On 04/09/19 15:49, Yang Weijiang wrote: >>> This would not enable SPP if the guest is backed by huge pages. >>> Instead, either the PT_PAGE_TABLE_LEVEL level must be forced for all >>> pages covered by SPP ranges, or (better) kvm_enable_spp_protection must >>> be able to cover multiple pages at once. >>> >>> Paolo >> OK, I'll figure out how to make it, thanks! > Hi, Paolo, > Regarding this change, I have some concerns, splitting EPT huge page > entries(e.g., 1GB page)will take long time compared with normal EPT page > fault processing, especially for multiple vcpus/pages,so the in-flight time increases, > but HW walks EPT for translations in the meantime, would it bring any side effect? > or there's a way to mitigate it? Sub-page permissions are only defined on EPT PTEs, not on large pages. Therefore, in order to allow subpage permissions the EPT page tables must already be split. Paolo
