[RFC PATCH 16/18] KVM: nVMX: Setup Intel MBEC in nested secondary controls
From: Jon Kohler
Date: Thu Mar 13 2025 - 16:15:39 EST
Setup Intel Mode Based Execution Control (bit 22) for nested
guest, gated on module parameter enablement.
Signed-off-by: Jon Kohler <jon@xxxxxxxxxxx>
---
arch/x86/kvm/vmx/nested.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index 931a7361c30f..ce3a6d6dfce7 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -7099,6 +7099,10 @@ static void nested_vmx_setup_secondary_ctls(u32 ept_caps,
*/
if (cpu_has_vmx_vmfunc())
msrs->vmfunc_controls = VMX_VMFUNC_EPTP_SWITCHING;
+
+ if (enable_pt_guest_exec_control)
+ msrs->secondary_ctls_high |=
+ SECONDARY_EXEC_MODE_BASED_EPT_EXEC;
}
/*
--
2.43.0