From: Avi Kivity <avi@redhat.com>
To: "Nadav Har'El" <nyh@il.ibm.com>
Cc: kvm@vger.kernel.org, "Roedel, Joerg" <Joerg.Roedel@amd.com>,
owasserm@redhat.com, abelg@il.ibm.com
Subject: Re: [PATCH 01/10] nEPT: Module option
Date: Thu, 10 Nov 2011 14:23:09 +0200 [thread overview]
Message-ID: <4EBBC22D.8090409@redhat.com> (raw)
In-Reply-To: <201111100958.pAA9wMeL019600@rice.haifa.ibm.com>
On 11/10/2011 11:58 AM, Nadav Har'El wrote:
> Add a module option "nested_ept" determining whether to enable Nested EPT.
>
> Nested EPT means emulating EPT for an L1 guest so that L1 can use EPT when
> running a nested guest L2. When L1 uses EPT, it allows the L2 guest to set
> its own cr3 and take its own page faults without either of L0 or L1 getting
> involved. This often significanlty improves L2's performance over the
> previous two alternatives (shadow page tables over ept, and shadow page
> tables over shadow page tables).
>
> nested_ept is currently enabled by default (when nested VMX is enabled),
> unless L0 doesn't have EPT or disabled it with ept=0.
>
> Users would not normally want to explicitly disable this option. One reason
> why one might want to disable it is to force L1 to make due without the EPT
> capability, when anticipating a future need to migrate this L1 to another
> host which doesn't have EPT. Note that currently there is no API to turn off
> nested EPT for just a single L1 guest. However, obviously, an individual L1
> guest may choose not to use EPT - the nested_cpu_has_ept() checks if L1
> actually used EPT when running L2.
>
> In the future, we can support emulation of EPT for L1 *always*, even when L0
> itself doesn't have EPT. This so-called "EPT on shadow page tables" mode
> has some theoretical advantages over the baseline "shadow page tables on
> shadow page tables" mode typically used when EPT is not available to L0 -
> namely that L2's cr3 changes and page faults can be handled in L0 and do not
> need to be propagated to L1. However, currently we do not support this mode,
> and it is becoming less interesting as newer processors all support EPT.
>
>
I think we can live without this. But we do need a way to control what
features are exposed to the guest, for compatibility and live migration
purposes, as we do with cpuid. So we need some way for host userspace
to write to the vmx read-only feature reporting MSRs.
--
error compiling committee.c: too many arguments to function
next prev parent reply other threads:[~2011-11-10 12:23 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-11-10 9:57 [PATCH 0/10] nEPT: Nested EPT support for Nested VMX Nadav Har'El
2011-11-10 9:58 ` [PATCH 01/10] nEPT: Module option Nadav Har'El
2011-11-10 12:23 ` Avi Kivity [this message]
2011-11-10 14:21 ` Nadav Har'El
2011-11-10 14:38 ` Avi Kivity
2011-11-10 15:14 ` Nadav Har'El
2011-11-10 15:21 ` Avi Kivity
2011-11-10 9:58 ` [PATCH 02/10] nEPT: MMU context for nested EPT Nadav Har'El
2011-11-10 10:31 ` Avi Kivity
2011-11-10 12:49 ` Avi Kivity
2011-11-10 14:40 ` Nadav Har'El
2011-11-10 15:19 ` Avi Kivity
2011-11-10 20:05 ` Nadav Har'El
2011-11-12 10:39 ` Avi Kivity
2011-11-12 21:37 ` Nadav Har'El
2011-11-13 9:10 ` Avi Kivity
2011-11-13 11:30 ` Orit Wasserman
2011-11-13 14:32 ` Avi Kivity
2011-11-13 18:26 ` Orit Wasserman
2011-11-14 8:25 ` Avi Kivity
2011-12-08 15:21 ` Nadav Har'El
2011-12-06 12:40 ` Nadav Har'El
2011-12-06 13:07 ` Avi Kivity
2011-11-23 15:06 ` Nadav Har'El
2011-11-23 15:44 ` Nadav Har'El
2011-11-24 13:36 ` Avi Kivity
2011-12-07 9:06 ` Nadav Har'El
2011-12-07 10:10 ` Avi Kivity
2011-11-10 9:59 ` [PATCH 03/10] nEPT: Fix cr3 handling in nested exit and entry Nadav Har'El
2011-11-10 9:59 ` [PATCH 04/10] nEPT: Fix page table format in nested EPT Nadav Har'El
2011-11-10 10:37 ` Avi Kivity
2011-11-10 11:03 ` Nadav Har'El
2011-11-10 12:21 ` Avi Kivity
2011-11-10 12:50 ` Avi Kivity
2011-11-10 13:07 ` Orit Wasserman
2011-11-10 10:00 ` [PATCH 05/10] nEPT: Fix wrong test in kvm_set_cr3 Nadav Har'El
2011-11-10 10:00 ` [PATCH 06/10] nEPT: Some additional comments Nadav Har'El
2011-11-10 10:01 ` [PATCH 07/10] nEPT: Advertise EPT to L1 Nadav Har'El
2011-11-10 10:01 ` [PATCH 08/10] nEPT: Nested INVEPT Nadav Har'El
2011-11-10 12:17 ` Avi Kivity
2011-12-11 14:24 ` Nadav Har'El
2011-12-11 14:37 ` Avi Kivity
2011-11-10 10:02 ` [PATCH 09/10] nEPT: Documentation Nadav Har'El
2011-11-10 10:02 ` [PATCH 10/10] nEPT: Miscelleneous cleanups Nadav Har'El
2011-11-10 12:26 ` [PATCH 0/10] nEPT: Nested EPT support for Nested VMX Avi Kivity
2011-11-13 8:52 ` Nadav Har'El
2011-11-13 9:21 ` Avi Kivity
2011-12-12 11:37 ` Nadav Har'El
2011-12-12 13:04 ` Avi Kivity
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4EBBC22D.8090409@redhat.com \
--to=avi@redhat.com \
--cc=Joerg.Roedel@amd.com \
--cc=abelg@il.ibm.com \
--cc=kvm@vger.kernel.org \
--cc=nyh@il.ibm.com \
--cc=owasserm@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).