On Tue, Feb 6, 2018 at 9:29 AM, David Woodhouse <dwmw@xxxxxxxxxxxx> wrote: > @@ -8828,6 +8890,15 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) > > vmx_arm_hv_timer(vcpu); > > + /* > + * If this vCPU has touched SPEC_CTRL, restore the guest's value if > + * it's non-zero. Since vmentry is serialising on affected CPUs, there > + * is no need to worry about the conditional branch over the wrmsr > + * being speculatively taken. > + */ > + if (vmx->spec_ctrl) > + wrmsrl(MSR_IA32_SPEC_CTRL, vmx->spec_ctrl); > + Shouldn't this be wrmsrl_safe? Userspace can make an ioctl to set vmx->spec_ctrl to non-zero even if the MSR is not supported on the host.
