Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932939AbeAIAFu (ORCPT + 1 other); Mon, 8 Jan 2018 19:05:50 -0500 Received: from userp2120.oracle.com ([156.151.31.85]:52700 "EHLO userp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751719AbeAIAFs (ORCPT ); Mon, 8 Jan 2018 19:05:48 -0500 MIME-Version: 1.0 Message-ID: <751eaab5-1cc1-4913-b3c7-379255140cd1@default> Date: Mon, 8 Jan 2018 15:58:14 -0800 (PST) From: Liran Alon To: Cc: , , , , , , Subject: Re: [PATCH 3/7] kvm: vmx: pass MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD down to the guest X-Mailer: Zimbra on Oracle Beehive Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT Content-Disposition: inline X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8768 signatures=668652 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=964 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1801080332 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: ----- pbonzini@redhat.com wrote: > ----- Original Message ----- > > From: "David Woodhouse" > > To: "Paolo Bonzini" , > linux-kernel@vger.kernel.org, kvm@vger.kernel.org > > Cc: jmattson@google.com, aliguori@amazon.com, "thomas lendacky" > , bp@alien8.de > > Sent: Monday, January 8, 2018 8:41:07 PM > > Subject: Re: [PATCH 3/7] kvm: vmx: pass MSR_IA32_SPEC_CTRL and > MSR_IA32_PRED_CMD down to the guest > > > > On Mon, 2018-01-08 at 19:08 +0100, Paolo Bonzini wrote: > > > > > > +       if (have_spec_ctrl && vmx->spec_ctrl != 0) > > > +               wrmsrl(MSR_IA32_SPEC_CTRL, vmx->spec_ctrl); > > > + > > > > I think this one probably *is* safe even without an 'else lfence', > > which means that the CPU can speculate around it, but it wants a > > comment explaining that someone has properly analysed it and saying > > precisely why. > > This one is okay as long as there are no indirect jumps until > vmresume. But the one on vmexit is only okay because right now > it's *disabling* IBRS. Once IBRS is used by Linux, we'll need an > lfence there. I'll add a comment. > > Paolo That is true but from what I understand, there is an indirect branch from this point until vmresume. That indirect branch resides in atomic_switch_perf_msrs() immediately called after this WRMSR: atomic_switch_perf_msrs() -> perf_guest_get_msrs() -> x86_pmu.guest_get_msrs(). -Liran