> On May 12, 2025, at 5:32 PM, Sean Christopherson <seanjc@google.com> wrote:
>
> On Thu, Mar 13, 2025, Jon Kohler wrote:
>> Setup Intel Mode Based Execution Control (bit 22) for nested
>> guest, gated on module parameter enablement.
>
> *This* is the enablement patch. And it's not doing "Setup", it's advertising
> SECONDARY_EXEC_MODE_BASED_EPT_EXEC to userspace and allowing userspace to expose
> and advertise the feature to the guest.
Right you are! Thanks for the feedback on this bit, this was critical as I was
able to really simplify a lot of the series by focusing on this one bit. I’ve
made the commit log more verbose in v1, and moved both the L2 enablement (this
stuff) as well as the MMU enablement to this same corner of the world. Much
cleaner overall.
>> Signed-off-by: Jon Kohler <jon@nutanix.com>
>>
>> ---
>> arch/x86/kvm/vmx/nested.c | 4 ++++
>> 1 file changed, 4 insertions(+)
>>
>> diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
>> index 931a7361c30f..ce3a6d6dfce7 100644
>> --- a/arch/x86/kvm/vmx/nested.c
>> +++ b/arch/x86/kvm/vmx/nested.c
>> @@ -7099,6 +7099,10 @@ static void nested_vmx_setup_secondary_ctls(u32 ept_caps,
>> */
>> if (cpu_has_vmx_vmfunc())
>> msrs->vmfunc_controls = VMX_VMFUNC_EPTP_SWITCHING;
>> +
>> + if (enable_pt_guest_exec_control)
>> + msrs->secondary_ctls_high |=
>> + SECONDARY_EXEC_MODE_BASED_EPT_EXEC;
>
> Land this above the VMFUNC stuff so that more of the secondary_ctls_high code is
> clumped together.
Ack/done.
>> }
>>
>> /*
>> --
>> 2.43.0
>>
>