On 11/11/19 16:24, Liran Alon wrote: >> Can you explain why the write shouldn't be done to vmcs02 as well? > > Because when L1 don’t use TPR-Shadow, L0 configures vmcs02 without TPR-Shadow. > Thus, writing to vmcs02->tpr_threshold doesn’t have any effect. > > If l1 do use TPR-Shadow, then VMX’s update_cr8_intercept() doesn’t write to vmcs at all, > because it means L1 defines a vTPR for L2 and thus doesn’t provide it direct access to L1 TPR. But I'm still not sure about another aspect of the patch. The write to vmcs01 can be done even if TPR_SHADOW was set in vmcs12, because no one takes care of clearing vmx->nested.l1_tpr_threshold. Should "vmx->nested.l1_tpr_threshold = -1;" be outside the if? Also, what happens to_vmx(vcpu)->nested.l1_tpr_threshold if the guest is migrated while L2 is running without TPR shadow? Perhaps it would be easier to just rerun update_cr8_intercept on nested_vmx_vmexit. Paolo
