On 13/05/2018 16:00, speck for Thomas Gleixner wrote: > > > Subject: [patch 01/15] KVM: SVM: Move spec control call after restore of GS > From: Thomas Gleixner > > svm_vcpu_run() invokes x86_spec_ctrl_restore_host() after VMEXIT, but > before the host GS is restored. x86_spec_ctrl_restore_host() uses 'current' > to determine the host SSBD state of the thread. 'current' is GS based, but > host GS is not yet restored and the access causes a triple fault. > > Move the call after the host GS restore. > > Fixes: 5cf687548705 ("x86/bugs, KVM: Support the combination of guest and host IBRS") > Signed-off-by: Thomas Gleixner Acked-by: Paolo Bonzini Thanks, Paolo > --- > arch/x86/kvm/svm.c | 24 ++++++++++++------------ > 1 file changed, 12 insertions(+), 12 deletions(-) > > --- a/arch/x86/kvm/svm.c > +++ b/arch/x86/kvm/svm.c > @@ -5651,6 +5651,18 @@ static void svm_vcpu_run(struct kvm_vcpu > #endif > ); > > + /* Eliminate branch target predictions from guest mode */ > + vmexit_fill_RSB(); > + > +#ifdef CONFIG_X86_64 > + wrmsrl(MSR_GS_BASE, svm->host.gs_base); > +#else > + loadsegment(fs, svm->host.fs); > +#ifndef CONFIG_X86_32_LAZY_GS > + loadsegment(gs, svm->host.gs); > +#endif > +#endif > + > /* > * We do not use IBRS in the kernel. If this vCPU has used the > * SPEC_CTRL MSR it may have left it on; save the value and > @@ -5671,18 +5683,6 @@ static void svm_vcpu_run(struct kvm_vcpu > > x86_spec_ctrl_restore_host(svm->spec_ctrl); > > - /* Eliminate branch target predictions from guest mode */ > - vmexit_fill_RSB(); > - > -#ifdef CONFIG_X86_64 > - wrmsrl(MSR_GS_BASE, svm->host.gs_base); > -#else > - loadsegment(fs, svm->host.fs); > -#ifndef CONFIG_X86_32_LAZY_GS > - loadsegment(gs, svm->host.gs); > -#endif > -#endif > - > reload_tss(vcpu); > > local_irq_disable(); >