Sean Christopherson <seanjc@xxxxxxxxxx> writes: > On Thu, Jul 07, 2022, Jim Mattson wrote: >> On Thu, Jul 7, 2022 at 12:30 PM Sean Christopherson <seanjc@xxxxxxxxxx> wrote: >> > >> > On Thu, Jul 07, 2022, Vitaly Kuznetsov wrote: >> > > Jim Mattson <jmattson@xxxxxxxxxx> writes: >> > > >> > > > On Wed, Jun 29, 2022 at 8:07 AM Vitaly Kuznetsov <vkuznets@xxxxxxxxxx> wrote: >> > > >> >> > > >> From: Sean Christopherson <seanjc@xxxxxxxxxx> >> > > >> >> > > >> Clear the CR3 and INVLPG interception controls at runtime based on >> > > >> whether or not EPT is being _used_, as opposed to clearing the bits at >> > > >> setup if EPT is _supported_ in hardware, and then restoring them when EPT >> > > >> is not used. Not mucking with the base config will allow using the base >> > > >> config as the starting point for emulating the VMX capability MSRs. >> > > >> >> > > >> Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx> >> > > >> Signed-off-by: Vitaly Kuznetsov <vkuznets@xxxxxxxxxx> >> > > > Nit: These controls aren't "obsoleted" by EPT; they're just no longer >> > > > required. > > Actually, they're still required if unrestricted guest isn't supported. > >> > Isn't that the definition of "obsolete"? They're "no longer in use" when KVM >> > enables EPT. >> >> There are still reasons to use them aside from shadow page table >> maintenance. For example, malware analysis may be interested in >> intercepting CR3 changes to track process context (and to >> enable/disable costly monitoring). EPT doesn't render these events >> "obsolete," because you can't intercept these events using EPT. > > Fair enough, I was using "EPT" in the "KVM is using EPT" sense. But even that's > wrong as KVM intercepts CR3 accesses when EPT is enabled, but unrestricted guest > is disabled and the guest disables paging. > > Vitaly, since the CR3 fields are still technically "needed", maybe just be > explicit? > > KVM: VMX: Adjust CR3/INVPLG interception for EPT=y at runtime, not setup > Sounds good, adjusted! -- Vitaly
