> On 20 Nov 2019, at 17:05, Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote: > > On 20/11/19 15:33, Liran Alon wrote: >> "Virtualize APIC accesses" VM-execution control was changed >> from 0 to 1, OR the value of apic_access_page was changed. >> >> Examining prepare_vmcs02(), one could note that L0 won't flush >> physical TLB only in case: L0 use VPID, L1 use VPID and L0 >> can guarantee TLB entries populated while running L1 are tagged >> differently than TLB entries populated while running L2. >> The last condition can only occur if either L0 use EPT or >> L0 use different VPID for L1 and L2 >> (i.e. vmx->vpid != vmx->nested.vpid02). >> >> If L0 use EPT, L0 use different EPTP when running L2 than L1 >> (Because guest_mode is part of mmu-role) and therefore SDM section >> 28.3.3.4 doesn't apply. Otherwise, L0 use different VPID when >> running L2 than L1 and therefore SDM section 28.3.3.3 doesn't >> apply. > > I don't understand this. You could still have a stale EPTP entry from a > previous L2 vmenter. If L1 uses neither EPT nor VPID, it expects a TLB > flush to occur on every vmentry, but this won't happen if L0 uses EPT. I don’t seem to get your concern. In case L1 don’t use VPID, prepare_vmcs02() will request KVM_REQ_TLB_FLUSH. (As it needs to emulate to L1 that on every L1<->L2 switch, the entire physical TLB is flushed) As explained in commit message. > > Paolo
