Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754130AbeAIKLW (ORCPT <rfc822;ralf@linux-mips.org> + 1 other);
        Tue, 9 Jan 2018 05:11:22 -0500
Received: from mail-lf0-f46.google.com ([209.85.215.46]:46100 "EHLO
        mail-lf0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751540AbeAIKLP (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 9 Jan 2018 05:11:15 -0500
X-Google-Smtp-Source: ACJfBot0ia4RcakCD3B/OZoMfl6dtrXTyYoR3VtHv+1FL8T6mfOOKcQjbPVPEx8FrOycE2hZop+SYw==
Subject: Re: [PATCH 3/7] kvm: vmx: pass MSR_IA32_SPEC_CTRL and
 MSR_IA32_PRED_CMD down to the guest
To: Jim Mattson <jmattson@google.com>
Cc: LKML <linux-kernel@vger.kernel.org>,
        kvm list <kvm@vger.kernel.org>, aliguori@amazon.com,
        Tom Lendacky <thomas.lendacky@amd.com>, dwmw@amazon.co.uk,
        bp@alien8.de
References: <1515434925-10250-1-git-send-email-pbonzini@redhat.com>
 <1515434925-10250-4-git-send-email-pbonzini@redhat.com>
 <CALMp9eSWAcLpVFpEv3=xjfUN6W60BzFw6BmZGuaX_1GP-d1UPA@mail.gmail.com>
 <996327789.31733050.1515450744981.JavaMail.zimbra@redhat.com>
 <CALMp9eTo=fTmQwcfumeU0_R49ePy+3-rNRan7T3nBeZeKza9MA@mail.gmail.com>
From: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <162a48a4-1f72-1fbe-fc19-cd46cf43b97e@redhat.com>
Date: Tue, 9 Jan 2018 11:11:11 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.5.0
MIME-Version: 1.0
In-Reply-To: <CALMp9eTo=fTmQwcfumeU0_R49ePy+3-rNRan7T3nBeZeKza9MA@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>

On 09/01/2018 00:19, Jim Mattson wrote:
>>>> +       vmx_disable_intercept_for_msr(MSR_IA32_SPEC_CTRL, false);
>>>> +       vmx_disable_intercept_for_msr(MSR_IA32_PRED_CMD, false);
>>> I have a lot of changes to MSR permission bitmap handling, but these
>>> intercepts should only be disabled when guest_cpuid_has(vcpu,
>>> X86_FEATURE_SPEC_CTRL).
>> That's harder to backport and not strictly necessary (just like
>> e.g. we don't check guest CPUID bits before emulation).  I agree that
>> your version is better, but I think the above is fine as a minimal
>> fix.
> 
> Due to the impacts that spec_ctrl has on the neighboring hyperthread,
> one may want to disable MSRs 0x48 and 0x49 for a particular VM. We do
> this by masking off CPUID.(EAX=7, ECX=0).EDX[26] and CPUID.(EAX=7,
> ECX=0).EDX[27] from the userspace agent. However, with your patch,
> *any* VCPU gets unrestricted access to these MSRs, without any
> mechanism for disabling them.

Yes, I agree that having the check is superior.  However, I also want to
get there step by step.

>>>> +       if (have_spec_ctrl) {
>>>> +               rdmsrl(MSR_IA32_SPEC_CTRL, vmx->spec_ctrl);
>>>> +               if (vmx->spec_ctrl)
>>>> +                       wrmsrl(MSR_IA32_SPEC_CTRL, 0);
>>>> +       }
>>>> +
>>>
>>> I know the VM-exit MSR load and store lists are probably slower, but
>>> I'm a little uncomfortable restoring the host's IA32_SPEC_CTRL MSR
>>> late if the guest has it clear and the host has it set.
>>
>> There is no indirect branch before though, isn't it?
>
> I guess that depends on how you define "before."

--verbose? :-/

Paolo