On Tue, Jan 30, 2018 at 4:19 PM, Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote: > The new code in nested_vmx_merge_msr_bitmap should be conditional on > vmx->save_spec_ctrl_on_exit. But then if L1 doesn't use MSR_IA32_SPEC_CTRL itself and it uses the VM-entry MSR load list to set up L2's MSR_IA32_SPEC_CTRL, you will never set vmx->save_spec_ctrl_on_exit, and L2's accesses to the MSR will always be intercepted by L0.
