On Mon, Apr 18, 2022, Maxim Levitsky wrote: > On Sat, 2022-04-16 at 03:42 +0000, Sean Christopherson wrote: > When L2 uses APICv/AVIC, we just safely passthrough its usage to the real hardware. > > If we were to to need to inhibit it, we would have to emulate APICv/AVIC so that L1 would > still think that it can use it - thankfully there is no need for that. What if L1 passes through IRQs and all MSRs to L2? E.g. if L2 activates Auto EOI via WRMSR, then arguably it is KVM's responsibility to disable APICv in vmcs02 _and_ vmcs01 in order to handle the Auto EOI properly. L1 isn't expecting a VM-Exit, so KVM can't safely punt to L1 even if conceptually we think that it's L1's problem. It's a contrived scenario, but technically possible.
