On Fri, May 30, 2025, Xin Li wrote: > > + > > + if (vcpu->arch.xfd_no_write_intercept) > > + vmx_disable_intercept_for_msr(vcpu, MSR_IA32_XFD, MSR_TYPE_RW); > > + > > + > > + vmx_set_intercept_for_msr(vcpu, MSR_IA32_SPEC_CTRL, MSR_TYPE_RW, > > + !to_vmx(vcpu)->spec_ctrl); > > + > > + if (kvm_cpu_cap_has(X86_FEATURE_XFD)) > > + vmx_set_intercept_for_msr(vcpu, MSR_IA32_XFD_ERR, MSR_TYPE_R, > > + !guest_cpu_cap_has(vcpu, X86_FEATURE_XFD)); > > + > > + if (boot_cpu_has(X86_FEATURE_IBPB)) > > I think Boris prefers using cpu_feature_enabled() instead — maybe this > is a good opportunity to update this occurrence? Yeah, I'm comfortable squeezing in that change. > > + vmx_set_intercept_for_msr(vcpu, MSR_IA32_PRED_CMD, MSR_TYPE_W, > > + !guest_has_pred_cmd_msr(vcpu)); > > + > > + if (boot_cpu_has(X86_FEATURE_FLUSH_L1D)) > > Ditto. > > > + vmx_set_intercept_for_msr(vcpu, MSR_IA32_FLUSH_CMD, MSR_TYPE_W, > > + !guest_cpu_cap_has(vcpu, X86_FEATURE_FLUSH_L1D)); > > + > > + /* > > + * x2APIC and LBR MSR intercepts are modified on-demand and cannot be > > + * filtered by userspace. > > + */ > > +}
