From: Dave Voutila <dv@sisu.io>
Subject: vmm: drop checks for EPT/RVI
To: tech <tech@openbsd.org>
Cc: Mike Larkin <mlarkin@openbsd.org>
Date: Wed, 24 Jul 2024 11:13:36 -0400

Just some small clean up. We require EPT (Intel) or RVI (AMD) for nested
paging and don't support shadow page tables or HLAT, so no need to check
in these locations.

ok?

diff refs/heads/master refs/heads/vmm-mode-check
commit - 1fc5fb4556b6cbb84acb24d3133eae35c36e35cb
commit + 6194692c11d947121929ce2fb3aa534a8814326e
blob - 18ef8b75754d7e44be81095bf98a3807cefbd5a3
blob + c3f30d7f6d6cb0c51f4e09e776441817df5e863a
--- sys/arch/amd64/amd64/vmm_machdep.c
+++ sys/arch/amd64/amd64/vmm_machdep.c
@@ -1987,10 +1987,8 @@ vcpu_reset_regs_svm(struct vcpu *vcpu, struct vcpu_reg
             PATENTRY(6, PAT_UCMINUS) | PATENTRY(7, PAT_UC);

 	/* NPT */
-	if (vmm_softc->mode == VMM_MODE_RVI) {
-		vmcb->v_np_enable = 1;
-		vmcb->v_n_cr3 = vcpu->vc_parent->vm_map->pmap->pm_pdirpa;
-	}
+	vmcb->v_np_enable = 1;
+	vmcb->v_n_cr3 = vcpu->vc_parent->vm_map->pmap->pm_pdirpa;

 	/* Enable SVME in EFER (must always be set) */
 	vmcb->v_efer |= EFER_SVME;
@@ -2363,11 +2361,8 @@ vcpu_reset_regs_vmx(struct vcpu *vcpu, struct vcpu_reg
 	    IA32_VMX_USE_TPR_SHADOW;
 	want0 = 0;

-	if (vmm_softc->mode == VMM_MODE_EPT) {
-		want1 |= IA32_VMX_ACTIVATE_SECONDARY_CONTROLS;
-		want0 |= IA32_VMX_CR3_LOAD_EXITING |
-		    IA32_VMX_CR3_STORE_EXITING;
-	}
+	want1 |= IA32_VMX_ACTIVATE_SECONDARY_CONTROLS;
+	want0 |= IA32_VMX_CR3_LOAD_EXITING | IA32_VMX_CR3_STORE_EXITING;

 	if (vcpu->vc_vmx_basic & IA32_VMX_TRUE_CTLS_AVAIL) {
 		ctrl = IA32_VMX_TRUE_PROCBASED_CTLS;
@@ -2403,7 +2398,7 @@ vcpu_reset_regs_vmx(struct vcpu *vcpu, struct vcpu_reg
 	 * IA32_VMX_UNRESTRICTED_GUEST - enable unrestricted guest (if caller
 	 *     specified CR0_PG | CR0_PE in %cr0 in the 'vrs' parameter)
 	 */
-	want1 = 0;
+	want1 = IA32_VMX_ENABLE_EPT;

 	/* XXX checking for 2ndary controls can be combined here */
 	if (vcpu_vmx_check_cap(vcpu, IA32_VMX_PROCBASED_CTLS,
@@ -2415,9 +2410,6 @@ vcpu_reset_regs_vmx(struct vcpu *vcpu, struct vcpu_reg
 		}
 	}

-	if (vmm_softc->mode == VMM_MODE_EPT)
-		want1 |= IA32_VMX_ENABLE_EPT;
-
 	if (vcpu_vmx_check_cap(vcpu, IA32_VMX_PROCBASED_CTLS,
 	    IA32_VMX_ACTIVATE_SECONDARY_CONTROLS, 1)) {
 		if (vcpu_vmx_check_cap(vcpu, IA32_VMX_PROCBASED2_CTLS,
@@ -5419,8 +5411,7 @@ vmx_handle_cr0_write(struct vcpu *vcpu, uint64_t r)
 	/* If the guest hasn't enabled paging ... */
 	if (!(r & CR0_PG) && (oldcr0 & CR0_PG)) {
 		/* Paging was disabled (prev. enabled) - Flush TLB */
-		if (vmm_softc->mode == VMM_MODE_EPT &&
-		    vcpu->vc_vmx_vpid_enabled) {
+		if (vcpu->vc_vmx_vpid_enabled) {
 			vid.vid_vpid = vcpu->vc_vpid;
 			vid.vid_addr = 0;
 			invvpid(IA32_VMX_INVVPID_SINGLE_CTX_GLB, &vid);