Received: by 10.223.176.5 with SMTP id f5csp2116475wra;
        Sun, 28 Jan 2018 12:53:48 -0800 (PST)
X-Google-Smtp-Source: AH8x224P64ZBnlvJF+j0NOGiLzbOTAcfrZJNrqfJ5YKh8WNBWU6kRjxnfMJkkfzSTBuHF2kO9Lip
X-Received: by 2002:a17:902:6e8c:: with SMTP id v12-v6mr20255569plk.14.1517172828721;
        Sun, 28 Jan 2018 12:53:48 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517172828; cv=none;
        d=google.com; s=arc-20160816;
        b=DLSXXfpQxEAL6pq9Yx8Mt636uRp8cK76NMC0c/yZdvfeZlWHi5hd0teBoVct5nF9Al
         WljtZclv5b5+kH71Z8FGBfHNokXNSSRwyzlB4o+aduY9b++o5aY++HR5Joj8Zwg0gqS+
         OqEyl/272dhUjg/c3XKe2Q+PfJGdVbh8nWevCyW0equZKBihpLNijW68O45bSvhtrBny
         7AVCVrtvxZNcCDjmdG1DfSN+upnVpI5JkEouOvgS4C5tLT+TBAl9cdhXLYXODuXQ0vkO
         gbPF7FHJKh0zuAgt2WqdLcqyKK7cVO9uYBU39bgJ58csdKkpErrQo/WW5Wc8jTPY9u2W
         RWYw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:to:references:message-id
         :content-transfer-encoding:cc:date:in-reply-to:from:subject
         :mime-version:dkim-signature:arc-authentication-results;
        bh=cPVBGYveKQAKNdsFelaLAe3tvYZKU29IVOMkaOhQniQ=;
        b=UhVmb2gT/vJcKKixGKgBuPEzW+zhhi2JBE3DzV0IyaSoeS+aVSPj03Ijl+vWmyPOPA
         eTzLgZCNLBbsdsd3Nanlx3rXTlCdmlSmEDzCyZOpwed/GxB23rk+m3px3wWjRC5JxV+k
         QCLcfa2JLnM5sKfw2AkheMd+xxgsSURrxi/0PSsQB4Hjhg6iuVOOqaco3CCoMuNva2xv
         tGF+Rr7fOoEczAvj+Nmfj2n1yMKs4gmK+M9PEjvaXsEWV7k7UQU5IBkjDk1a0I1r/Ju8
         XZm9QEnAjoLsaX8KjDYY7H0k2klLWYQ7SGQ/w80a1B60JL4vkkkjIrXP4NBc039A6Lhk
         /zhg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=AqIgqmm2;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id b9-v6si7666649pli.407.2018.01.28.12.53.33;
        Sun, 28 Jan 2018 12:53:48 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=AqIgqmm2;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752370AbeA1Ukn (ORCPT <rfc822;tnerolf.eriarrach@gmail.com>
        + 99 others); Sun, 28 Jan 2018 15:40:43 -0500
Received: from mail-pg0-f54.google.com ([74.125.83.54]:41578 "EHLO
        mail-pg0-f54.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751601AbeA1Ukl (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 28 Jan 2018 15:40:41 -0500
Received: by mail-pg0-f54.google.com with SMTP id 136so2830495pgd.8
        for <linux-kernel@vger.kernel.org>; Sun, 28 Jan 2018 12:40:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=amacapital-net.20150623.gappssmtp.com; s=20150623;
        h=mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=cPVBGYveKQAKNdsFelaLAe3tvYZKU29IVOMkaOhQniQ=;
        b=AqIgqmm214oQXxWYe69+Czy3b/s6+3w4lzX15jr/wjqqDqE3fRcb3mqFUQjjgzFMMR
         nPROV8hBJHIpX3BLIl1ZD1qrhnaoz1iXjfw0Rcyb5MAbsJ+kPoMcmRY7LXmU7mtlXTRm
         nBgD/cdmKxy4t4a7/Tm02jqw9YLvtCm42M01wsKgiYimGol1PNV9XZ1nKWL8bPCBoKXD
         L5a2Lmg1Je3I7jC8tVyvNy5aJsnsUTPkBHk6ldnz77uHq6q5opGXsWtf9awlv4j9MwkU
         rZw2MUlFqGDYYyofRVRryinNQe8ECSPBdNBnuL+WWnR5+83njOzWF7eYWHBPZ0cPAjXk
         1N9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=cPVBGYveKQAKNdsFelaLAe3tvYZKU29IVOMkaOhQniQ=;
        b=TDlFPXyWmccV1FeClaqoBauZvV0IukyF0+4CxMtcK8S7jXmpe4+HorI5ShxJgDNYMx
         KgvZgF+RKIa/w+PXehwCQgVlAV+erRofIlEJcKG6G7FyJ0E9fnXf9yiEp03wlnamMc4/
         f+gp2vpUOJ5n/bbvomxMZfHoVXoehBXyngHy80dfxs7sLrRGgAgIkutxcR5n39UFRlOs
