The existing code emulates the guest's use of the IA32_FEATURE_CONTROL MSR in a way that was enough to run nested VMX guests, but did not fully conform to the VMX specification, and in particular did not allow a guest BIOS to prevent the guest OS from using VMX by setting the lock bit on this MSR. This simple patch emulates this MSR better, allowing the guest to lock it, and verifying its setting on VMXON. Also make sure that this MSR (and of course, VMXON state) is reset on guest vcpu reset (via SIPI). This patch stems from these discussions: http://comments.gmane.org/gmane.comp.emulators.kvm.devel/87759 http://comments.gmane.org/gmane.comp.emulators.kvm.devel/87846 I'm not sure why it wasn't accepted. The only remaining issue appeared to be this: > > > +#define VMXON_NEEDED_FEATURES \ > > > + (FEATURE_CONTROL_LOCKED | FEATURE_CONTROL_VMXON_ENABLED_OUTSIDE_SMX) Move it to the top of the file, or as a variable at the top of the function please.
Created attachment 93111 [details] Patch for better MSR_IA32_FEATURE_CONTROL emulation
Fixed by commit b3897a49e22f (KVM: nVMX: Fix read/write to MSR_IA32_FEATURE_CONTROL, 2013-07-08).