If the guest supports RDTSCP, it already has read access to the hardware IA32_TSC_AUX MSR via RDTSCP, so we can allow it read-access via RDMSR as well. If the guest doesn't support RDTSCP, then we should not allow it read access to the hardware IA32_TSC_AUX MSR. Signed-off-by: Jim Mattson <jmattson@xxxxxxxxxx> Reviewed-by: Marc Orr <marcorr@xxxxxxxxxx> Reviewed-by: Peter Shier <pshier@xxxxxxxxxx> --- arch/x86/kvm/vmx.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index c379d0bfdcba9..69deab6f37953 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -6522,6 +6522,10 @@ static void vmx_compute_secondary_exec_control(struct vcpu_vmx *vmx) if (vmx_rdtscp_supported()) { bool rdtscp_enabled = guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP); + + vmx_set_intercept_for_msr(vmx->vmcs01.msr_bitmap, MSR_TSC_AUX, + MSR_TYPE_R, !rdtscp_enabled); + if (!rdtscp_enabled) exec_control &= ~SECONDARY_EXEC_RDTSCP; -- 2.20.0.rc2.403.gdbc3b29805-goog