On 22/11/2017 19:04, Jim Mattson wrote: > I believe this change is incorrect, for a couple of reasons. > (1) The VMX capability MSRs are static. Once they have been observed > by L1, they cannot be changed. Doing so would be a violation of the > architectural specification. IIUC, vmx_refresh_apicv_exec_ctrl() may > be executed after L1 has observed the values of the VMX capability > MSRs, because there are no restrictions on when userspace can make the > KVM_ENABLE_CAP ioctl. This is technically true, but I think we can say comfortably that it makes little sense and userspace Should Not Have Done It. > (2) I don't believe that enabling Hyper-V SynIC support for L1 > precludes the use of the advanced APIC virtualization features for the > execution of L2. This is true. Paolo
