On Wed, Dec 22, 2021, Jing Liu wrote:
Guest xstate permissions should be set by userspace VMM before vcpu creation. Extend KVM_SET_CPUID2 to verify that every feature reported in CPUID[0xD] has proper permission set.
Why? Nothing in the changelog, code, or comments explains why KVM _needs_ to prevent userspace from advertising bogus features to the guest. E.g. the virtual address width check exists because _KVM_ will do the wrong thing given a width other than 48 or 57, and explicity says as much in a comment.