We need to change the default all-1s bitmap if the MSRs are _not_ intercepted. However, the code was disabling the intercept when it was _enabled_ in the VMCS01. This is not causing bigger trouble, because vmx_vcpu_run checks the VMCS02's MSR bitmap and would do the right thing even if fed garbage... but it's obviously a bug and it can cause extra MSR reads and writes when running nested guests.
Fixes: d28b387fb74da95d69d2615732f50cceb38e9a4d Fixes: 15d45071523d89b3fb7372e2135fbd72f6af9506 Cc: x86@kernel.org Cc: Radim Krčmář rkrcmar@redhat.com Cc: KarimAllah Ahmed karahmed@amazon.de Cc: David Woodhouse dwmw@amazon.co.uk Cc: Jim Mattson jmattson@google.com Cc: Thomas Gleixner tglx@linutronix.de Cc: Ingo Molnar mingo@kernel.org Cc: stable@vger.kernel.org Signed-off-by: Paolo Bonzini pbonzini@redhat.com --- arch/x86/kvm/vmx.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 5caeb8dc5bda..af89d377681d 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -10235,7 +10235,7 @@ static inline bool nested_vmx_prepare_msr_bitmap(struct kvm_vcpu *vcpu, return false;
if (!nested_cpu_has_virt_x2apic_mode(vmcs12) && - !pred_cmd && !spec_ctrl) + pred_cmd && spec_ctrl) return false;
page = kvm_vcpu_gpa_to_page(vcpu, vmcs12->msr_bitmap); @@ -10278,13 +10278,13 @@ static inline bool nested_vmx_prepare_msr_bitmap(struct kvm_vcpu *vcpu, MSR_TYPE_W); }
- if (spec_ctrl) + if (!spec_ctrl) nested_vmx_disable_intercept_for_msr( msr_bitmap_l1, msr_bitmap_l0, MSR_IA32_SPEC_CTRL, MSR_TYPE_R | MSR_TYPE_W);
- if (pred_cmd) + if (!pred_cmd) nested_vmx_disable_intercept_for_msr( msr_bitmap_l1, msr_bitmap_l0, MSR_IA32_PRED_CMD,