On Wed, Oct 3, 2018 at 9:54 AM, Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote: > On 03/10/2018 18:36, Jim Mattson wrote: >> It seems that the best way to mock up an older CPU that doesn't >> support FlexPriority is to: >> (a) intercept RDMSR of IA32_VMX_PROCBASED_CTLS2 and clear bit 0 of %rdx, and >> (b) intercept VMWRITE to the secondary processor-based VM-execution >> controls field and emulate VMfail when a 1 is written to bit 0. > > Not VMWRITE, but VMLAUNCH/VMRESUME I suppose? The patch that I sent > this morning adds exactly these two things to the flexpriority parameter > (actually only the MSR has to be changed, because execution controls are > checked against the MSR values and changing them fixes (b) as well). You're right, of course. VMLAUNCH/VMRESUME would be the place to check. > But it's not clear, are you suggesting to use nested virtualization > (using "intercept" makes me think of nested)? That also introduces the > possible bugs (and hidden bugs) from nesting, so it is worse than the > module parameter. No, not at all. I'm suggesting adopting a convention where all RDMSRs of IA32_VMX_PROCBASED_CTLS2 are done through a single function that can mock up an older CPU based on module parameters. Similarly for VMLAUNCH/VMRESUME.
