On 11/10/2011 05:14 PM, Nadav Har'El wrote: > On Thu, Nov 10, 2011, Avi Kivity wrote about "Re: [PATCH 01/10] nEPT: Module option": > > > By "this", do you mean without the "nested_ept" option, or without the > > > hypothetical "EPT on shadow page tables" feature? > > > > Er, both. The feature should be controlled on a per-guest basis, not > > per host. > >.. > > It's just redundant, since we do need a per-guest control. > > I agreed that per-guest control would have been nicer, but since we > don't have an API for specifying that per guest since EPT is not, > unfortunately, a CPUID feature, I thought that at least a host-level > flag would be useful. > > Why would it be useful? I agree it isn't the most important option since > sliced bread, but if, for example, one day we discover a bug with nested > EPT, L0 can disable it for all L1 guests and basically force them to use > shadow page tables on EPT. Or we just fix the bug. > It was also useful for me to have this option for benchmarking, because > I can force back the old shadow-on-EPT method with just a single option > in L0 (instead of needing to give "ept=0" option in L1s). When we have the per-guest controls, we can tell userspace to tell the kernel disable guest EPT. > If you really don't like the existance of this option, I can easily > remove it of course. Yes please. -- error compiling committee.c: too many arguments to function -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
