Thanks for reviewing the patches.
If disable unconditionally in vmx_create_vcpu, it means even guest has
no cpuid, the msr read is passthrough to guest and it can read a value, which
seems strange, though spec doesn't mention the read behaviour w/o cpuid.
How about disabling read interception at vmx_vcpu_after_set_cpuid?
if (boot_cpu_has(X86_FEATURE_XFD) && guest_cpuid_has(vcpu, X86_FEATURE_XFD))
vmx_set_intercept_for_msr(vcpu, MSR_IA32_XFD_ERR, MSR_TYPE_R, false);