I don't believe it is safe to share this bitmap across all vCPUs. For example, if one vCPU has x2APIC virtualization enabled in VMCS12, and its MSR permission bitmap gives its L2 unintercepted R/W acccess to MSR 0x808 (TPR), then the globally shared vmx_msr_bitmap_nested gives all L2's R/W access to MSR 0x808, whether or not their L1's have even enabled x2APIC virtualization in their VMCS12's. Potentially, an L2 could thereby gain access to L0's TPR. Perhaps I am missing something? -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
