On 26/09/19 10:59, Maxim Levitsky wrote:
If you mean to ask if there is a way to let guest access use no
paging at all, that is access host physical addresses directly, then
indeed there is no way, since regular non 'unrestricted guest' mode
required both protected mode and paging, and 'unrestricted guest'
requires EPT. Academically speaking it is of course possible to
create paging tables that are 1:1...
Not so academically, it's exactly what KVM does. However, indeed it
would also be possible to switch out of EPT mode when CR0.PG=0. I'm not
sure why it was done this way, maybe when the code was written it was
simpler to use the identity map.
Let's see if Avi is listening... :)