There is a potential conflict here between KVM_SET_CPUID and KVM_SET_MSRS, if the two don't agree about the setting of the RDSEED-exiting "allowed-1" bit in the IA32_VMX_PROCBASED_CTLS2 MSR. But we already have that issue with the "allowed-1" bit for "enable RDTSCP," so this is nothing new. Surprisingly, we don't have that issue with the "allowed-1" setting for "enable INVPCID," because vmx_cpuid_update() doesn't make any attempt to update that bit. On Mon, Aug 21, 2017 at 10:01 AM, Jim Mattson <jmattson@xxxxxxxxxx> wrote: > Perhaps this change to vmx_cpuid_update is too simplistic, and it > should follow the pattern established for RDTSCP/INVPCID instead? > > On Mon, Aug 21, 2017 at 9:50 AM, David Hildenbrand <david@xxxxxxxxxx> wrote: >> On 21.08.2017 18:37, Jim Mattson wrote: >>> Right. If L1 doesn't support RDSEED, then the corresponding >>> "allowed-1" bit in the IA32_VMX_PROCBASED_CTLS2 MSR should be cleared. >>> I think vmx_cpuid_update is the right place for this. Note, however, >>> that prepare_vmcs02() should still respect L0's setting of this bit. >>> >> >> Right, now I also realize why you sent v2 (EXITING vs. !EXITING) :) >> >> >> -- >> >> Thanks, >> >> David
