On 09/07/2018 11:02, Tianyu Lan wrote: > +static void check_ept_pointer(struct kvm_vcpu *vcpu, u64 eptp) > +{ > + struct kvm *kvm = vcpu->kvm; > + u64 tmp_eptp = INVALID_PAGE; > + int i; > + > + if (!kvm_x86_ops->tlb_remote_flush) > + return; > + > + spin_lock(&to_kvm_vmx(kvm)->ept_pointer_lock); > + to_vmx(vcpu)->ept_pointer = eptp; > + > + kvm_for_each_vcpu(i, vcpu, kvm) { > + if (!VALID_PAGE(tmp_eptp)) { > + tmp_eptp = to_vmx(vcpu)->ept_pointer; > + } else if (tmp_eptp != to_vmx(vcpu)->ept_pointer) { > + to_kvm_vmx(kvm)->ept_pointers_match = false; > + spin_unlock(&to_kvm_vmx(kvm)->ept_pointer_lock); > + return; > + } > + } > + > + to_kvm_vmx(kvm)->ept_pointers_match = true; > + spin_unlock(&to_kvm_vmx(kvm)->ept_pointer_lock); > +} > + Is there any reason to do the check here, rather than the first time the TLB flush is invoked? You could: - have a tristate (true, false, check) value for ept_pointers_match - reset it to "check" in vmx_set_cr3 - set it to either true or false in tlb_remote_flush if it is check, and do the hypercall if it is true. Paolo