On 5/6/2020 5:44 PM, Paolo Bonzini wrote:
Using CPUID data can be useful for the processor compatibility
check, but that's it. Using it to compute guest-reserved bits
can have both false positives (such as LA57 and UMIP which we
are already handling) and false negatives:
in particular, with
this patch we don't allow anymore a KVM guest to set CR4.PKE
when CR4.PKE is clear on the host.
A common question about whether a feature can be exposed to guest:
Given a feature, there is a CPUID bit to enumerate it, and a CR4 bit to
turn it on/off. Whether the feature can be exposed to guest only depends
on host CR4 setting? I.e., if CPUID bit is not cleared in cpu_data in
host but host kernel doesn't set the corresponding CR4 bit to turn it
on, we cannot expose the feature to guest. right?