From mboxrd@z Thu Jan 1 00:00:00 1970 From: Gleb Natapov Subject: Re: [PATCH v4 11/13] nEPT: Advertise EPT to L1 Date: Mon, 29 Jul 2013 14:35:31 +0300 Message-ID: <20130729113530.GA24973@redhat.com> References: <1374750001-28527-1-git-send-email-gleb@redhat.com> <1374750001-28527-12-git-send-email-gleb@redhat.com> <51F63422.4020406@redhat.com> <20130729111115.GE18009@redhat.com> <51F65306.5030405@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: kvm@vger.kernel.org, Xiao Guangrong , Jun Nakajima , Yang Zhang To: Paolo Bonzini Return-path: Received: from mx1.redhat.com ([209.132.183.28]:4493 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752186Ab3G2Lfg (ORCPT ); Mon, 29 Jul 2013 07:35:36 -0400 Content-Disposition: inline In-Reply-To: <51F65306.5030405@redhat.com> Sender: kvm-owner@vger.kernel.org List-ID: On Mon, Jul 29, 2013 at 01:33:26PM +0200, Paolo Bonzini wrote: > Il 29/07/2013 13:11, Gleb Natapov ha scritto: > > > > + nested_vmx_ept_caps &= vmx_capability.ept; > > > > > > This is always missing VMX_EPT_EXECUTE_ONLY_BIT, should it be added > > > before the "&=". > > > > I am not at all sure our current shadow implementation can support > > execute only pages. Best to leave it off for now. > > Ok, I was tricked by this reference to nested_vmx_ept_caps's execonly bit: > > + int r = kvm_init_shadow_ept_mmu(vcpu, &vcpu->arch.mmu, > + nested_vmx_ept_caps & VMX_EPT_EXECUTE_ONLY_BIT); > > It's probably best to add a comment there, saying that the bit will > always be zero for now. > > >> Also, the three extent bits should always be fine for the MSR, > >> independent of the host support, because the processor will do the > >> INVEPT vmexit before checking the INVEPT type against the processor > >> capabilities. So they can be added after the "&=". > >> > > Good point. > > For v5 you probably should leave out individual-addr invalidation from > this and the EPT patch too, though. > Of course. The define should not be introduces again. -- Gleb.