On Tue, May 04, 2021, Jim Mattson wrote: > On Tue, May 4, 2021 at 10:17 AM Sean Christopherson <seanjc@xxxxxxxxxx> wrote: > > > > Intercept RDTSCP to inject #UD if RDTSC is disabled in the guest. > > > > Note, SVM does not support intercepting RDPID. Unlike VMX's > > ENABLE_RDTSCP control, RDTSCP interception does not apply to RDPID. This > > is a benign virtualization hole as the host kernel (incorrectly) sets > > MSR_TSC_AUX if RDTSCP is supported, and KVM loads the guest's MSR_TSC_AUX > > into hardware if RDTSCP is supported in the host, i.e. KVM will not leak > > the host's MSR_TSC_AUX to the guest. > > > > But, when the kernel bug is fixed, KVM will start leaking the host's > > MSR_TSC_AUX if RDPID is supported in hardware, but RDTSCP isn't available > > for whatever reason. This leak will be remedied in a future commit. > > > > Fixes: 46896c73c1a4 ("KVM: svm: add support for RDTSCP") > > Cc: stable@xxxxxxxxxxxxxxx > > Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx> > > --- > ... > > @@ -4007,8 +4017,7 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) > > svm->nrips_enabled = kvm_cpu_cap_has(X86_FEATURE_NRIPS) && > > guest_cpuid_has(vcpu, X86_FEATURE_NRIPS); > > > > - /* Check again if INVPCID interception if required */ > > - svm_check_invpcid(svm); > > + svm_recalc_instruction_intercepts(vcpu, svm); > > Does the right thing happen here if the vCPU is in guest mode when > userspace decides to toggle the CPUID.80000001H:EDX.RDTSCP bit on or > off? I hate our terminology. By "guest mode", do you mean running the vCPU, or do you specifically mean running in L2?