On Mon, Jun 13, 2022, Paolo Bonzini wrote: > On 6/13/22 18:16, Anirudh Rayabharam wrote: > > + if (!kvm_has_tsc_control) > > + msrs->secondary_ctls_high &= ~SECONDARY_EXEC_TSC_SCALING; > > + > > msrs->secondary_ctls_low = 0; > > msrs->secondary_ctls_high &= > > SECONDARY_EXEC_DESC | > > @@ -6667,8 +6670,7 @@ void nested_vmx_setup_ctls_msrs(struct nested_vmx_msrs *msrs, u32 ept_caps) > > SECONDARY_EXEC_RDRAND_EXITING | > > SECONDARY_EXEC_ENABLE_INVPCID | > > SECONDARY_EXEC_RDSEED_EXITING | > > - SECONDARY_EXEC_XSAVES | > > - SECONDARY_EXEC_TSC_SCALING; > > + SECONDARY_EXEC_XSAVES; > > /* > > This is wrong because it _always_ disables SECONDARY_EXEC_TSC_SCALING, > even if kvm_has_tsc_control == true. > > That said, I think a better implementation of this patch is to just add > a version of evmcs_sanitize_exec_ctrls that takes a struct > nested_vmx_msrs *, and call it at the end of nested_vmx_setup_ctl_msrs like > > evmcs_sanitize_nested_vmx_vsrs(msrs); Any reason not to use the already sanitized vmcs_config? I can't think of any reason why the nested path should blindly use the raw MSR values from hardware.
