Isn't McAfee DeepSAFE defunct? Are there any other consumers of EPTP switching? On Thu, Jun 29, 2017 at 4:29 PM, Bandan Das <bsd@xxxxxxxxxx> wrote: > These patches expose eptp switching/vmfunc to the nested hypervisor. Testing with > kvm-unit-tests seems to work ok. > > If the guest hypervisor enables vmfunc/eptp switching, a "shadow" eptp list > address page is written to the VMCS. Initially, it would be unpopulated which > would result in a vmexit with exit reason 59. This hooks to handle_vmfunc() > to rewrite vmcs12->ept_pointer to reload the mmu and get a new root hpa. > This new shadow ept pointer is written to the shadow eptp list in the given > index. A next vmfunc call to switch to the given index would succeed without > an exit. > > Bandan Das (2): > KVM: nVMX: Implement EPTP switching for the L1 hypervisor > KVM: nVMX: Advertise VMFUNC to L1 hypervisor > > arch/x86/include/asm/vmx.h | 9 ++++ > arch/x86/kvm/vmx.c | 122 +++++++++++++++++++++++++++++++++++++++++++++ > 2 files changed, 131 insertions(+) > > -- > 2.9.4 >