         uBruAmvN8Kb06/AXaBubJ2WfhUlRjypJOezbndvPxTtZPgeEX9AnUk3E/AVzU4yCvV3B
         S0O79V5DgW5VJQINjosYI/iGoMe9qPxIiORPTgVpDSg8WRaig7CmA/xXKNAsAqtg7u8L
         mwmw==
X-Gm-Message-State: AKwxytdyapnTt+i233oAg3nooHQAY2qbYZdhEokk48G6npsZmB4hVo5w
        EJC/KlM9WX6q8e42L4yfu1Gk9w==
X-Received: by 2002:a17:902:9348:: with SMTP id g8-v6mr19387432plp.102.1517172040495;
        Sun, 28 Jan 2018 12:40:40 -0800 (PST)
Received: from ?IPv6:2600:1010:b012:ea6:257f:5f83:4eb4:7eea? ([2600:1010:b012:ea6:257f:5f83:4eb4:7eea])
        by smtp.gmail.com with ESMTPSA id t69sm30817140pfa.180.2018.01.28.12.40.39
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Sun, 28 Jan 2018 12:40:40 -0800 (PST)
Content-Type: text/plain;
        charset=us-ascii
Mime-Version: 1.0 (1.0)
Subject: Re: [PATCH] x86: vmx: Allow direct access to MSR_IA32_SPEC_CTRL
From:   Andy Lutomirski <luto@amacapital.net>
X-Mailer: iPhone Mail (15C202)
In-Reply-To: <4DCAF18F-C86A-4CBC-A9CC-CC01BF63313F@oracle.com>
Date:   Sun, 28 Jan 2018 12:40:38 -0800
Cc:     KarimAllah Ahmed <karahmed@amazon.de>, kvm@vger.kernel.org,
        linux-kernel@vger.kernel.org,
        Asit Mallick <asit.k.mallick@intel.com>,
        Arjan Van De Ven <arjan.van.de.ven@intel.com>,
        Dave Hansen <dave.hansen@intel.com>,
        Andi Kleen <ak@linux.intel.com>,
        Andrea Arcangeli <aarcange@redhat.com>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Tim Chen <tim.c.chen@linux.intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Dan Williams <dan.j.williams@intel.com>,
        Jun Nakajima <jun.nakajima@intel.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        David Woodhouse <dwmw@amazon.co.uk>,
        Greg KH <gregkh@linuxfoundation.org>,
        Andy Lutomirski <luto@kernel.org>,
        Ashok Raj <ashok.raj@intel.com>, daniel.kiper@oracle.com
Content-Transfer-Encoding: quoted-printable
Message-Id: <86F5D9C0-7B11-448D-954F-D2EF6CBE80EC@amacapital.net>
References: <1517167750-23485-1-git-send-email-karahmed@amazon.de> <4DCAF18F-C86A-4CBC-A9CC-CC01BF63313F@oracle.com>
To:     Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


> On Jan 28, 2018, at 12:21 PM, Konrad Rzeszutek Wilk <konrad.wilk@oracle.co=
m> wrote:
>=20
>> On January 28, 2018 2:29:10 PM EST, KarimAllah Ahmed <karahmed@amazon.de>=
 wrote:
>> Add direct access to MSR_IA32_SPEC_CTRL for guests. This is needed for
>> guests
>> that will only mitigate Spectre V2 through IBRS+IBPB and will not be
>> using a
>> retpoline+IBPB based approach.
>>=20
>> To avoid the overhead of atomically saving and restoring the
>> MSR_IA32_SPEC_CTRL
>> for guests that do not actually use the MSR, only add_atomic_switch_msr
>> when a
>> non-zero is written to it.
>=20
>=20
> We tried this and found that it was about 3% slower that doing the old way=
 of rdmsr and wrmsr.
>=20

Do you mean that the host would intercept the guest WRMSR and do WRMSR itsel=
f?  I would suggest that doing so is inconsistent with the docs.  As specifi=
ed, doing WRMSR to write 1 to IBRS does *not* protect the guest.

For that matter, what are the semantics of VMRESUME doing a write to IBRS as=
 part of its MSR switch?  Is it treated as IBRS=3D1 from guest context?