On Mon, Jun 13, 2022 at 04:57:49PM +0000, Sean Christopherson wrote: > On Mon, Jun 13, 2022, Paolo Bonzini wrote: > > On 6/13/22 18:16, Anirudh Rayabharam wrote: > > > + if (!kvm_has_tsc_control) > > > + msrs->secondary_ctls_high &= ~SECONDARY_EXEC_TSC_SCALING; > > > + > > > msrs->secondary_ctls_low = 0; > > > msrs->secondary_ctls_high &= > > > SECONDARY_EXEC_DESC | > > > @@ -6667,8 +6670,7 @@ void nested_vmx_setup_ctls_msrs(struct nested_vmx_msrs *msrs, u32 ept_caps) > > > SECONDARY_EXEC_RDRAND_EXITING | > > > SECONDARY_EXEC_ENABLE_INVPCID | > > > SECONDARY_EXEC_RDSEED_EXITING | > > > - SECONDARY_EXEC_XSAVES | > > > - SECONDARY_EXEC_TSC_SCALING; > > > + SECONDARY_EXEC_XSAVES; > > > /* > > > > This is wrong because it _always_ disables SECONDARY_EXEC_TSC_SCALING, > > even if kvm_has_tsc_control == true. > > > > That said, I think a better implementation of this patch is to just add > > a version of evmcs_sanitize_exec_ctrls that takes a struct > > nested_vmx_msrs *, and call it at the end of nested_vmx_setup_ctl_msrs like > > > > evmcs_sanitize_nested_vmx_vsrs(msrs); > > Any reason not to use the already sanitized vmcs_config? I can't think of any > reason why the nested path should blindly use the raw MSR values from hardware. vmcs_config has the sanitized exec controls. But how do we construct MSR values using them? Thanks, Anirudh.
