Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754958AbeAJNUZ (ORCPT + 1 other); Wed, 10 Jan 2018 08:20:25 -0500 Received: from mx1.redhat.com ([209.132.183.28]:34340 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752770AbeAJNUY (ORCPT ); Wed, 10 Jan 2018 08:20:24 -0500 Subject: Re: [PATCH 3/8] kvm: vmx: pass MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD down to the guest To: Nadav Amit Cc: Liran Alon , jmattson@google.com, x86@kernel.org, dwmw@amazon.co.uk, bp@alien8.de, aliguori@amazon.com, thomas.lendacky@amd.com, rkrcmar@redhat.com, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, Arjan van de Ven References: <222d0a6b-820f-4d7c-a616-ac89f77c3c09@default> <834e9b46-5d59-a81e-8cda-5f576964e1cb@redhat.com> From: Paolo Bonzini Message-ID: Date: Wed, 10 Jan 2018 14:20:13 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Wed, 10 Jan 2018 13:20:24 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On 10/01/2018 06:03, Nadav Amit wrote: >> >> Of course the code will become something like >> >> if (using_ibrs || vmx->spec_ctrl != 0) >> wrmsrl(MSR_IA32_SPEC_CTRL, host_ibrs); >> >> optimizing the case where the host is using retpolines. > Excuse my ignorance: Can you point me to the specifications that mention “we > should set IBRS bit even if it was already set on every #VMExit” ? All I have is some PowerPoint slides from Intel. :( They say: --- A near indirect jump/call/return may be affected by code in a less privileged prediction mode that executed AFTER IBRS mode was last written with a value of 1. There is no need to clear IBRS before writing it with a value of 1. Unconditionally writing it with a value of 1 after the prediction mode change is sufficient. VMX non-root is considered a less privileged prediction mode than VM root. CPL 3 is considered a less privileged prediction mode than CPL0, 1, 2. Some processors may enhance IBRS such that it isolates prediction modes effectively and at higher performance if left set instead of being set when enter OS and VMM and cleared when entering applications. [This is] enumerated by IA32_ARCH_CAPABILITIES[1]. --- (Yes, it literally says VM root, not VMX root). But I think this is an awful specification. For two reasons: * a simple specification that does "IBRS=1 blocks indirect branch prediction altogether" would actually satisfy the specification just as well, and it would be nice to know if that's what the processor actually does. * the future case with enhanced IBRS still requires the expensive IBPB when switching between applications or between guests, where the PCID/VPID (and PCID/VPID invalidation) could be used to remove that need. Paolo