On 09/01/2018 00:58, Liran Alon wrote: > > ----- pbonzini@xxxxxxxxxx wrote: > >> ----- Original Message ----- >>> From: "David Woodhouse" <dwmw2@xxxxxxxxxxxxx> >>> To: "Paolo Bonzini" <pbonzini@xxxxxxxxxx>, >> linux-kernel@xxxxxxxxxxxxxxx, kvm@xxxxxxxxxxxxxxx >>> Cc: jmattson@xxxxxxxxxx, aliguori@xxxxxxxxxx, "thomas lendacky" >> <thomas.lendacky@xxxxxxx>, bp@xxxxxxxxx >>> Sent: Monday, January 8, 2018 8:41:07 PM >>> Subject: Re: [PATCH 3/7] kvm: vmx: pass MSR_IA32_SPEC_CTRL and >> MSR_IA32_PRED_CMD down to the guest >>> >>> On Mon, 2018-01-08 at 19:08 +0100, Paolo Bonzini wrote: >>>> >>>> + if (have_spec_ctrl && vmx->spec_ctrl != 0) >>>> + wrmsrl(MSR_IA32_SPEC_CTRL, vmx->spec_ctrl); >>>> + >>> >>> I think this one probably *is* safe even without an 'else lfence', >>> which means that the CPU can speculate around it, but it wants a >>> comment explaining that someone has properly analysed it and saying >>> precisely why. >> >> This one is okay as long as there are no indirect jumps until >> vmresume. But the one on vmexit is only okay because right now >> it's *disabling* IBRS. Once IBRS is used by Linux, we'll need an >> lfence there. I'll add a comment. >> >> Paolo > > That is true but from what I understand, there is an indirect branch from this point until vmresume. > That indirect branch resides in atomic_switch_perf_msrs() immediately called after this WRMSR: > atomic_switch_perf_msrs() -> perf_guest_get_msrs() -> x86_pmu.guest_get_msrs(). Sure, it has to move later as pointed out by other reviewers. Paolo
