On 15.03.2017 16:53, Jim Mattson wrote: > Assuming the CPU supports INVEPT by context... > > Things are actually simpler if the nested guest does not use EPT, > because then L1 and L2 share an EP4TA, and the INVEPT invoked by > ept_sync_context will invalidate any cached mappings that either L1 or > L2 might use. > > If the nested guest *does* use EPT, then ept_sync_context will only > invalidate the cached mappings associated with L1 or L2, but not both. > If there is ever a mismatch between vcpu->arch.mmu.root_hpa and > vmx->vpid (i.e. one belongs to L1 and the other belongs to L2), then > the original version of this code would have invalidated the combined > mappings of both L1 and L2, but it still would have invalidated only > the guest-physical mappings associated with the current > vcpu->arch.mmu.root_hpa. > Thanks for the explanation! Complicated stuff, so highly appreciated! Reviewed-by: David Hildenbrand <david@xxxxxxxxxx> -- Thanks, David
