Received: by 10.223.176.5 with SMTP id f5csp2116475wra; Sun, 28 Jan 2018 12:53:48 -0800 (PST) X-Google-Smtp-Source: AH8x224P64ZBnlvJF+j0NOGiLzbOTAcfrZJNrqfJ5YKh8WNBWU6kRjxnfMJkkfzSTBuHF2kO9Lip X-Received: by 2002:a17:902:6e8c:: with SMTP id v12-v6mr20255569plk.14.1517172828721; Sun, 28 Jan 2018 12:53:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517172828; cv=none; d=google.com; s=arc-20160816; b=DLSXXfpQxEAL6pq9Yx8Mt636uRp8cK76NMC0c/yZdvfeZlWHi5hd0teBoVct5nF9Al WljtZclv5b5+kH71Z8FGBfHNokXNSSRwyzlB4o+aduY9b++o5aY++HR5Joj8Zwg0gqS+ OqEyl/272dhUjg/c3XKe2Q+PfJGdVbh8nWevCyW0equZKBihpLNijW68O45bSvhtrBny 7AVCVrtvxZNcCDjmdG1DfSN+upnVpI5JkEouOvgS4C5tLT+TBAl9cdhXLYXODuXQ0vkO gbPF7FHJKh0zuAgt2WqdLcqyKK7cVO9uYBU39bgJ58csdKkpErrQo/WW5Wc8jTPY9u2W RWYw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version:dkim-signature:arc-authentication-results; bh=cPVBGYveKQAKNdsFelaLAe3tvYZKU29IVOMkaOhQniQ=; b=UhVmb2gT/vJcKKixGKgBuPEzW+zhhi2JBE3DzV0IyaSoeS+aVSPj03Ijl+vWmyPOPA eTzLgZCNLBbsdsd3Nanlx3rXTlCdmlSmEDzCyZOpwed/GxB23rk+m3px3wWjRC5JxV+k QCLcfa2JLnM5sKfw2AkheMd+xxgsSURrxi/0PSsQB4Hjhg6iuVOOqaco3CCoMuNva2xv tGF+Rr7fOoEczAvj+Nmfj2n1yMKs4gmK+M9PEjvaXsEWV7k7UQU5IBkjDk1a0I1r/Ju8 XZm9QEnAjoLsaX8KjDYY7H0k2klLWYQ7SGQ/w80a1B60JL4vkkkjIrXP4NBc039A6Lhk /zhg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=AqIgqmm2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b9-v6si7666649pli.407.2018.01.28.12.53.33; Sun, 28 Jan 2018 12:53:48 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=AqIgqmm2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752370AbeA1Ukn (ORCPT + 99 others); Sun, 28 Jan 2018 15:40:43 -0500 Received: from mail-pg0-f54.google.com ([74.125.83.54]:41578 "EHLO mail-pg0-f54.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751601AbeA1Ukl (ORCPT ); Sun, 28 Jan 2018 15:40:41 -0500 Received: by mail-pg0-f54.google.com with SMTP id 136so2830495pgd.8 for ; Sun, 28 Jan 2018 12:40:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=cPVBGYveKQAKNdsFelaLAe3tvYZKU29IVOMkaOhQniQ=; b=AqIgqmm214oQXxWYe69+Czy3b/s6+3w4lzX15jr/wjqqDqE3fRcb3mqFUQjjgzFMMR nPROV8hBJHIpX3BLIl1ZD1qrhnaoz1iXjfw0Rcyb5MAbsJ+kPoMcmRY7LXmU7mtlXTRm nBgD/cdmKxy4t4a7/Tm02jqw9YLvtCm42M01wsKgiYimGol1PNV9XZ1nKWL8bPCBoKXD L5a2Lmg1Je3I7jC8tVyvNy5aJsnsUTPkBHk6ldnz77uHq6q5opGXsWtf9awlv4j9MwkU rZw2MUlFqGDYYyofRVRryinNQe8ECSPBdNBnuL+WWnR5+83njOzWF7eYWHBPZ0cPAjXk 1N9A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=cPVBGYveKQAKNdsFelaLAe3tvYZKU29IVOMkaOhQniQ=; b=TDlFPXyWmccV1FeClaqoBauZvV0IukyF0+4CxMtcK8S7jXmpe4+HorI5ShxJgDNYMx KgvZgF+RKIa/w+PXehwCQgVlAV+erRofIlEJcKG6G7FyJ0E9fnXf9yiEp03wlnamMc4/ f+gp2vpUOJ5n/bbvomxMZfHoVXoehBXyngHy80dfxs7sLrRGgAgIkutxcR5n39UFRlOs uBruAmvN8Kb06/AXaBubJ2WfhUlRjypJOezbndvPxTtZPgeEX9AnUk3E/AVzU4yCvV3B S0O79V5DgW5VJQINjosYI/iGoMe9qPxIiORPTgVpDSg8WRaig7CmA/xXKNAsAqtg7u8L mwmw== X-Gm-Message-State: AKwxytdyapnTt+i233oAg3nooHQAY2qbYZdhEokk48G6npsZmB4hVo5w EJC/KlM9WX6q8e42L4yfu1Gk9w== X-Received: by 2002:a17:902:9348:: with SMTP id g8-v6mr19387432plp.102.1517172040495; Sun, 28 Jan 2018 12:40:40 -0800 (PST) Received: from ?IPv6:2600:1010:b012:ea6:257f:5f83:4eb4:7eea? ([2600:1010:b012:ea6:257f:5f83:4eb4:7eea]) by smtp.gmail.com with ESMTPSA id t69sm30817140pfa.180.2018.01.28.12.40.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 28 Jan 2018 12:40:40 -0800 (PST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (1.0) Subject: Re: [PATCH] x86: vmx: Allow direct access to MSR_IA32_SPEC_CTRL From: Andy Lutomirski X-Mailer: iPhone Mail (15C202) In-Reply-To: <4DCAF18F-C86A-4CBC-A9CC-CC01BF63313F@oracle.com> Date: Sun, 28 Jan 2018 12:40:38 -0800 Cc: KarimAllah Ahmed , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Asit Mallick , Arjan Van De Ven , Dave Hansen , Andi Kleen , Andrea Arcangeli , Linus Torvalds , Tim Chen , Thomas Gleixner , Dan Williams , Jun Nakajima , Paolo Bonzini , David Woodhouse , Greg KH , Andy Lutomirski , Ashok Raj , daniel.kiper@oracle.com Content-Transfer-Encoding: quoted-printable Message-Id: <86F5D9C0-7B11-448D-954F-D2EF6CBE80EC@amacapital.net> References: <1517167750-23485-1-git-send-email-karahmed@amazon.de> <4DCAF18F-C86A-4CBC-A9CC-CC01BF63313F@oracle.com> To: Konrad Rzeszutek Wilk Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On Jan 28, 2018, at 12:21 PM, Konrad Rzeszutek Wilk wrote: >=20 >> On January 28, 2018 2:29:10 PM EST, KarimAllah Ahmed = wrote: >> Add direct access to MSR_IA32_SPEC_CTRL for guests. This is needed for >> guests >> that will only mitigate Spectre V2 through IBRS+IBPB and will not be >> using a >> retpoline+IBPB based approach. >>=20 >> To avoid the overhead of atomically saving and restoring the >> MSR_IA32_SPEC_CTRL >> for guests that do not actually use the MSR, only add_atomic_switch_msr >> when a >> non-zero is written to it. >=20 >=20 > We tried this and found that it was about 3% slower that doing the old way= of rdmsr and wrmsr. >=20 Do you mean that the host would intercept the guest WRMSR and do WRMSR itsel= f? I would suggest that doing so is inconsistent with the docs. As specifi= ed, doing WRMSR to write 1 to IBRS does *not* protect the guest. For that matter, what are the semantics of VMRESUME doing a write to IBRS as= part of its MSR switch? Is it treated as IBRS=3D1 from guest context?