On Thu, 2018-01-11 at 17:32 -0800, Ashok Raj wrote: > > @@ -4910,6 +4935,14 @@ static void svm_vcpu_run(struct kvm_vcpu > *vcpu) > > clgi(); > > + if (boot_cpu_has(X86_FEATURE_SPEC_CTRL)) { > + /* > + * FIXME: lockdep_assert_irqs_disabled(); > + */ > + WARN_ON_ONCE(!irqs_disabled()); > + spec_ctrl_set(svm->spec_ctrl); > + } > + > local_irq_enable(); >
Same comments here as we've had previously. If you do this without an 'else lfence' then you need a comment showing that you've proved it's safe. And I don't think even using static_cpu_has() is good enough. We don't already "rely" on that for anything but optimisations, AFAICT. Turning a missed GCC optimisation into a security hole is not a good idea.
smime.p7s
Description: S/MIME cryptographic signature