From 17265ab05f527667c674f9cc4b62ff18375f7b42 Mon Sep 17 00:00:00 2001 From: Konrad Rzeszutek Wilk Date: Sun, 7 Jan 2018 20:22:26 -0500 Subject: [PATCH] x86/kvm: Set IBRS on VMEXIT if guest disabled it. If the guest writes does not write FEATURE_ENABLE_IBRS to MSR_IA32_SPEC_CTRL, then KVM will not issue such write after (Indirect Branch Prediction Injection). Right before VMENTER we set the MSR to zero (if the guest had it set to zero), or leave it at 1 (if the guest had it set to 1). But on the VMEXIT if the guest decided to set it to _zero_ before an VMEXIT, then we will leave it at zero and _not_ set the wrmsl to 1! That is wrong. And also if the guest did set to 1, then we write 1 to it again. This fix turns the check around so that the MSR will always be at MSR 1 - with the optimization that if the guest had set it, we just keep it at 1. Orabug: 27364900 Reported-by: Liran Alon Signed-off-by: Konrad Rzeszutek Wilk Signed-off-by: Brian Maly Signed-off-by: Kirtikar Kashyap --- arch/x86/kvm/vmx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 4a60333d322c..20483acf60eb 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -8319,7 +8319,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) if (ibpb_inuse) { rdmsrl(MSR_IA32_SPEC_CTRL, vmx->spec_ctrl); - if (vmx->spec_ctrl) + if (!vmx->spec_ctrl) wrmsrl(MSR_IA32_SPEC_CTRL, SPEC_CTRL_FEATURE_ENABLE_IBRS); } stuff_RSB(); -- 2.50.1