Re: [PATCH v2] KVM: x86: Implement PCID/INVPCID for guests with EPT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, May 14, 2012, Marcelo Tosatti wrote about "Re: [PATCH v2] KVM: x86: Implement PCID/INVPCID for guests with EPT":
> > +	 * Enable INVPCID for non-ept guests may cause performance regression,
> > +	 * and without INVPCID, PCID has little benefits. So disable them all
> > +	 * for non-ept guests.
> > +	 *
> > +	 * PCID is not supported for nested guests yet.
> > +	 */
> > +	return enable_ept && (boot_cpu_data.x86_capability[4] & bit(X86_FEATURE_PCID)) && !cpu_has_hypervisor;
> > +}
> 
> The comment Avi made was regarding running a nested guest, not running
> _as_ a nested guest (which is what cpu_has_hypervisor is about).
> 
> You can disable INVPCID exec control (which #UDs), if its in Level-2
> guest mode (see if_guest_mode()), and restore the Level-1 value when
> leaving nested mode.


I also don't understand the !cpu_has_hypervisor thing. Regarding
running a nested guest - the code in prepare_vmcs02() sets (among other
things) secondary exec controls used to run the L2 guest. It mostly
"or"s the bits requested by KVM (L0) and the guest (L1). So:

 1. If you think L0 mustn't run L2 with a certain bit, despite running L1
    with it (I didn't follow the reasoning why this is the case), you can
    specificially turn it off in that function (like we already do for
    SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES).

 2. The other thing that could theoretically happen is that L1 will ask
    to turn on this bit for L2 (I think this is the case you wanted to
    avoid). This *won't* happen, because we tell L1 via MSR which bits
    it is allowed to set on secondary controls (see
    nested_vmx_secondary_ctls_high), and currently this only includes
    SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES and
    SECONDARY_EXEC_ENABLE_EPT (the latter only for nested EPT), and enforce
    that L1 doesn't try to turn on more bits. 

-- 
Nadav Har'El                        |                   Tuesday, May 15 2012, 
nyh@xxxxxxxxxxxxxxxxxxx             |-----------------------------------------
Phone +972-523-790466, ICQ 13349191 |A bird in the hand is safer than one
http://nadav.harel.org.il           |overhead.
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux