From mboxrd@z Thu Jan 1 00:00:00 1970 From: Paolo Bonzini Subject: Re: [PATCH v4 11/13] nEPT: Advertise EPT to L1 Date: Mon, 29 Jul 2013 13:33:26 +0200 Message-ID: <51F65306.5030405@redhat.com> References: <1374750001-28527-1-git-send-email-gleb@redhat.com> <1374750001-28527-12-git-send-email-gleb@redhat.com> <51F63422.4020406@redhat.com> <20130729111115.GE18009@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: kvm@vger.kernel.org, Xiao Guangrong , Jun Nakajima , Yang Zhang To: Gleb Natapov Return-path: Received: from mx1.redhat.com ([209.132.183.28]:39788 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750888Ab3G2Lds (ORCPT ); Mon, 29 Jul 2013 07:33:48 -0400 In-Reply-To: <20130729111115.GE18009@redhat.com> Sender: kvm-owner@vger.kernel.org List-ID: Il 29/07/2013 13:11, Gleb Natapov ha scritto: > > > + nested_vmx_ept_caps &= vmx_capability.ept; > > > > This is always missing VMX_EPT_EXECUTE_ONLY_BIT, should it be added > > before the "&=". > > I am not at all sure our current shadow implementation can support > execute only pages. Best to leave it off for now. Ok, I was tricked by this reference to nested_vmx_ept_caps's execonly bit: + int r = kvm_init_shadow_ept_mmu(vcpu, &vcpu->arch.mmu, + nested_vmx_ept_caps & VMX_EPT_EXECUTE_ONLY_BIT); It's probably best to add a comment there, saying that the bit will always be zero for now. >> Also, the three extent bits should always be fine for the MSR, >> independent of the host support, because the processor will do the >> INVEPT vmexit before checking the INVEPT type against the processor >> capabilities. So they can be added after the "&=". >> > Good point. For v5 you probably should leave out individual-addr invalidation from this and the EPT patch too, though. Paolo