----- Original Message ----- > From: "Jim Mattson" <jmattson@xxxxxxxxxx> > To: "Bandan Das" <bsd@xxxxxxxxxx> > Cc: "kvm list" <kvm@xxxxxxxxxxxxxxx>, "Paolo Bonzini" <pbonzini@xxxxxxxxxx>, "LKML" <linux-kernel@xxxxxxxxxxxxxxx> > Sent: Friday, June 30, 2017 7:06:43 PM > Subject: Re: [PATCH 0/2] Expose VMFUNC to the nested hypervisor > > Isn't McAfee DeepSAFE defunct? Are there any other consumers of EPTP > switching? Xen can use it optionally, and #VE as well. Paolo > On Thu, Jun 29, 2017 at 4:29 PM, Bandan Das <bsd@xxxxxxxxxx> wrote: > > These patches expose eptp switching/vmfunc to the nested hypervisor. > > Testing with > > kvm-unit-tests seems to work ok. > > > > If the guest hypervisor enables vmfunc/eptp switching, a "shadow" eptp list > > address page is written to the VMCS. Initially, it would be unpopulated > > which > > would result in a vmexit with exit reason 59. This hooks to handle_vmfunc() > > to rewrite vmcs12->ept_pointer to reload the mmu and get a new root hpa. > > This new shadow ept pointer is written to the shadow eptp list in the given > > index. A next vmfunc call to switch to the given index would succeed > > without > > an exit. > > > > Bandan Das (2): > > KVM: nVMX: Implement EPTP switching for the L1 hypervisor > > KVM: nVMX: Advertise VMFUNC to L1 hypervisor > > > > arch/x86/include/asm/vmx.h | 9 ++++ > > arch/x86/kvm/vmx.c | 122 > > +++++++++++++++++++++++++++++++++++++++++++++ > > 2 files changed, 131 insertions(+) > > > > -- > > 2.9.4 > > >