On 23/07/2018 20:22, Roman Kagan wrote:
> On Fri, Jul 20, 2018 at 06:07:01PM +0200, Paolo Bonzini wrote:
>> On 19/07/2018 21:44, Jim Mattson wrote:
>>> If we're using nested EPT, why not do away with this allocation
>>> altogether, and just use the vpid from vmcs12? The TLB is tagged by
>>> {PCID, EP4TA, VPID}, and the shadow EP4TA will be different from any
>>> L1 EP4TA.
>>
>> For correctness that's true, but INVEPT and INVVPID would impact
>> performance of L1 and especially of other guests sharing the host with L1.
>>
>> In particular, we map an all-context INVVPID from L1 to a single-context
>> INVVPID on the vpid02. I think we could also replace the
>> KVM_REQ_TLB_FLUSH in INVEPT with a single-context INVVPID; the
>> "kvm_make_request(KVM_REQ_TLB_FLUSH, vcpu)" in handle_invept in fact
>> doesn't make much sense.
>
> I'll be unavailable for a couple of weeks starting the coming Wednesday
> so I won't be able to work on this.
>
> Meanwhile this leak is real, and the failures to run nested guests are
> not very easy to diagnose, so, unless there's someone else ready to do a
> better fix, it may make sense to consider my patch short term and
> revisit it later with a cleaner solution.
>
> What do you think?
Yes, your patch is already in kvm/master. :)
Paolo
