KVM: SVM: Disable interception of SPEC_CTRL iff the MSR exists for the guest

Disable interception of SPEC_CTRL when the CPU virtualizes (i.e. context
switches) SPEC_CTRL if and only if the MSR exists according to the vCPU's
CPUID model.  Letting the guest access SPEC_CTRL is generally benign, but
the guest would see inconsistent behavior if KVM happened to emulate an
access to the MSR.

Fixes: d00b99c514b3 ("KVM: SVM: Add support for Virtual SPEC_CTRL")
Reported-by: Chao Gao <chao.gao@intel.com>
Link: https://lore.kernel.org/r/20250610225737.156318-2-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index be8c43049f4d398c3b0dc263fd1a862788c3c43e..9c6ec5e8814110b87fb5abccec28add0151787c7 100644 (file)
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -1356,11 +1356,14 @@ static void init_vmcb(struct kvm_vcpu *vcpu)
        svm_recalc_instruction_intercepts(vcpu, svm);
 
        /*
-        * If the host supports V_SPEC_CTRL then disable the interception
-        * of MSR_IA32_SPEC_CTRL.
+        * If the CPU virtualizes MSR_IA32_SPEC_CTRL, i.e. KVM doesn't need to
+        * manually context switch the MSR, immediately configure interception
+        * of SPEC_CTRL, without waiting for the guest to access the MSR.
         */
        if (boot_cpu_has(X86_FEATURE_V_SPEC_CTRL))
-               set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SPEC_CTRL, 1, 1);
+               set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SPEC_CTRL,
+                                    guest_has_spec_ctrl_msr(vcpu),
+                                    guest_has_spec_ctrl_msr(vcpu));
 
        if (kvm_vcpu_apicv_active(vcpu))
                avic_init_vmcb(svm, vmcb);