On 10/04/19 13:16, Liran Alon wrote: > > In fact, I think that we currently also others KVM module parameters that should actually be controlled on a per-VM basis. > I will include in this list the following: > 1) ignore_msrs > 2) enable_vmware_backdoor > 3) kvmclock_periodic_sync > 4) force_emulation_prefix > 5) fasteoi > 6) vmentry_l1d_flush I agree about 1/2/3. 6 is about security and it allows leaking host data, so absolutely not. 4 is about debugging so it's not a big deal. Regarding 5, in theory it may make sense but in practice I don't think a guest that does not support fasteoi has ever materialized, and it's not needed on more recent (APICv, by now it's been more than 5 years) server hardware. Paolo
