KVM: nVMX: Enable and disable shadow vmcs functionality

Once L1 loads VMCS12 we enable shadow-vmcs capability and copy all the VMCS12
shadowed fields to the shadow vmcs.  When we release the VMCS12, we also
disable shadow-vmcs capability.

Signed-off-by: Abel Gordon <abelg@il.ibm.com>
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index c5baecc..6abce2d 100644 (file)
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -5616,12 +5616,17 @@ static int nested_vmx_check_permission(struct kvm_vcpu *vcpu)
 
 static inline void nested_release_vmcs12(struct vcpu_vmx *vmx)
 {
+       u32 exec_control;
        if (enable_shadow_vmcs) {
                if (vmx->nested.current_vmcs12 != NULL) {
                        /* copy to memory all shadowed fields in case
                           they were modified */
                        copy_shadow_to_vmcs12(vmx);
                        vmx->nested.sync_shadow_vmcs = false;
+                       exec_control = vmcs_read32(SECONDARY_VM_EXEC_CONTROL);
+                       exec_control &= ~SECONDARY_EXEC_SHADOW_VMCS;
+                       vmcs_write32(SECONDARY_VM_EXEC_CONTROL, exec_control);
+                       vmcs_write64(VMCS_LINK_POINTER, -1ull);
                }
        }
        kunmap(vmx->nested.current_vmcs12_page);
@@ -6110,6 +6115,7 @@ static int handle_vmptrld(struct kvm_vcpu *vcpu)
        gva_t gva;
        gpa_t vmptr;
        struct x86_exception e;
+       u32 exec_control;
 
        if (!nested_vmx_check_permission(vcpu))
                return 1;
@@ -6155,6 +6161,11 @@ static int handle_vmptrld(struct kvm_vcpu *vcpu)
                vmx->nested.current_vmcs12 = new_vmcs12;
                vmx->nested.current_vmcs12_page = page;
                if (enable_shadow_vmcs) {
+                       exec_control = vmcs_read32(SECONDARY_VM_EXEC_CONTROL);
+                       exec_control |= SECONDARY_EXEC_SHADOW_VMCS;
+                       vmcs_write32(SECONDARY_VM_EXEC_CONTROL, exec_control);
+                       vmcs_write64(VMCS_LINK_POINTER,
+                                    __pa(vmx->nested.current_shadow_vmcs));
                        vmx->nested.sync_shadow_vmcs = true;
                }
        }