On Mon, Sep 23, 2019 at 05:08:38PM -0400, Andrea Arcangeli wrote:
> Hello,
>
> On Mon, Sep 23, 2019 at 01:23:49PM -0700, Sean Christopherson wrote:
> > The attached patch should do the trick.
>
> The two most attractive options to me remains what I already have
> implemented under #ifdef CONFIG_RETPOLINE with direct calls
> (optionally replacing the "if" with a small "switch" still under
> CONFIG_RETPOLINE if we give up the prioritization of the checks), or
> the replacement of kvm_vmx_exit_handlers with a switch() as suggested
> by Vitaly which would cleanup some code.
>
> The intermediate solution that makes "const" work, has the cons of
> forcing to parse EXIT_REASON_VMCLEAR and the other vmx exit reasons
> twice, first through a pointer to function (or another if or switch
> statement) then with a second switch() statement.
>
> If we'd use a single switch statement per Vitaly's suggestion, the "if
> nested" would better be more simply implemented as:
>
> switch (exit_reason) {
> case EXIT_REASON_VMCLEAR:
> if (nested)
> return handle_vmclear(vcpu);
> else
> return handle_vmx_instruction(vcpu);
> case EXIT_REASON_VMCLEAR:
> if (nested)
> [..]
Combing if/case statements would mitigate this to some degree, e.g.:
if (exit_reason >= EXIT_REASON_VMCALL &&
exit_reason <= EXIT_REASON_VMON)
return handle_vmx_instruction(vcpu);
or
case EXIT_REASON_VMCALL ... EXIT_REASON_VMON:
return handle_vmx_instruction(vcpu);
> This also removes the compiler dependency to auto inline
> handle_vmclear in the added nested_vmx_handle_vmx_instruction extern
> call.
I like the idea of routing through handle_vmx_instruction() because it
allows the individual handlers to be wholly encapsulated in nested.c,
e.g. handle_vmclear() and company don't have to be exposed.
An extra CALL+RET isn't going to be noticeable, especially on modern
hardware as the high frequency VMWRITE/VMREAD fields should hit the
shadow VMCS.
> VMREAD/WRITE/RESUME are the most frequent vmexit in l0 while nested
> runs in l2.
>
> Thanks,
> Andrea
