On Thu, Nov 10, 2011, Avi Kivity wrote about "Re: [PATCH 08/10] nEPT: Nested INVEPT": > On 11/10/2011 12:01 PM, Nadav Har'El wrote: > > If we let L1 use EPT, we should probably also support the INVEPT instruction. >.. > > + if (vmcs12 && nested_cpu_has_ept(vmcs12) && > > + (vmcs12->ept_pointer == operand.eptp) && > > + vmx->nested.last_eptp02) > > + ept_sync_context(vmx->nested.last_eptp02); > > + else > > + ept_sync_global(); > > Are either of these needed? Won't a write to a shadowed EPT table cause > them anyway? This is very good point... You're right that as it stands, any changes to the guest EPT table (EPT12) will cause changes to the shadow EPT table (EPT02), and these already cause KVM to do an INVEPT, so no point to do this again when the guest asks. So basically, I can have INVEPT emulated by doing absolutely nothing (after checking all the checks), right? I wonder if I am missing any reason why a hypervisor might want to do INVEPT without changing the EPT12 table first. -- Nadav Har'El | Sunday, Dec 11 2011, nyh@xxxxxxxxxxxxxxxxxxx |----------------------------------------- Phone +972-523-790466, ICQ 13349191 |Why do programmers mix up Christmas and http://nadav.harel.org.il |Halloween? Because DEC 25 = OCT 31 -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
