Sounds good to me.
On Mon, Jul 23, 2018 at 11:22 AM Roman Kagan <rkagan@xxxxxxxxxxxxx> wrote:
On Fri, Jul 20, 2018 at 06:07:01PM +0200, Paolo Bonzini wrote:
> On 19/07/2018 21:44, Jim Mattson wrote:
> > If we're using nested EPT, why not do away with this allocation
> > altogether, and just use the vpid from vmcs12? The TLB is tagged by
> > {PCID, EP4TA, VPID}, and the shadow EP4TA will be different from any
> > L1 EP4TA.
>
> For correctness that's true, but INVEPT and INVVPID would impact
> performance of L1 and especially of other guests sharing the host with L1.
>
> In particular, we map an all-context INVVPID from L1 to a single-context
> INVVPID on the vpid02. I think we could also replace the
> KVM_REQ_TLB_FLUSH in INVEPT with a single-context INVVPID; the
> "kvm_make_request(KVM_REQ_TLB_FLUSH, vcpu)" in handle_invept in fact
> doesn't make much sense.
I'll be unavailable for a couple of weeks starting the coming Wednesday
so I won't be able to work on this.
Meanwhile this leak is real, and the failures to run nested guests are
not very easy to diagnose, so, unless there's someone else ready to do a
better fix, it may make sense to consider my patch short term and
revisit it later with a cleaner solution.
What do you think?
Roman.