> > > > +static void vmx_msr_intercept(struct kvm_vcpu *vcpu, unsigned
> > > > int
> > > > msr,
> > > > + bool enable)
> > > > +{
> > > > + struct vcpu_vmx *vmx = to_vmx(vcpu);
> > > > + unsigned long *msr_bitmap = vmx->vmcs01.msr_bitmap;
>
> Is KVMI intended to play nice with nested
> virtualization? Unconditionally
> updating vmcs01.msr_bitmap is correct regardless of whether the vCPU
> is in
> L1 or L2, but if the vCPU is currently in L2 then the effective
> bitmap,
> i.e. vmcs02.msr_bitmap, won't be updated until the next nested VM-
> Enter.
Our initial proof of concept was running with success in nested
virtualization. But most of our tests were done on bare-metal.
We do however intend to make it fully functioning on nested systems
too.
Even thought, from KVMI point of view, the MSR interception
configuration would be just fine if it gets updated before the vcpu is
actually entering to nested VM.
