On 07/07/20 13:30, Maxim Levitsky wrote: >> Somehwat crazy idea inbound... rather than calculating the valid bits in >> software, what if we throw the value at the CPU and see if it fails? At >> least that way the host and guest are subject to the same rules. E.g. >> >> --- a/arch/x86/kvm/vmx/vmx.c >> +++ b/arch/x86/kvm/vmx/vmx.c >> @@ -2062,11 +2062,19 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) >> !guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL)) >> return 1; >> >> - if (data & ~kvm_spec_ctrl_valid_bits(vcpu)) >> - return 1; >> - >> + ret = 0; >> vmx->spec_ctrl = data; >> - if (!data) >> + >> + local_irq_disable(); >> + if (rdmsrl_safe(MSR_IA32_SPEC_CTRL, &data)) >> + ret = 1; >> + else if (wrmsrl_safe(MSR_IA32_SPEC_CTRL, vmx->spec_ctrl)) >> + ret = 1; >> + else >> + wrmsrl(MSR_IA32_SPEC_CTRL, data)) >> + local_irq_enable(); >> + >> + if (ret || !vmx->spec_ctrl) >> break; >> >> /* >> > I don't mind this as well, knowing that this is done only one per VM run anyway. Maxim, this is okay as well; can you send a patch for it? Paolo