On Wed, 2018-01-31 at 13:05 -0800, Jim Mattson wrote: > On Wed, Jan 31, 2018 at 1:00 PM, Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote: > > > Yes, but how would moving the field into struct loaded_vmcs do anything? > > Only vmon/vmoff would change anything in vmx->nested.vmcs02. > > My suggestion was that nested_vmx_merge_msr_bitmap should set the > vmcs02 version of save_spec_ctrl_on_exit based on the calculated value > of the write permission bit for IA32_SPEC_CTRL in the vmcs02 MSR > permission bitmap. > > > Even then, L1 vmexits will also be penalized because L1 has probably > > done an RDMSR/WRMSR on L2->L1 vmexit. So I don't think it's an issue? > > Yes, it sucks to be L1 in this situation. Well... we *could* clear the save_spec_ctrl_on_exit flag and intercept the MSR again, any time that the actual value of spec_ctrl is zero. I don't think we'd want to do that too aggressively, but there might be something we could do there.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
