On 01/07/2017 09:29, Peter Feiner wrote: > You're right: this is busted. I wrote these patches before you > implemented EPT A/D nesting (i.e., PML was moot for guest mode). > > I think the patch hunk can go away entirely actually. As long as PML > is enabled, it's ok to flush the buffer. The interesting case is when > the vcpu is in guest mode with EPT A/D disabled. In this case, L0's > PML isn't filled while L2 runs because EPT A/D is disabled in the > vmcs02 (thanks to this patch), so there's nothing in the buffer! That was my thought too. > It's troubling is that there's no test case covering L0's use of PML + > nesting. Stress testing live migrations of L1 hypervisors (and > implicitly their L2 guests) is one way of doing it, but it's pretty > clumsy. A tightly coupled L0 userspace, L1 and L2 guests would be the > way to go because you could just coordinate ioctls with guest memory > accesses. Indeed. We need to do api/-style testing of nested virt. Paolo
