On 09/01/2018 00:58, Liran Alon wrote: > > ----- pbonz...@redhat.com wrote: > >> ----- Original Message ----- >>> From: "David Woodhouse" <dw...@infradead.org> >>> To: "Paolo Bonzini" <pbonz...@redhat.com>, >> linux-kernel@vger.kernel.org, k...@vger.kernel.org >>> Cc: jmatt...@google.com, aligu...@amazon.com, "thomas lendacky" >> <thomas.lenda...@amd.com>, b...@alien8.de >>> Sent: Monday, January 8, 2018 8:41:07 PM >>> Subject: Re: [PATCH 3/7] kvm: vmx: pass MSR_IA32_SPEC_CTRL and >> MSR_IA32_PRED_CMD down to the guest >>> >>> On Mon, 2018-01-08 at 19:08 +0100, Paolo Bonzini wrote: >>>> >>>> + if (have_spec_ctrl && vmx->spec_ctrl != 0) >>>> + wrmsrl(MSR_IA32_SPEC_CTRL, vmx->spec_ctrl); >>>> + >>> >>> I think this one probably *is* safe even without an 'else lfence', >>> which means that the CPU can speculate around it, but it wants a >>> comment explaining that someone has properly analysed it and saying >>> precisely why. >> >> This one is okay as long as there are no indirect jumps until >> vmresume. But the one on vmexit is only okay because right now >> it's *disabling* IBRS. Once IBRS is used by Linux, we'll need an >> lfence there. I'll add a comment. >> >> Paolo > > That is true but from what I understand, there is an indirect branch from > this point until vmresume. > That indirect branch resides in atomic_switch_perf_msrs() immediately called > after this WRMSR: > atomic_switch_perf_msrs() -> perf_guest_get_msrs() -> > x86_pmu.guest_get_msrs().
Sure, it has to move later as pointed out by other reviewers. Paolo
