On 26/09/19 10:59, Maxim Levitsky wrote: > If you mean to ask if there is a way to let guest access use no > paging at all, that is access host physical addresses directly, then > indeed there is no way, since regular non 'unrestricted guest' mode > required both protected mode and paging, and 'unrestricted guest' > requires EPT. Academically speaking it is of course possible to > create paging tables that are 1:1...
Not so academically, it's exactly what KVM does. However, indeed it would also be possible to switch out of EPT mode when CR0.PG=0. I'm not sure why it was done this way, maybe when the code was written it was simpler to use the identity map. Let's see if Avi is listening... :) Paolo
