On 24/08/2017 17:41, Jim Mattson wrote: > Userspace can establish the value of the virtualized > IA32_VMX_PROCBASED_CTLS2 MSR via the KVM_SET_MSRS ioctl, which goes > through vms_set_vmx_msr. But maybe that's not important, since > features can only be disabled on that path. Yeah, I was only thinking of non-nested in the commit message. It's complicated enough. :) Paolo > On Thu, Aug 24, 2017 at 8:25 AM, Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote: >> On 24/08/2017 16:47, Jim Mattson wrote: >>>> Currently, secondary execution controls are divided in three groups: >>>> >>>> - static, depending mostly on the module arguments or the processor >>>> (vmx_secondary_exec_control) >>>> >>>> - static, depending on CPUID (vmx_cpuid_update) >>> There should also be: >>> >>> - static, depending on guest VMX capability MSRs (vmx_set_vmx_msr) >> Can you explain what you mean? >> >> Paolo
