From mboxrd@z Thu Jan  1 00:00:00 1970
From: Avi Kivity <avi@redhat.com>
Subject: Re: [PATCH 01/10] nEPT: Module option
Date: Thu, 10 Nov 2011 17:21:01 +0200
Message-ID: <4EBBEBDD.5090106@redhat.com>
References: <1320919040-nyh@il.ibm.com> <201111100958.pAA9wMeL019600@rice.haifa.ibm.com> <4EBBC22D.8090409@redhat.com> <20111110142115.GA3327@fermat.math.technion.ac.il> <4EBBE1CE.5060702@redhat.com> <20111110151405.GC3327@fermat.math.technion.ac.il>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: kvm@vger.kernel.org, "Roedel, Joerg" <Joerg.Roedel@amd.com>,
	owasserm@redhat.com, abelg@il.ibm.com
To: "Nadav Har'El" <nyh@math.technion.ac.il>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:27582 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751136Ab1KJPVL (ORCPT <rfc822;kvm@vger.kernel.org>);
	Thu, 10 Nov 2011 10:21:11 -0500
In-Reply-To: <20111110151405.GC3327@fermat.math.technion.ac.il>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On 11/10/2011 05:14 PM, Nadav Har'El wrote:
> On Thu, Nov 10, 2011, Avi Kivity wrote about "Re: [PATCH 01/10] nEPT: Module option":
> > > By "this", do you mean without the "nested_ept" option, or without the
> > > hypothetical "EPT on shadow page tables" feature?
> > 
> > Er, both.  The feature should be controlled on a per-guest basis, not
> > per host.
> >..
> > It's just redundant, since we do need a per-guest control.
>
> I agreed that per-guest control would have been nicer, but since we
> don't have an API for specifying that per guest since EPT is not,
> unfortunately, a CPUID feature, I thought that at least a host-level
> flag would be useful.
>
> Why would it be useful? I agree it isn't the most important option since
> sliced bread, but if, for example, one day we discover a bug with nested
> EPT, L0 can disable it for all L1 guests and basically force them to use
> shadow page tables on EPT.

Or we just fix the bug.

> It was also useful for me to have this option for benchmarking, because
> I can force back the old shadow-on-EPT method with just a single option
> in L0 (instead of needing to give "ept=0" option in L1s).

When we have the per-guest controls, we can tell userspace to tell the
kernel disable guest EPT.

> If you really don't like the existance of this option, I can easily
> remove it of course.

Yes please.

-- 
error compiling committee.c: too many arguments to function