From mboxrd@z Thu Jan 1 00:00:00 1970 From: Paolo Bonzini Subject: Re: [PATCH v4 11/13] nEPT: Advertise EPT to L1 Date: Mon, 29 Jul 2013 11:21:38 +0200 Message-ID: <51F63422.4020406@redhat.com> References: <1374750001-28527-1-git-send-email-gleb@redhat.com> <1374750001-28527-12-git-send-email-gleb@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: kvm@vger.kernel.org, Xiao Guangrong , Jun Nakajima , Yang Zhang To: Gleb Natapov Return-path: Received: from mx1.redhat.com ([209.132.183.28]:48516 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753052Ab3G2Kmn (ORCPT ); Mon, 29 Jul 2013 06:42:43 -0400 In-Reply-To: <1374750001-28527-12-git-send-email-gleb@redhat.com> Sender: kvm-owner@vger.kernel.org List-ID: Il 25/07/2013 12:59, Gleb Natapov ha scritto: > + if (enable_ept) { > + /* nested EPT: emulate EPT also to L1 */ > + nested_vmx_secondary_ctls_high |= SECONDARY_EXEC_ENABLE_EPT; > + nested_vmx_ept_caps = VMX_EPT_PAGE_WALK_4_BIT; > + nested_vmx_ept_caps |= > + VMX_EPT_INVEPT_BIT | VMX_EPT_EXTENT_GLOBAL_BIT | > + VMX_EPT_EXTENT_CONTEXT_BIT | > + VMX_EPT_EXTENT_INDIVIDUAL_BIT; What version of the Intel manual defines bit 24? Mine is January 2013 and only has 20/25/26. > + nested_vmx_ept_caps &= vmx_capability.ept; This is always missing VMX_EPT_EXECUTE_ONLY_BIT, should it be added before the "&=". Also, the three extent bits should always be fine for the MSR, independent of the host support, because the processor will do the INVEPT vmexit before checking the INVEPT type against the processor capabilities. So they can be added after the "&=". Related to this, I suppose enable_ept should depend on VMX_EPT_INVEPT_BIT too (it currently doesn't) since vmx_flush_tlb does an unconditional invept under "if (enable_ept)". This is really just nitpicking though. Paolo > + } else > + nested_vmx_ept_caps = 0;