On 14/08/19 09:04, Yang Weijiang wrote: > + > + if (vcpu->kvm->arch.spp_active && level == PT_PAGE_TABLE_LEVEL) > + kvm_enable_spp_protection(vcpu->kvm, gfn); > + This would not enable SPP if the guest is backed by huge pages. Instead, either the PT_PAGE_TABLE_LEVEL level must be forced for all pages covered by SPP ranges, or (better) kvm_enable_spp_protection must be able to cover multiple pages at once. Paolo
