On 16/11/2015 19:18, =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= wrote: >> > No idea how would I even test it, so I'm not interested in #VE at this >> > point. If you are - go ahead and post a patch for that on top though, >> > why not. > I thought that it's going to be simpler to provide functionality (that > utilizes eptp switching) to the guest through #VE, which probably isn't > true as I think more about it. (Not interested in implementing it :]) #VE and EPTP switching are distinct features, one does not imply the other. Unfortunately, EPTP switching is designed for a very specific use case where the hypervisor is effectively part of the kernel, and the kernel is trusted to some extent. Examples include antivirus software and virtual machines. Antiviruses do use VMFUNC, that's as far as I know the only current use case of it (https://embedded.communities.intel.com/community/en/applications/blog/2013/06/13/roving-reporter-enhancing-retail-security-and-manageability-with-4th-generation-intel-core-processors). So I'm against this patch, but only because I'm not sure why KVM would ever use EPTP switching in its current incarnation. The guest kernel is absolutely not trusted by KVM. Paolo -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
