On Wed, Aug 07, 2013 at 03:32:37PM +0200, Paolo Bonzini wrote: > >>>>>diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c > >>>>>index 44494ed..60a3644 100644 > >>>>>--- a/arch/x86/kvm/vmx.c > >>>>>+++ b/arch/x86/kvm/vmx.c > >>>>>@@ -3375,8 +3375,10 @@ static void vmx_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3) > >>>>> if (enable_ept) { > >>>>> eptp = construct_eptp(cr3); > >>>>> vmcs_write64(EPT_POINTER, eptp); > >>>>>- guest_cr3 = is_paging(vcpu) ? kvm_read_cr3(vcpu) : > >>>>>- vcpu->kvm->arch.ept_identity_map_addr; > >>>>>+ if (is_paging(vcpu) || is_guest_mode(vcpu)) > >>>>>+ guest_cr3 = kvm_read_cr3(vcpu) : > >>>>>+ else > >>>>>+ guest_cr3 = vcpu->kvm->arch.ept_identity_map_addr; > >>>>> ept_load_pdptrs(vcpu); > >>>>> } > >>>>> > >>>>That what I am thinking, will think about it some more tomorrow. > >>> > >>>OK, and I'll feed it into a local test. > >>> > >>Thought about is some more. So without nested unrestricted guest (nUG) > >>is_paging() will always be true (since without nUG guest entry is not > >>possible otherwise) and guest's cr3 will be used, but with nUG identity > >>map is not used (that is why L2 still works even though wrong identity > >>map pointer is assigned to cr3), so the code here just corrupts nested > >>guest's cr3 for no reason and that is why you had to use kvm_read_cr3() > >>in prepare_vmcs12() to get correct cr3 value. The patch above should be > >>used instead of original one IMO. How is testing going? > > > >Yes, testing worked fine. I've queued above patch and will send it out > >within the next round. > > Just reply here with the commit message you desire and > Signed-off-by, so I can queue it for people who wish to play with > nEPT. > I would love to have a comment there too :) -- Gleb. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html