Index: vmm_msr.c
===================================================================
--- vmm_msr.c	(revision 245934)
+++ vmm_msr.c	(working copy)
@@ -57,6 +57,7 @@
 	{ MSR_PAT,      VMM_MSR_F_EMULATE | VMM_MSR_F_INVALID },
 	{ MSR_BIOS_SIGN,VMM_MSR_F_EMULATE },
 	{ MSR_MCG_CAP,	VMM_MSR_F_EMULATE | VMM_MSR_F_READONLY },
+	{ MSR_IA32_MISC_ENABLE, VMM_MSR_F_EMULATE | VMM_MSR_F_READONLY },
 };
 
 #define	vmm_msr_num	(sizeof(vmm_msr) / sizeof(vmm_msr[0]))
@@ -91,6 +92,7 @@
 guest_msrs_init(struct vm *vm, int cpu)
 {
 	int i;
+	uint64_t tmp;
 	uint64_t *guest_msrs;
 
 	guest_msrs = vm_guest_msrs(vm, cpu);
@@ -105,6 +107,13 @@
 		case MSR_MCG_CAP:
 			guest_msrs[i] = 0;
 			break;
+		case MSR_IA32_MISC_ENABLE:
+			tmp = rdmsr(MSR_IA32_MISC_ENABLE);
+			/*
+			 * Mask out unwanted bits ???
+			 */
+			guest_msrs[i] = tmp & ~(0x0);
+			break;
 		case MSR_PAT:
 			guest_msrs[i] = PAT_VALUE(0, PAT_WRITE_BACK)      |
 				PAT_VALUE(1, PAT_WRITE_THROUGH)   |
Index: x86.c
===================================================================
--- x86.c	(revision 245934)
+++ x86.c	(working copy)
@@ -79,7 +79,6 @@
 		case CPUID_0000_0000:
 		case CPUID_0000_0002:
 		case CPUID_0000_0003:
-		case CPUID_0000_000A:
 			cpuid_count(*eax, *ecx, regs);
 			break;
 
@@ -120,12 +119,14 @@
 			if (x2apic_state != X2APIC_DISABLED)
 				regs[2] |= CPUID2_X2APIC;
 
+#if 1 /* XXX PG resolved now */
 			/*
 			 * Hide xsave/osxsave/avx until the FPU save/restore
 			 * issues are resolved
 			 */
 			regs[2] &= ~(CPUID2_XSAVE | CPUID2_OSXSAVE |
 				     CPUID2_AVX);
+#endif
 
 			/*
 			 * Hide monitor/mwait until we know how to deal with
@@ -145,6 +146,13 @@
 			regs[3] &= ~(CPUID_MCA | CPUID_MCE | CPUID_MTRR);
 
 			/*
+			 * Hide the debug store capability.
+			 * Probably works, but causes Linux to read (so far)
+			 * unimplemented MSRs
+			 */
+			regs[3] &= ~CPUID_DS;
+
+			/*
 			 * Disable multi-core.
 			 */
 			regs[1] &= ~CPUID_HTT_CORES;
@@ -163,6 +171,8 @@
 
 		case CPUID_0000_0006:
 		case CPUID_0000_0007:
+		case CPUID_0000_000A:
+		case CPUID_0000_000D:		  
 			/*
 			 * Handle the access, but report 0 for
 			 * all options
@@ -190,8 +200,14 @@
 			bcopy(bhyve_id, &regs[3], 4);
 			break;
 		default:
-			/* XXX: Leaf 5? */
-			return (0);
+			/*
+			 * Defeat Xen scan
+			 */
+			if (func > 0x40000000 && func < 0x40010000) {
+				regs[0] = regs[1] = regs[2] = regs[3] = 0;
+				break;
+			} else
+				return (0);
 	}
 
 	*eax = regs[0];
Index: intel/vmx.c
===================================================================
--- intel/vmx.c	(revision 245934)
+++ intel/vmx.c	(working copy)
@@ -642,7 +642,7 @@
 		mask_ident = VMCS_CR0_MASK;
 		mask_value = cr0_ones_mask | cr0_zeros_mask;
 		shadow_ident = VMCS_CR0_SHADOW;
-		shadow_value = cr0_ones_mask;
+		shadow_value = 0;
 	} else {
 		mask_ident = VMCS_CR4_MASK;
 		mask_value = cr4_ones_mask | cr4_zeros_mask;
Index: x86.h
===================================================================
--- x86.h	(revision 245934)
+++ x86.h	(working copy)
@@ -38,6 +38,7 @@
 #define CPUID_0000_0007 (0x7)
 #define	CPUID_0000_000A	(0xA)
 #define	CPUID_0000_000B	(0xB)
+#define	CPUID_0000_000D	(0xD)
 #define CPUID_8000_0000	(0x80000000)
 #define CPUID_8000_0001	(0x80000001)
 #define CPUID_8000_0002	(0x80000002)