illumos gate

With this patch applied, I can see the VMX capabilities properly populated on an Ivy Bridge test system:

> vmx_capabilities::print
0xf (VMX_CAP_{TPR_SHADOW|APICV|APICV_X2APIC|APICV_PIR})

I can zero out the global vmx_capabilities without affecting the operation of existing guests, as they have a local copy which represents the capability state at the time of their creation.

By toggling bits in vmx_capabilities via mdb -kw, emulation logic which doesn't rely on those CPU features can be tested on a machine which is nonetheless capable. With the default capabilities on that machine, calls to vmx_post_intr() can be seen (using APICv posted-interrupts). With it disabled (vmx_capabilities = 0x7), the posted interrupt calls disappear, but @vmx_set_intr_ready() calls are still prevalent, as the remaining APICv functionality is still used. With all but TPR-shadowing disabled, the APICv calls disappear, but we can see vlapic_get_cr8 calls during VMX entry setup as that state is synchronized into the VMCS. With vmx_capabilities zeroed out, the guest still runs fine, but bhyve uses all of the in-kernel APIC emulation, rather than the advanced VMX features.

I fired this up on an older (and less capable) Westmere machine to make sure it properly detected and enabled the available VMX features:

> vmx_capabilities::print
0x1 (VMX_CAP_TPR_SHADOW)

It booted and ran a Linux guest just as it had prior to the change.