> On 10 Apr 2019, at 15:03, Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote: > > On 10/04/19 13:16, Liran Alon wrote: >> >> In fact, I think that we currently also others KVM module parameters that should actually be controlled on a per-VM basis. >> I will include in this list the following: >> 1) ignore_msrs >> 2) enable_vmware_backdoor >> 3) kvmclock_periodic_sync >> 4) force_emulation_prefix >> 5) fasteoi >> 6) vmentry_l1d_flush > > I agree about 1/2/3. 6 is about security and it allows leaking host > data, so absolutely not. 4 is about debugging so it's not a big deal. > Regarding 5, in theory it may make sense but in practice I don't think a > guest that does not support fasteoi has ever materialized, and it's not > needed on more recent (APICv, by now it's been more than 5 years) server > hardware. > > Paolo Hmm yes I agree with all you say here. :) -Liran
