RE: [PATCH 0/9] Intel Processor Trace virtulization enabling

[Kang, Luwei]

> > HI Paolo, Thanks for your clarify. Have understood. So, we should set
> > "use GPA for processor tracing" in any way( if we can do it) even in
> > system mode. There don't have problem in no nested but have problem in
> > nested if not set this bit. Still talking with  hardware designer but
> > please don't expect it can be change in SDM or hardware(fail vmentry
> > if they are not respected) soon.
> 
> No change in hardware is needed.
> 
> What I'm asking for is to define a bit in some architectural MSR such that, _if the bit is 1_, you must have one of:
> 
> - RTIT_CTL = 0
> 
> - enable EPT = 0
> 
> - enable EPT = use GPA for processor tracing = 1, RTIT_CTL != 0
> 
> or vmentry would fail.
> 
> If the bit is 1 and RTIT_CTL = 0 and enable EPT = 1 and use GPA for processor tracing = 0, the hypervisor must trap RTIT_CTL writes
> or behavior is undefined.
> 
> Processors would just set it to 0 and have absolutely no change in behavior.
> 

Get it. Will update with you when hardware designer have any response.

> > So, can we enable it in L1
> > guest only first?  I think it is not worth to disable EPT for L1 to
> > enable intel PT. what is your opinion?
> 
> Yes, we can enable it.  But since KVM sets IA32_VMX_MISC[14]=0, your patches must forbid enabling processor trace during VMX
> operation.

L1 hypervisor can't  get the capability of " TraceEn can be set in VMX operation (IA32_VMX_MISC[bit 14] is 0)" and set it to 0.
We need to trap whether L1 hypervisor have enable VMXON, and forbid enable PT when vmxon. Is that right? Or have something else?

Thanks,
Luwei Kang

> 
> (In fact, another source of complexity is that we'd have to write the VMPTRLD packet ourselves to the guest's processor trace
> buffer).
> 
> Paolo