Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Subject: Re: [PATCH 3/8] kvm: vmx: pass MSR_IA32_SPEC_CTRL and
 MSR_IA32_PRED_CMD down to the guest
From: Nadav Amit <nadav.amit@gmail.com>
In-Reply-To: <CALMp9eThy8ZpzPJjWRVikmZxUdgbP7Km0tOBOXo20bxNuKxdQw@mail.gmail.com>
Date: Fri, 12 Jan 2018 15:19:50 -0800
Cc: Paolo Bonzini <pbonzini@redhat.com>,
        Liran Alon <liran.alon@oracle.com>,
        the arch/x86 maintainers <x86@kernel.org>, dwmw@amazon.co.uk,
        Borislav Petkov <bp@alien8.de>,
        Anthony Liguori <aliguori@amazon.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        =?utf-8?B?UmFkaW0gS3LEjW3DocWZ?= <rkrcmar@redhat.com>,
        LKML <linux-kernel@vger.kernel.org>,
        kvm list <kvm@vger.kernel.org>
Content-Transfer-Encoding: 8BIT
Message-Id: <677CE8BB-5502-45C5-8277-25D982E45951@gmail.com>
References: <222d0a6b-820f-4d7c-a616-ac89f77c3c09@default>
 <834e9b46-5d59-a81e-8cda-5f576964e1cb@redhat.com>
 <EBDECE05-48A1-4906-AC0D-8D5928A799F2@gmail.com>
 <CALMp9eThy8ZpzPJjWRVikmZxUdgbP7Km0tOBOXo20bxNuKxdQw@mail.gmail.com>
To: Jim Mattson <jmattson@google.com>
Sender: linux-kernel-owner@vger.kernel.org

Thanks, Jim. Highly appreciated.

Jim Mattson <jmattson@google.com> wrote:

> Nadav,
> 
> See section 2.5.1.2 (paragraph 3) in
> https://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf.
> 
> On Tue, Jan 9, 2018 at 9:03 PM, Nadav Amit <nadav.amit@gmail.com> wrote:
>> Paolo Bonzini <pbonzini@redhat.com> wrote:
>> 
>>> On 09/01/2018 17:48, Liran Alon wrote:
>>>>>> +  if (have_spec_ctrl) {
>>>>>> +          rdmsrl(MSR_IA32_SPEC_CTRL, vmx->spec_ctrl);
>>>>>> +          if (vmx->spec_ctrl != 0)
>>>>>> +                  wrmsrl(MSR_IA32_SPEC_CTRL, 0);
>>>> 
>>>> As I said also on the AMD patch, I think this is a bug.
>>>> Intel specify that we should set IBRS bit even if it was already set on every #VMExit.
>>> 
>>> That's correct (though I'd like to understand _why_---I'm not inclined
>>> to blindly trust a spec), but for now it's saving a wrmsr of 0.  That is
>>> quite obviously okay, and will be also okay after the bare-metal IBRS
>>> patches.
>>> 
>>> Of course the code will become something like
>>> 
>>>      if (using_ibrs || vmx->spec_ctrl != 0)
>>>              wrmsrl(MSR_IA32_SPEC_CTRL, host_ibrs);
>>> 
>>> optimizing the case where the host is using retpolines.
>> 
>> Excuse my ignorance: Can you point me to the specifications that mention “we
>> should set IBRS bit even if it was already set on every #VMExit” ?
>> 
>> Thanks,
>> Nadav