Re: [PATCH] kvm: vmx: Sync all matching EPTPs when injecting nested EPT fault

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Aug 10, 2021 at 10:52 AM Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote:
>
> On 10/08/21 01:33, Sean Christopherson wrote:
> > On Fri, Aug 06, 2021, Junaid Shahid wrote:
> >> When a nested EPT violation/misconfig is injected into the guest,
> >> the shadow EPT PTEs associated with that address need to be synced.
> >> This is done by kvm_inject_emulated_page_fault() before it calls
> >> nested_ept_inject_page_fault(). However, that will only sync the
> >> shadow EPT PTE associated with the current L1 EPTP. Since the ASID
> >
> > For the changelog and the comment, IMO using "vmcs12 EPTP" instead of "L1 EPTP"
> > would add clarity.  I usually think of "L1 EPTP" as vmcs01->eptp and "L2 EPTP"
> > as vmcs02->EPTP.  There are enough EPTPs in play with nested that it'd help to
> > be very explicit.
>
> Or more briefly "EPT12".

Sounds good.

>
> >> is based on EP4TA rather than the full EPTP, so syncing the current
> >> EPTP is not enough. The SPTEs associated with any other L1 EPTPs
> >> in the prev_roots cache with the same EP4TA also need to be synced.
> >
> > No small part of me wonders if we should disallow duplicate vmcs12 EP4TAs in a
> > single vCPU's root cache, e.g. purge existing roots with the same pgd but
> > different role.  INVEPT does the right thing, but that seems more coincidental
> > than intentional.
> >
> > Practically speaking, this only affects A/D bits.  Wouldn't a VMM need to flush
> > the EP4TA if it toggled A/D enabling in order to have deterministic behavior?
> > In other words, is there a real world use case for switching between EPTPs with
> > same EP4TAs but different properties that would see a performance hit if KVM
> > purged unusable cached roots with the same EP4TA?
>
> Probably not, but the complexity wouldn't be much different.
>

I also don't know of a real world use case like that, so either way
would work. But I agree that it likely wouldn't be that much simpler.
So I guess I'll just send a v2 with the clearer terminology, unless
anyone really prefers disallowing duplicate EP4TAs in the root cache.

Thanks,
Junaid
[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux