Re: [PATCH] KVM/VMX: Check ept_pointer before flushing ept tlb

[Tianyu Lan]

On 11/7/2018 6:49 PM, Vitaly Kuznetsov wrote:
> Tianyu Lan <ltykernel@xxxxxxxxx> writes:
>
> > Hi Vitaly:
> > 	Thanks for your review.
> >
> > On 11/6/2018 11:50 PM, Vitaly Kuznetsov wrote:
> > > ltykernel@xxxxxxxxx writes:
> > >
> > > > From: Lan Tianyu <Tianyu.Lan@xxxxxxxxxxxxx>
> > > >
> > > > This patch is to initialize ept_pointer to INVALID_PAGE and check it
> > > > before flushing ept tlb. If ept_pointer is invalidated, bypass the flush
> > > > request.
> > >
> > > To be honest I fail to understand the reason behind the patch: instead
> > > of doing one unneeded flush request with ept_pointer==0 (after vCPU is
> > > initialized) we now do the check every time. Could you please elaborate
> > > on why this is needed?
> >
> > The reason to introduce the check here is to avoid flushing ept tlb
> > without valid ept table. When nested guest boots up and only BP is
> > active, we should not do flush for APs and L1 hypervisor hasn't set
> > valid EPT table for APs.
>
> Yes, I understand that but I'm trying to avoid additional checks on
> hotpath as during normal operation EPT pointer is always set.
>
> Could we just initialize ept_pointers_match to something like
> EPT_POINTERS_NOTSET and achive the same result?

vmx->ept_pointers_match presents match status of all vcpus' ept table. 
EPT_POINTER_NOSET should be per cpu status and so I select ept_pointer 
as check condition.

BTW, I think we may remove the check for match case which is normal 
status and all ept pointers should be set at that point. Mismatch status 
should be corner case when VM runs and this will not affect a lot.