2) Do expansion at vCPU creation or KVM_ SET_CPUID2?
If the reallocation concept is still kept, then we feel doing expansion in
KVM_SET_CPUID2 makes slightly more sense. There is no functional
difference between two options since the guest is not running at this
point. And in general Qemu should set prctl according to the cpuid bits.
But since anyway we still need to check guest cpuid against guest perm in
KVM_SET_CPUID2, it reads clearer to expand the buffer only after this
check is passed.
One option is to always disable WRMSR interception once KVM_SET_CPUID2 succeeds, with the cost of one RDMSR per vm-exit. But doing so affects legacy OS which even has no XFD logic at all.
The other option is to continue the current policy i.e. disable write emulation only after the 1st interception of setting XFD to a non-zero value. Then the RDMSR cost is added only for guest which supports XFD.