On Mon, Jul 29, 2013 at 01:33:26PM +0200, Paolo Bonzini wrote: > Il 29/07/2013 13:11, Gleb Natapov ha scritto: > > > > + nested_vmx_ept_caps &= vmx_capability.ept; > > > > > > This is always missing VMX_EPT_EXECUTE_ONLY_BIT, should it be added > > > before the "&=". > > > > I am not at all sure our current shadow implementation can support > > execute only pages. Best to leave it off for now. > > Ok, I was tricked by this reference to nested_vmx_ept_caps's execonly bit: > > + int r = kvm_init_shadow_ept_mmu(vcpu, &vcpu->arch.mmu, > + nested_vmx_ept_caps & VMX_EPT_EXECUTE_ONLY_BIT); > > It's probably best to add a comment there, saying that the bit will > always be zero for now. > > >> Also, the three extent bits should always be fine for the MSR, > >> independent of the host support, because the processor will do the > >> INVEPT vmexit before checking the INVEPT type against the processor > >> capabilities. So they can be added after the "&=". > >> > > Good point. > > For v5 you probably should leave out individual-addr invalidation from > this and the EPT patch too, though. > Of course. The define should not be introduces again. -- Gleb. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
