On Wed, Jan 31, 2018 at 1:00 PM, Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote: > Yes, but how would moving the field into struct loaded_vmcs do anything? > Only vmon/vmoff would change anything in vmx->nested.vmcs02. My suggestion was that nested_vmx_merge_msr_bitmap should set the vmcs02 version of save_spec_ctrl_on_exit based on the calculated value of the write permission bit for IA32_SPEC_CTRL in the vmcs02 MSR permission bitmap. > Even then, L1 vmexits will also be penalized because L1 has probably > done an RDMSR/WRMSR on L2->L1 vmexit. So I don't think it's an issue? Yes, it sucks to be L1 in this situation.