On 17/10/2017 19:29, Jim Mattson wrote: > Following the same line of reasoning, what if > vmx->nested.nested_vmx_secondary_ctls_high is 0 after clearing > SECONDARY_EXEC_ENABLE_VMFUNC? Does it make sense to report > CPU_BASED_ACTIVATE_SECONDARY_CONTROLS if we don't actually support any > of the secondary controls? All-zero is a valid value for secondary controls, so I think yes. Besides: 1) userspace can always get into a situation where there are no valid secondary controls but processor-based execution controls have bit 31 as 1-allowed; 2) I doubt that vmfunc can be the one bit that causes nested_vmx_secondary_ctls_high to become zero :) Paolo
