On 30/01/2018 19:27, Jim Mattson wrote: > On Tue, Jan 30, 2018 at 4:19 PM, Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote: >> The new code in nested_vmx_merge_msr_bitmap should be conditional on >> vmx->save_spec_ctrl_on_exit. > > But then if L1 doesn't use MSR_IA32_SPEC_CTRL itself and it uses the > VM-entry MSR load list to set up L2's MSR_IA32_SPEC_CTRL, you will > never set vmx->save_spec_ctrl_on_exit, and L2's accesses to the MSR > will always be intercepted by L0. If you don't make it conditional, L0 will forget to read back at vmexit what value L2 has written to the MSR. The alternative is to set vmx->save_spec_ctrl_on_exit on all writes, including those coming from L2. That works for me. Paolo
