> On 26 Jul 2019, at 20:22, Jim Mattson <jmattson@xxxxxxxxxx> wrote: > > When using EPT, why does kvm intercept MOV to/from CR3 when paging is > disabled in the guest? It doesn't seem necessary to me, but perhaps I > am missing something. > > I'm referring to this code in ept_update_paging_mode_cr0(): > > exec_controls_setbit(vmx, CPU_BASED_CR3_LOAD_EXITING | > CPU_BASED_CR3_STORE_EXITING); > > Thanks! Note that ept_update_paging_mode_cr0() is called only in case (enable_ept && !enable_unrestricted_guest). Even though function name doesn’t imply this… When unrestricted-guest is not enabled, KVM runs a vCPU with paging disabled, with paging enabled in VMCS and CR3 of ept_identity_map_addr. See how it is initialised at init_rmode_identity_map(). -Liran
