Re: [PATCH 0/9] Intel Processor Trace virtulization enabling

[Paolo Bonzini]

On 20/10/2017 02:22, Kang, Luwei wrote:
> HI Paolo, Thanks for your clarify. Have understood. So, we should set
> "use GPA for processor tracing" in any way( if we can do it) even in
> system mode. There don't have problem in no nested but have problem
> in nested if not set this bit. Still talking with  hardware designer
> but please don't expect it can be change in SDM or hardware(fail
> vmentry if they are not respected) soon.

No change in hardware is needed.

What I'm asking for is to define a bit in some architectural MSR such
that, _if the bit is 1_, you must have one of:

- RTIT_CTL = 0

- enable EPT = 0

- enable EPT = use GPA for processor tracing = 1, RTIT_CTL != 0

or vmentry would fail.

If the bit is 1 and RTIT_CTL = 0 and enable EPT = 1 and use GPA for
processor tracing = 0, the hypervisor must trap RTIT_CTL writes or
behavior is undefined.

Processors would just set it to 0 and have absolutely no change in behavior.

> So, can we enable it in L1
> guest only first?  I think it is not worth to disable EPT for L1 to
> enable intel PT. what is your opinion?

Yes, we can enable it.  But since KVM sets IA32_VMX_MISC[14]=0, your
patches must forbid enabling processor trace during VMX operation.

(In fact, another source of complexity is that we'd have to write the
VMPTRLD packet ourselves to the guest's processor trace buffer).

Paolo