Userspace can establish the value of the virtualized IA32_VMX_PROCBASED_CTLS2 MSR via the KVM_SET_MSRS ioctl, which goes through vms_set_vmx_msr. But maybe that's not important, since features can only be disabled on that path. On Thu, Aug 24, 2017 at 8:25 AM, Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote: > On 24/08/2017 16:47, Jim Mattson wrote: >>> Currently, secondary execution controls are divided in three groups: >>> >>> - static, depending mostly on the module arguments or the processor >>> (vmx_secondary_exec_control) >>> >>> - static, depending on CPUID (vmx_cpuid_update) >> There should also be: >> >> - static, depending on guest VMX capability MSRs (vmx_set_vmx_msr) > > Can you explain what you mean? > > Paolo
