On 23/10/2017 10:01, Kang, Luwei wrote: > >>> So, can we enable it in L1 >>> guest only first? I think it is not worth to disable EPT for L1 to >>> enable intel PT. what is your opinion? >> Yes, we can enable it. But since KVM sets IA32_VMX_MISC[14]=0, your patches must forbid enabling processor trace during VMX >> operation. > > L1 hypervisor can't get the capability of " TraceEn can be set in > VMX operation (IA32_VMX_MISC[bit 14] is 0)" and set it to 0. We need > to trap whether L1 hypervisor have enable VMXON, and forbid enable PT > when vmxon. Is that right? Or have something else? Correct. I don't have the SDM at hand, so I'm not sure what happens if you do a VMXON while TraceEn is 1. However, that has to be handled as well. Paolo
