KVM: x86/mmu: Reduce the update to the spte in FNAME(sync_spte)

Sometimes when the guest updates its pagetable, it adds only new gptes
to it without changing any existed one, so there is no point to update
the sptes for these existed gptes.

Also when the sptes for these unchanged gptes are updated, the AD
bits are also removed since make_spte() is called with prefetch=true
which might result unneeded TLB flushing.

Just do nothing if the gpte's permissions are unchanged.

Signed-off-by: Lai Jiangshan <jiangshan.ljs@antgroup.com>
Link: https://lore.kernel.org/r/20230216154115.710033-7-jiangshanlai@gmail.com
[sean: expand comment to call out A/D bits]
Signed-off-by: Sean Christopherson <seanjc@google.com>

diff --git a/arch/x86/kvm/mmu/paging_tmpl.h b/arch/x86/kvm/mmu/paging_tmpl.h
index c07b2e7..4047b8f 100644 (file)
--- a/arch/x86/kvm/mmu/paging_tmpl.h
+++ b/arch/x86/kvm/mmu/paging_tmpl.h
@@ -985,6 +985,14 @@ static int FNAME(sync_spte)(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp, int
                drop_spte(vcpu->kvm, &sp->spt[i]);
                return 1;
        }
+       /*
+        * Do nothing if the permissions are unchanged.  The existing SPTE is
+        * still, and prefetch_invalid_gpte() has verified that the A/D bits
+        * are set in the "new" gPTE, i.e. there is no danger of missing an A/D
+        * update due to A/D bits being set in the SPTE but not the gPTE.
+        */
+       if (kvm_mmu_page_get_access(sp, i) == pte_access)
+               return 0;
 
        /* Update the shadowed access bits in case they changed. */
        kvm_mmu_page_set_access(sp, i, pte_access);