From: Mike Larkin <mlarkin@nested.page>
Subject: Re: vmm: drop checks for EPT/RVI
To: Dave Voutila <dv@sisu.io>
Cc: tech <tech@openbsd.org>
Date: Wed, 24 Jul 2024 12:08:21 -0700

On Wed, Jul 24, 2024 at 11:13:36AM -0400, Dave Voutila wrote:
> Just some small clean up. We require EPT (Intel) or RVI (AMD) for nested
> paging and don't support shadow page tables or HLAT, so no need to check
> in these locations.
>
> ok?

remnants from a much earlier time. ok mlarkin

>
> diff refs/heads/master refs/heads/vmm-mode-check
> commit - 1fc5fb4556b6cbb84acb24d3133eae35c36e35cb
> commit + 6194692c11d947121929ce2fb3aa534a8814326e
> blob - 18ef8b75754d7e44be81095bf98a3807cefbd5a3
> blob + c3f30d7f6d6cb0c51f4e09e776441817df5e863a
> --- sys/arch/amd64/amd64/vmm_machdep.c
> +++ sys/arch/amd64/amd64/vmm_machdep.c
> @@ -1987,10 +1987,8 @@ vcpu_reset_regs_svm(struct vcpu *vcpu, struct vcpu_reg
>              PATENTRY(6, PAT_UCMINUS) | PATENTRY(7, PAT_UC);
>
>  	/* NPT */
> -	if (vmm_softc->mode == VMM_MODE_RVI) {
> -		vmcb->v_np_enable = 1;
> -		vmcb->v_n_cr3 = vcpu->vc_parent->vm_map->pmap->pm_pdirpa;
> -	}
> +	vmcb->v_np_enable = 1;
> +	vmcb->v_n_cr3 = vcpu->vc_parent->vm_map->pmap->pm_pdirpa;
>
>  	/* Enable SVME in EFER (must always be set) */
>  	vmcb->v_efer |= EFER_SVME;
> @@ -2363,11 +2361,8 @@ vcpu_reset_regs_vmx(struct vcpu *vcpu, struct vcpu_reg
>  	    IA32_VMX_USE_TPR_SHADOW;
>  	want0 = 0;
>
> -	if (vmm_softc->mode == VMM_MODE_EPT) {
> -		want1 |= IA32_VMX_ACTIVATE_SECONDARY_CONTROLS;
> -		want0 |= IA32_VMX_CR3_LOAD_EXITING |
> -		    IA32_VMX_CR3_STORE_EXITING;
> -	}
> +	want1 |= IA32_VMX_ACTIVATE_SECONDARY_CONTROLS;
> +	want0 |= IA32_VMX_CR3_LOAD_EXITING | IA32_VMX_CR3_STORE_EXITING;
>
>  	if (vcpu->vc_vmx_basic & IA32_VMX_TRUE_CTLS_AVAIL) {
>  		ctrl = IA32_VMX_TRUE_PROCBASED_CTLS;
> @@ -2403,7 +2398,7 @@ vcpu_reset_regs_vmx(struct vcpu *vcpu, struct vcpu_reg
>  	 * IA32_VMX_UNRESTRICTED_GUEST - enable unrestricted guest (if caller
>  	 *     specified CR0_PG | CR0_PE in %cr0 in the 'vrs' parameter)
>  	 */
> -	want1 = 0;
> +	want1 = IA32_VMX_ENABLE_EPT;
>
>  	/* XXX checking for 2ndary controls can be combined here */
>  	if (vcpu_vmx_check_cap(vcpu, IA32_VMX_PROCBASED_CTLS,
> @@ -2415,9 +2410,6 @@ vcpu_reset_regs_vmx(struct vcpu *vcpu, struct vcpu_reg
>  		}
>  	}
>
> -	if (vmm_softc->mode == VMM_MODE_EPT)
> -		want1 |= IA32_VMX_ENABLE_EPT;
> -
>  	if (vcpu_vmx_check_cap(vcpu, IA32_VMX_PROCBASED_CTLS,
>  	    IA32_VMX_ACTIVATE_SECONDARY_CONTROLS, 1)) {
>  		if (vcpu_vmx_check_cap(vcpu, IA32_VMX_PROCBASED2_CTLS,
> @@ -5419,8 +5411,7 @@ vmx_handle_cr0_write(struct vcpu *vcpu, uint64_t r)
>  	/* If the guest hasn't enabled paging ... */
>  	if (!(r & CR0_PG) && (oldcr0 & CR0_PG)) {
>  		/* Paging was disabled (prev. enabled) - Flush TLB */
> -		if (vmm_softc->mode == VMM_MODE_EPT &&
> -		    vcpu->vc_vmx_vpid_enabled) {
> +		if (vcpu->vc_vmx_vpid_enabled) {
>  			vid.vid_vpid = vcpu->vc_vpid;
>  			vid.vid_addr = 0;
>  			invvpid(IA32_VMX_INVVPID_SINGLE_CTX_GLB, &vid);