On 03/10/19 18:19, Jim Mattson wrote:
> I was actually looking at the code a few lines lower:
>
> if (!invpcid_enabled) {
> exec_control &= ~SECONDARY_EXEC_ENABLE_INVPCID;
> guest_cpuid_clear(vcpu, X86_FEATURE_INVPCID);
> }
>
> The call to guest_cpuid_clear *does* disallow enumerating INVPCID if
> PCID isn't also enumerated. I'm just wondering why we bothered, since
> we do so little sanitization of guest CPUID.
Ah, that's because when INVPCID is disabled in VMX the behavior of
INVPCID is different from when !INVPCID in CPUID even if CR4.PCIDE=0
(#UD vs. #GP or #PF).
Paolo
