On 6/14/22 06:55, Anirudh Rayabharam wrote:
That said, I think a better implementation of this patch is to just add
a version of evmcs_sanitize_exec_ctrls that takes a struct
nested_vmx_msrs *, and call it at the end of nested_vmx_setup_ctl_msrs like
evmcs_sanitize_nested_vmx_vsrs(msrs);
Sanitize at the end might not work because I see some cases in
nested_vmx_setup_ctls_msrs() where we want to expose some things to L1
even though the hardware doesn't support it.
Yes, but these will never include eVMCS-unsupported features.
Paolo
