Re: [PATCH v5 4/5] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL

From: KarimAllah Ahmed
Date: Wed Jan 31 2018 - 15:01:59 EST

Next message: Eric Biggers: "Re: BUG: unable to handle kernel paging request in devpts_mntget"
Previous message: David Woodhouse: "Re: [PATCH v5 4/5] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL"
In reply to: David Woodhouse: "Re: [PATCH v5 4/5] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL"
Next in thread: Jim Mattson: "Re: [PATCH v5 4/5] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 01/31/2018 08:53 PM, Jim Mattson wrote:

On Wed, Jan 31, 2018 at 11:37 AM, KarimAllah Ahmed <karahmed@xxxxxxxxx> wrote:

+
+ if (to_vmx(vcpu)->save_spec_ctrl_on_exit) {
+ nested_vmx_disable_intercept_for_msr(
+ msr_bitmap_l1, msr_bitmap_l0,
+ MSR_IA32_SPEC_CTRL,
+ MSR_TYPE_R | MSR_TYPE_W);
+ }
+

As this is written, L2 will never get direct access to this MSR until
after L1 writes it. What if L1 never writes it? The condition should
really be something that captures, "if L0 is willing to yield this MSR
to the guest..."

but save_spec_ctrl_on_exit is also set for L2 write. So once L2 writes
to it, this condition will be true and then the bitmap will be updated.

Amazon Development Center Germany GmbH
Berlin - Dresden - Aachen
main office: Krausenstr. 38, 10117 Berlin
Geschaeftsfuehrer: Dr. Ralf Herbrich, Christian Schlaeger
Ust-ID: DE289237879
Eingetragen am Amtsgericht Charlottenburg HRB 149173 B

Next message: Eric Biggers: "Re: BUG: unable to handle kernel paging request in devpts_mntget"
Previous message: David Woodhouse: "Re: [PATCH v5 4/5] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL"
In reply to: David Woodhouse: "Re: [PATCH v5 4/5] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL"
Next in thread: Jim Mattson: "Re: [PATCH v5 4/5] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]