hv: nested: redundant permission check on nested_vmentry()

check_vmx_permission() is called in vmresume_vmexit_handler() and
vmlaunch_vmexit_handler() already.

Tracked-On: #6289
Signed-off-by: Zide Chen <zide.chen@intel.com>

hypervisor/arch/x86/guest/nested.c

@@ -1409,52 +1409,50 @@ static void nested_vmentry(struct acrn_vcpu *vcpu, bool is_launch)
 {
 	struct acrn_vmcs12 *vmcs12 = &vcpu->arch.nested.vmcs12;
 
-	if (check_vmx_permission(vcpu)) {
+	if (vcpu->arch.nested.current_vmcs12_ptr == INVALID_GPA) {
-		if (vcpu->arch.nested.current_vmcs12_ptr == INVALID_GPA) {
+		nested_vmx_result(VMfailInvalid, 0);
-			nested_vmx_result(VMfailInvalid, 0);
+	} else if (is_launch && (vmcs12->launch_state != VMCS12_LAUNCH_STATE_CLEAR)) {
-		} else if (is_launch && (vmcs12->launch_state != VMCS12_LAUNCH_STATE_CLEAR)) {
+		nested_vmx_result(VMfailValid, VMXERR_VMLAUNCH_NONCLEAR_VMCS);
-			nested_vmx_result(VMfailValid, VMXERR_VMLAUNCH_NONCLEAR_VMCS);
+	} else if (!is_launch && (vmcs12->launch_state != VMCS12_LAUNCH_STATE_LAUNCHED)) {
-		} else if (!is_launch && (vmcs12->launch_state != VMCS12_LAUNCH_STATE_LAUNCHED)) {
+		nested_vmx_result(VMfailValid, VMXERR_VMRESUME_NONLAUNCHED_VMCS);
-			nested_vmx_result(VMfailValid, VMXERR_VMRESUME_NONLAUNCHED_VMCS);
+	} else {
-		} else {
+		/*
-			/*
+		 * TODO: Need to do VM-Entry checks before L2 VM entry.
-			 * TODO: Need to do VM-Entry checks before L2 VM entry.
+		 * Refer to ISDM Vol3 VMX Instructions reference.
-			 * Refer to ISDM Vol3 VMX Instructions reference.
+		 */
-			 */
 
-			/*
+		/*
-			 * Convert the shadow VMCS to an ordinary VMCS.
+		 * Convert the shadow VMCS to an ordinary VMCS.
-			 * ISDM: Software should not modify the shadow-VMCS indicator in
+		 * ISDM: Software should not modify the shadow-VMCS indicator in
-			 * the VMCS region of a VMCS that is active
+		 * the VMCS region of a VMCS that is active
-			 */
+		 */
-			clear_va_vmcs(vcpu->arch.nested.vmcs02);
+		clear_va_vmcs(vcpu->arch.nested.vmcs02);
-			clear_vmcs02_shadow_indicator(vcpu);
+		clear_vmcs02_shadow_indicator(vcpu);
 
-			/* as an ordinary VMCS, VMCS02 is active and currernt when L2 guest is running */
+		/* as an ordinary VMCS, VMCS02 is active and currernt when L2 guest is running */
-			load_va_vmcs(vcpu->arch.nested.vmcs02);
+		load_va_vmcs(vcpu->arch.nested.vmcs02);
 
-			/* Merge L0 settings and L1 settings for VMCS Control fields */
+		/* Merge L0 settings and L1 settings for VMCS Control fields */
-			merge_and_sync_control_fields(vcpu);
+		merge_and_sync_control_fields(vcpu);
 
-			/* vCPU is in guest mode from this point */
+		/* vCPU is in guest mode from this point */
-			vcpu->arch.nested.in_l2_guest = true;
+		vcpu->arch.nested.in_l2_guest = true;
 
-			if (is_launch) {
+		if (is_launch) {
-				vmcs12->launch_state = VMCS12_LAUNCH_STATE_LAUNCHED;
+			vmcs12->launch_state = VMCS12_LAUNCH_STATE_LAUNCHED;
-			}
-
-			/*
-			 * There are two reasons to set vcpu->launched to false even for VMRESUME:
-			 *
-			 * - the launch state of VMCS02 is clear at this moment.
-			 * - currently VMX_VPID is shadowing to L1, and it could happens that
-			 *   L2 VPID will be conflicted with L1 VPID. We rely on run_vcpu() to
-			 *   flush global vpid in the VMLAUNCH path to resolve this conflict.
-			 *
-			 *  TODO: emulate L2 VPID to avoid VPID flush.
-			 */
-			vcpu->launched = false;
 		}
+
+		/*
+		 * There are two reasons to set vcpu->launched to false even for VMRESUME:
+		 *
+		 * - the launch state of VMCS02 is clear at this moment.
+		 * - currently VMX_VPID is shadowing to L1, and it could happens that
+		 *   L2 VPID will be conflicted with L1 VPID. We rely on run_vcpu() to
+		 *   flush global vpid in the VMLAUNCH path to resolve this conflict.
+		 *
+		 *  TODO: emulate L2 VPID to avoid VPID flush.
+		 */
+		vcpu->launched = false;
 	}
 }