On 18/08/2016 20:00, Jim Mattson wrote: > If L0 sets the VMX_EPT_AD_ENABLE_BIT in the vmcs02 EPT pointer, then > any TLB miss encountered while executing L2 will result in an EPT > violation when the CPU tries to walk L2's page tables (write access to > a write protected page). However, this EPT violation cannot be > forwarded to L1, because L1's virtual CPU would not have delivered it. > (L1's virtual CPU would have performed a read access rather than a > write access.) > > With this configuration, L0 will have to emulate each and every L2 instruction. > > Better would be for L0 to set the VMX_EPT_AD_ENABLE_BIT in vmcs02 to > match the VMX_EPT_AD_ENABLE_BIT in vmcs12. And in fact, because we don't expose the feature at all, vmcs02 should never set the bit. Would this fix a failure in kvm-unit-tests x86/vmx.c, too? > Of course, this means that L0 will lose the ability to do > accessed/dirty page tracking of L2 using the shadow EPT tables for L2. Indeed, and that's the reason why I never got the courage to look into a fix for that vmx.c failure... But maybe it would be enough to ensure the A/D bits are set when FNAME(sync_page) calls set_spte (accessed is set if speculative==false; for dirty you'd have to invent a new argument or something like that). Paolo -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
