On Mon, Oct 1, 2018 at 5:56 AM, Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote: > On 06/09/2018 18:06, Jim Mattson wrote: >> On Thu, Sep 6, 2018 at 6:32 AM, Liran Alon <liran.alon@xxxxxxxxxx> wrote: >>> If CPU use both VPID and EPT, TLB entries populated by CPU are tagged >>> with both EPTP and VPID. Therefore, if L1 uses EPT, L2 TLB entries >>> are separated from L1 TLB entries by the EPTP tags as vmcs02 use >>> EPTP02 while vmcs01 use EPTP01. >>> >>> Thus, we don't need to make sure that vmcs02->vpid != vmcs01->vpid. >>> Therefore, we can just set vmcs02->vpid to vmcs12->vpid. >>> >>> Reviewed-by: Mihai Carabas <mihai.carabas@xxxxxxxxxx> >>> Reviewed-by: Darren Kenny <darren.kenny@xxxxxxxxxx> >>> Reviewed-by: Nikita Leshchenko <nikita.leshchenko@xxxxxxxxxx> >>> Signed-off-by: Liran Alon <liran.alon@xxxxxxxxxx> >> >> I suggested this back in July, but Paolo didn't like it. I still like it. :-) >> >> Reviewed-by: Jim Mattson <jmattson@xxxxxxxxxx> > > The problem with this is still the same as in July, namely that if all > guests (at any level) share the VPID space, then L1 can force an > invalidation of any VPID (and thus slow down execution of other guests, > including siblings of L1) through INVVPID. Can't L1 already do this by filling the TLB with its own entries, thereby evicting its siblings' entries?
