Il 29/07/2013 13:11, Gleb Natapov ha scritto: > > > + nested_vmx_ept_caps &= vmx_capability.ept; > > > > This is always missing VMX_EPT_EXECUTE_ONLY_BIT, should it be added > > before the "&=". > > I am not at all sure our current shadow implementation can support > execute only pages. Best to leave it off for now. Ok, I was tricked by this reference to nested_vmx_ept_caps's execonly bit: + int r = kvm_init_shadow_ept_mmu(vcpu, &vcpu->arch.mmu, + nested_vmx_ept_caps & VMX_EPT_EXECUTE_ONLY_BIT); It's probably best to add a comment there, saying that the bit will always be zero for now. >> Also, the three extent bits should always be fine for the MSR, >> independent of the host support, because the processor will do the >> INVEPT vmexit before checking the INVEPT type against the processor >> capabilities. So they can be added after the "&=". >> > Good point. For v5 you probably should leave out individual-addr invalidation from this and the EPT patch too, though. Paolo -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
