.snip..
> > +/* Is SPEC_CTRL intercepted for the currently running vCPU? */
> > +static bool spec_ctrl_intercepted(struct kvm_vcpu *vcpu)
> > +{
> > + unsigned long *msr_bitmap;
> > + int f = sizeof(unsigned long);
> > +
> > + if (!cpu_has_vmx_msr_bitmap())
> > + return true;
> > +
> > + msr_bitmap = is_guest_mode(vcpu) ?
> > + to_vmx(vcpu)->nested.vmcs02.msr_bitmap :
> > + to_vmx(vcpu)->vmcs01.msr_bitmap;
> > +
> > + return !!test_bit(MSR_IA32_SPEC_CTRL, msr_bitmap + 0x800 / f);
> > +}
> > +
..snip..
> > @@ -3359,6 +3393,34 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
> > case MSR_IA32_TSC:
> > kvm_write_tsc(vcpu, msr_info);
> > break;
> > + case MSR_IA32_SPEC_CTRL:
> > + if (!msr_info->host_initiated &&
> > + !guest_cpuid_has(vcpu, X86_FEATURE_IBRS) &&
> > + !guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL))
> > + return 1;
> > +
> > + vmx->spec_ctrl_used = true;
> > +
> > + /* The STIBP bit doesn't fault even if it's not advertised */
> > + if (data & ~(SPEC_CTRL_IBRS | SPEC_CTRL_STIBP))
> > + return 1;
> > +
> > + vmx->spec_ctrl = data;
> > +
> > + /*
> > + * When it's written (to non-zero) for the first time, pass
> > + * it through. This means we don't have to take the perf
>
> .. But only if it is a nested guest (as you have && is_guest_mode).
>
> Do you want to update the comment a bit?
>
> > + * hit of saving it on vmexit for the common case of guests
> > + * that don't use it.
> > + */
> > + if (cpu_has_vmx_msr_bitmap() && data &&
> > + spec_ctrl_intercepted(vcpu) &&
> > + is_guest_mode(vcpu))
> ^^^^^^^^^^^^^^^^^^ <=== here
Would it be perhaps also good to mention the complexity of how
we ought to be handling L1 and L2 guests in the commit?
We are all stressed and I am sure some of us haven't gotten much
sleep - but it can help in say three months when some unluckly new
soul is trying to understand this and gets utterly confused.
> > + vmx_disable_intercept_for_msr(
> > + vmx->vmcs01.msr_bitmap,
> > + MSR_IA32_SPEC_CTRL,
> > + MSR_TYPE_RW);
> > + break;
> > case MSR_IA32_PRED_CMD:
> > if (!msr_info->host_initiated &&
> > !guest_cpuid_has(vcpu, X86_FEATURE_IBPB) &&
