Re: [PATCH 01/16] x86/intel: Initialize IA32_FEATURE_CONTROL MSR at boot

From: Sean Christopherson
Date: Mon Oct 07 2019 - 13:10:16 EST


On Mon, Oct 07, 2019 at 07:05:32PM +0200, Paolo Bonzini wrote:
> On 04/10/19 23:56, Sean Christopherson wrote:
> > Always lock IA32_FEATURE_CONTROL if it exists, even if the CPU doesn't
> > support VMX, so that other existing and future kernel code that queries
> > IA32_FEATURE_CONTROL can assume it's locked.
>
> Possibly stupid question: why bother locking it? It makes sense to lock
> the MSR bits to _off_ in the firmware, but if the BIOS hasn't locked it,
> why should the OS?
>
> It seems to me that locking introduces a lot of complication.

None of the enable bits take effect until the MSR is locked. If I had to
guess, ucode likely goes and pokes the enabled features during the WRMSR
with the lock bit set, as opposed to the relevant features querying the
MSR value as needed (querying the MSR is likely slow).