On Thu, 2018-01-11 at 17:32 -0800, Ashok Raj wrote:
> 
> @@ -4910,6 +4935,14 @@ static void svm_vcpu_run(struct kvm_vcpu
> *vcpu)
>  
>         clgi();
>  
> +       if (boot_cpu_has(X86_FEATURE_SPEC_CTRL)) {
> +               /*
> +                * FIXME: lockdep_assert_irqs_disabled();
> +                */
> +               WARN_ON_ONCE(!irqs_disabled());
> +               spec_ctrl_set(svm->spec_ctrl);
> +       }
> +
>         local_irq_enable();
>  

Same comments here as we've had previously. If you do this without an
'else lfence' then you need a comment showing that you've proved it's
safe.

And I don't think even using static_cpu_has() is good enough. We don't
already "rely" on that for anything but optimisations, AFAICT. Turning
a missed GCC optimisation into a security hole is not a good idea.