On Thu, 2018-01-11 at 17:32 -0800, Ashok Raj wrote:
>
> @@ -4910,6 +4935,14 @@ static void svm_vcpu_run(struct kvm_vcpu
> *vcpu)
>
> clgi();
>
> + if (boot_cpu_has(X86_FEATURE_SPEC_CTRL)) {
> + /*
> + * FIXME: lockdep_assert_irqs_disabled();
> + */
> + WARN_ON_ONCE(!irqs_disabled());
> + spec_ctrl_set(svm->spec_ctrl);
> + }
> +
> local_irq_enable();
> Same comments here as we've had previously. If you do this without an 'else lfence' then you need a comment showing that you've proved it's safe. And I don't think even using static_cpu_has() is good enough. We don't already "rely" on that for anything but optimisations, AFAICT. Turning a missed GCC optimisation into a security hole is not a good idea.
smime.p7s
Description: S/MIME cryptographic signature
