KVM: VMX: don't configure EPT identity map for unrestricted guest

An unrestricted guest can run with hardware CR0.PG==0, i.e.
IA32 paging disabled, in which case there is no need to load
the guest's CR3 with identity mapped IA32 page tables since
hardware will effectively ignore CR3.  If unrestricted guest
is enabled, don't configure the identity mapped IA32 page
table and always load the guest's desired CR3.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index a5d2c6977e3cda0d711ecb99bbbd1b94acf2954f..39216aee60c0e75a9ec99c339312dd141ddd6694 100644 (file)
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -4490,7 +4490,8 @@ static void vmx_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3)
        if (enable_ept) {
                eptp = construct_eptp(vcpu, cr3);
                vmcs_write64(EPT_POINTER, eptp);
-               if (is_paging(vcpu) || is_guest_mode(vcpu))
+               if (enable_unrestricted_guest || is_paging(vcpu) ||
+                   is_guest_mode(vcpu))
                        guest_cr3 = kvm_read_cr3(vcpu);
                else
                        guest_cr3 = vcpu->kvm->arch.ept_identity_map_addr;
@@ -9801,7 +9802,7 @@ static struct kvm_vcpu *vmx_create_vcpu(struct kvm *kvm, unsigned int id)
                        goto free_vmcs;
        }
 
-       if (enable_ept) {
+       if (enable_ept && !enable_unrestricted_guest) {
                err = init_rmode_identity_map(kvm);
                if (err)
                        goto free_vmcs;