[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v4 00/10] Nested VMX: Add virtual EPT & VPID support to L1 VMM

Xiantao Zhang writes ("[Xen-devel] [PATCH v4 00/10] Nested VMX: Add virtual EPT 
& VPID support to L1 VMM"):
> From: Zhang Xiantao <xiantao.zhang@xxxxxxxxx>
> 
> With virtual EPT support, L1 hyerpvisor can use EPT hardware for L2 guest's 
> memory virtualization.
> In this way, L2 guest's performance can be improved sharply.
> According to our testing, some benchmarks can show > 5x performance gain.

I'm no expert on the areas of code you're touching, so perhaps you've
already done this, but:

I think there may need to be some high-level knob to turn this feature
on and off (probably, for individual guests).  This is because this
feature exposes a richer attack surface for guests (AFAICT).  I know
there's already a feature check for nested HVM, but I wonder if that's
enough.

I'd like to hear other people's opinions on this point.

Thanks,
Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.