On Tue, Feb 6, 2018 at 9:29 AM, David Woodhouse <dwmw@xxxxxxxxxxxx> wrote:
> @@ -8946,6 +9017,27 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
> #endif
> );
>
> + /*
> + * We do not use IBRS in the kernel. If this vCPU has used the
> + * SPEC_CTRL MSR it may have left it on; save the value and
> + * turn it off. This is much more efficient than blindly adding
> + * it to the atomic save/restore list. Especially as the former
> + * (Saving guest MSRs on vmexit) doesn't even exist in KVM.
> + *
> + * For non-nested case:
> + * If the L01 MSR bitmap does not intercept the MSR, then we need to
> + * save it.
> + *
> + * For nested case:
> + * If the L02 MSR bitmap does not intercept the MSR, then we need to
> + * save it.
> + */
> + if (!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL))
> + rdmsrl(MSR_IA32_SPEC_CTRL, vmx->spec_ctrl);
> +
> + if (vmx->spec_ctrl)
> + wrmsrl(MSR_IA32_SPEC_CTRL, 0);
> +
Again, we haven't verified host support for this MSR. Perhaps this
should be something like:
if (!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL)
&& !rdmsrl_safe(MSR_IA32_SPEC_CTRL, &vmx->spec_ctrl) && vmx->spec_ctrl)
wrmsrl(MSR_IA32_SPEC_CTRL, 0);
