On 13/07/2018 18:56, speck for Andrew Cooper wrote:
>> VMENTER operations from the nested hypervisor into the nested guest
>> will always be processed by the bare metal hypervisor.  Therefore,
>> when running as a nested hypervisor, doing L1D cache flushes on vmentry
>> will result in twice the work and twice the slowdown, for no benefit.
> Only if your outer hypervisor says so by setting MSR_ARCH_CAPS.VMENTRY_NO
> 
> In all other circumstances, it is not safe to make this assumption.

That is indeed yet another case to check.

However, for the nested case specifically, wouldn't the nested
hypervisor be doomed anyway, if the bare metal hypervisor can do all
kind of stuff between your L1D flush and the actual vmentry?

Paolo