x86/EPT: defer enabling of A/D maintenance until PML get enabled

There's no point in enabling the extra feature for every domain when
we're not meaning to use it (yet). Just setting the flag should be
sufficient - the domain is required to be paused for PML enabling
anyway, i.e. hardware will pick up the new setting the next time
each vCPU of the guest gets scheduled.

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Cc: Kai Huang <kai.huang@xxxxxxxxxxxxxxx>
---
VT-x maintainers, Kai: Me lacking the hardware to test this, may I ask
for your help here?

--- a/xen/arch/x86/mm/p2m-ept.c
+++ b/xen/arch/x86/mm/p2m-ept.c
@@ -1127,6 +1127,7 @@ void ept_sync_domain(struct p2m_domain *
 
 static void ept_enable_pml(struct p2m_domain *p2m)
 {
+    p2m->ept.ept_ad = 1;
     /*
      * No need to check if vmx_domain_enable_pml has succeeded or not, as
      * ept_p2m_type_to_flags will do the check, and write protection will be
@@ -1137,6 +1138,7 @@ static void ept_enable_pml(struct p2m_do
 
 static void ept_disable_pml(struct p2m_domain *p2m)
 {
+    p2m->ept.ept_ad = 0;
     vmx_domain_disable_pml(p2m->domain);
 }
 
@@ -1164,8 +1166,6 @@ int ept_p2m_init(struct p2m_domain *p2m)
 
     if ( cpu_has_vmx_pml )
     {
-        /* Enable EPT A/D bits if we are going to use PML. */
-        ept->ept_ad = cpu_has_vmx_pml ? 1 : 0;
         p2m->enable_hardware_log_dirty = ept_enable_pml;
         p2m->disable_hardware_log_dirty = ept_disable_pml;
         p2m->flush_hardware_cached_dirty = ept_flush_pml_buffers;