lj0w+yue4zyodH50yR+cd0lGwxU7Sp/WU54vH9mx6VxqO07t 4FCUufoRsVBcWTwVKwelvlFnUXPUAQV5CIZv9DIdH/bVPlhnJVYQ0IAcYabq2KJQwSpA FFfQ== X-Received: by 10.68.97.130 with SMTP id ea2mr23970211pbb.129.1367823897764; Mon, 06 May 2013 00:04:57 -0700 (PDT) Received: from localhost (c-98-207-34-191.hsd1.ca.comcast.net. [98.207.34.191]) by mx.google.com with ESMTPSA id ov2sm22717370pbc.34.2013.05.06.00.04.56 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Mon, 06 May 2013 00:04:56 -0700 (PDT) From: Jun Nakajima To: kvm@vger.kernel.org Subject: [PATCH v2 09/13] nEPT: Advertise EPT to L1 Date: Mon, 6 May 2013 00:04:28 -0700 Message-Id: <1367823872-25895-9-git-send-email-jun.nakajima@intel.com> X-Mailer: git-send-email 1.8.2.1.610.g562af5b In-Reply-To: <1367823872-25895-8-git-send-email-jun.nakajima@intel.com> References: <1367823872-25895-1-git-send-email-jun.nakajima@intel.com> <1367823872-25895-2-git-send-email-jun.nakajima@intel.com> <1367823872-25895-3-git-send-email-jun.nakajima@intel.com> <1367823872-25895-4-git-send-email-jun.nakajima@intel.com> <1367823872-25895-5-git-send-email-jun.nakajima@intel.com> <1367823872-25895-6-git-send-email-jun.nakajima@intel.com> <1367823872-25895-7-git-send-email-jun.nakajima@intel.com> <1367823872-25895-8-git-send-email-jun.nakajima@intel.com> X-Gm-Message-State: ALoCoQl/81ofJw2UBqytTrVErLY3KfGkDSkIyBluKdSf84+z0KEdTgEmeQzt+pYZy0FELsZYWnsX Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Advertise the support of EPT to the L1 guest, through the appropriate MSR. This is the last patch of the basic Nested EPT feature, so as to allow bisection through this patch series: The guest will not see EPT support until this last patch, and will not attempt to use the half-applied feature. Signed-off-by: Nadav Har'El Signed-off-by: Jun Nakajima Signed-off-by: Xinhao Xu --- arch/x86/include/asm/vmx.h | 2 ++ arch/x86/kvm/vmx.c | 17 +++++++++++++++-- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h index b6fbf86..79a5beb 100644 --- a/arch/x86/include/asm/vmx.h +++ b/arch/x86/include/asm/vmx.h @@ -376,7 +376,9 @@ enum vmcs_field { #define VMX_EPTP_WB_BIT (1ull << 14) #define VMX_EPT_2MB_PAGE_BIT (1ull << 16) #define VMX_EPT_1GB_PAGE_BIT (1ull << 17) +#define VMX_EPT_INVEPT_BIT (1ull << 20) #define VMX_EPT_AD_BIT (1ull << 21) +#define VMX_EPT_EXTENT_INDIVIDUAL_BIT (1ull << 24) #define VMX_EPT_EXTENT_CONTEXT_BIT (1ull << 25) #define VMX_EPT_EXTENT_GLOBAL_BIT (1ull << 26) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 419b9e3..de6cfb4 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -2027,6 +2027,7 @@ static u32 nested_vmx_secondary_ctls_low, nested_vmx_secondary_ctls_high; static u32 nested_vmx_pinbased_ctls_low, nested_vmx_pinbased_ctls_high; static u32 nested_vmx_exit_ctls_low, nested_vmx_exit_ctls_high; static u32 nested_vmx_entry_ctls_low, nested_vmx_entry_ctls_high; +static u32 nested_vmx_ept_caps; static __init void nested_vmx_setup_ctls_msrs(void) { /* @@ -2102,6 +2103,18 @@ static __init void nested_vmx_setup_ctls_msrs(void) nested_vmx_secondary_ctls_low = 0; nested_vmx_secondary_ctls_high &= SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES; + if (enable_ept) { + /* nested EPT: emulate EPT also to L1 */ + nested_vmx_secondary_ctls_high |= SECONDARY_EXEC_ENABLE_EPT; + nested_vmx_ept_caps = VMX_EPT_PAGE_WALK_4_BIT; + nested_vmx_ept_caps |= + VMX_EPT_INVEPT_BIT | VMX_EPT_EXTENT_GLOBAL_BIT | + VMX_EPT_EXTENT_CONTEXT_BIT | + VMX_EPT_EXTENT_INDIVIDUAL_BIT; + nested_vmx_ept_caps &= vmx_capability.ept; + } else + nested_vmx_ept_caps = 0; + } static inline bool vmx_control_verify(u32 control, u32 low, u32 high) @@ -2201,8 +2214,8 @@ static int vmx_get_vmx_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 *pdata) nested_vmx_secondary_ctls_high); break; case MSR_IA32_VMX_EPT_VPID_CAP: - /* Currently, no nested ept or nested vpid */ - *pdata = 0; + /* Currently, no nested vpid support */ + *pdata = nested_vmx_ept_caps; break; default: return 0;