> On 3 Dec 2019, at 20:35, Jim Mattson <jmattson@xxxxxxxxxx> wrote:
>
> If the guest supports RDTSCP, it already has read access to the
> hardware IA32_TSC_AUX MSR via RDTSCP, so we can allow it read access
> via the RDMSR instruction as well. If the guest doesn't support
> RDTSCP, intercept all accesses to the IA32_TSC_AUX MSR, so that kvm
> can synthesize a #GP. (IA32_TSC_AUX exists iff RDTSCP is supported.)
>
> Signed-off-by: Jim Mattson <jmattson@xxxxxxxxxx>
> Reviewed-by: Marc Orr <marcorr@xxxxxxxxxx>
> Reviewed-by: Peter Shier <pshier@xxxxxxxxxx>
> Reviewed-by: Krish Sadhukhan <krish.sadhukhan@xxxxxxxxxx>
> Reviewed-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
Reviewed-by: Liran Alon <liran.alon@xxxxxxxxxx>
-Liran
>
> ---
> v1 -> v2: Rebased across vmx directory creation.
> Modified commit message based on Sean's comments.
>
> arch/x86/kvm/vmx/vmx.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> index d175429c91b0..04a728976d96 100644
> --- a/arch/x86/kvm/vmx/vmx.c
> +++ b/arch/x86/kvm/vmx/vmx.c
> @@ -4070,6 +4070,10 @@ static void vmx_compute_secondary_exec_control(struct vcpu_vmx *vmx)
>
> if (vmx_rdtscp_supported()) {
> bool rdtscp_enabled = guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP);
> +
> + vmx_set_intercept_for_msr(vmx->vmcs01.msr_bitmap, MSR_TSC_AUX,
> + MSR_TYPE_R, !rdtscp_enabled);
> +
> if (!rdtscp_enabled)
> exec_control &= ~SECONDARY_EXEC_RDTSCP;
>
> --
> 2.24.0.393.g34dc348eaf-goog
>
