On 18/10/2017 12:18, Kang, Luwei wrote: >> Nested virtualization is interesting. We would like the nested >> hypervisor to be forced to set the "use GPA for processor tracing" >> secondary execution control whenever "enable EPT" is set and >> RTIT_CTL is nonzero. There is no way to encode that in >> IA32_VMX_PROCBASED_CTLS2, however. It would be nice if Intel could >> reserve a bit in IA32_VMX_EPT_VPID_CAP for KVM to express that >> constraint. > > Do you mean if nested hypervisor get the capability of "Guest PT use > GPA" and EPT has enable. Highly recommend nested hypervisor set " > Guest PT use GPA " as well. Well, it's required more than recommended. However, it's only required if "enable EPT" is set and RTIT_CTL is nonzero. > If nested hypervisor is also KVM, "use GPA for processor tracing" > will be set for sure. But other hypervisor may not do that. So, we'd > better add a flag in IA32_VMX_EPT_VPID_CAP to express that > constraint. Correct. The constraint would be: * RTIT_CTL on entry is zero if EPT is disabled * RTIT_CTL on entry is zero if EPT is enabled and "Guest PT uses GPA" is zero Maybe IA32_VMX_EPT_VPID_CAP is not the best place. I'll let Intel decide that. Paolo
