Received: by 10.223.176.5 with SMTP id f5csp2117623wra; Sun, 28 Jan 2018 12:55:31 -0800 (PST) X-Google-Smtp-Source: AH8x224xojD5QyZ9nT9X66CaPFP2p9QcN5WnnBk/1qmmL8kQvkTLTIHOuq1q3HcwvvSQ4r4aqxH2 X-Received: by 2002:a17:902:24a2:: with SMTP id w31-v6mr18637513pla.262.1517172931853; Sun, 28 Jan 2018 12:55:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517172931; cv=none; d=google.com; s=arc-20160816; b=vccd0Sj4yibemMs6Aa0XsLaHbfL8wAG7AJT8+9PnVwOCSBzEIY2spXpKm/EKEThjxc cCZleme0EY3TAqz4k2AUfPSugSGGQ4l5CXxwnzXyQGhHD5RYD1CBQDyTXyp9Pwbw0PCY LMx8Nx8qbHWjxjHQfS6BDHysbVdICLWnVxhKluFL/QyMJrvxVozd+KEYgGD72rV+5fm2 9QN/xDjSmqZVOCh5JeTeYNt6zVIfjbJ3ueZ24HM94H6JuJJb2oqs/XqNM7qg94irTUGF cX92mR9Bk6HSmfgnhTbSbOxBwAh6awYBna5K0YZxGvtu8q5X89R7UuTnEwX763RCoLGT 8LOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version:dkim-signature:arc-authentication-results; bh=uk7O3GpxLSUtUR64l6MUMsqlK1En0T5HVX2m+XRlpPo=; b=K9FdoNhiBWjwIOBRv1FYrJNvM4YV1j68urVUNcipqquz4FflL8UdDlN3ZMcz1pMJOe 9REcd6O/qaxOAd9d8Eb6s/o/G4an2MEvEnov/MCP++9sSJmBaURnpLQLsAM6sCvA45as +Gb3eMvtE1srcydyqKs3K17ftC9y4JCKzfoy3iSAhXsnomYbSiOc+TWW8ph63KVeTeNR /uTr/lumxra4S9jlSfxKfhHqlum/89U7JGCdpmlFcBvc0VpnXhbaBZXPLWRRAobX8bNH OFYvyu8yEmK2JIJvl+rjuOusHjBhj+9czCjnXTsZJqQnXeMv31ZxspsjiZQ3injkKAEH xrwg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=d4KYTWZn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h16-v6si6982696pli.9.2018.01.28.12.55.17; Sun, 28 Jan 2018 12:55:31 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=d4KYTWZn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752750AbeA1UxW (ORCPT + 99 others); Sun, 28 Jan 2018 15:53:22 -0500 Received: from mail-pf0-f178.google.com ([209.85.192.178]:36464 "EHLO mail-pf0-f178.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752722AbeA1UxR (ORCPT ); Sun, 28 Jan 2018 15:53:17 -0500 Received: by mail-pf0-f178.google.com with SMTP id 23so3069872pfp.3 for ; Sun, 28 Jan 2018 12:53:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=uk7O3GpxLSUtUR64l6MUMsqlK1En0T5HVX2m+XRlpPo=; b=d4KYTWZnX9XfaHzRPsN/RojZbMZnb+8f+8+qGPX6AdHATYblH3B3qHbJ2U6uMYjXtH 3nIHgyJG6HvHS63w/4k/gV63LxQXwh7FiK+SY2TLL1fqdYOIgwT5wd2ECp4XsFbB7jk0 AiIetlG6dIiMW0RISuNUJeFYWdfpeO2ldKuc8bLJcCqpD/o+YizJH1P7hHlKNvZ75NkB A8gOWM5EuHDQKAFm2rcDgqAMgBCcNNRHQnZbMeTha1xLX9Vn+oruYMoavzX8xA+DQSOz g+aiiuDl/OtrPkW1tZyCMCCyPXMU7Bpy99vOx71a8fFIfgn5tpYMPEyQFfvcHRDzJdo2 nFAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=uk7O3GpxLSUtUR64l6MUMsqlK1En0T5HVX2m+XRlpPo=; b=RKI62sjs+0K8/FDwh877MZRG0S+XI5Sq3NEOMMhUoG14BWB0iVOaPlJFrQLrrCTmqm OAfRm0aH6+QCisfaPWaszhnxjPdxQ4alFJeZC+kvrdjF53JdOrDUaLwtLvYz3Mwd8/xm HfKbDkif06p3DtoegxhKTmyDIWgXNICL0kWxhLymHLmCoEVX7RMWafrYfUpyK2oIkTa2 kj/0WE6mJzo1mCOLcbdDgSboWz83o6cpxgLIwpukyNZ0t3dShFYg5K28586EHVvNotDV 82mgPDDAzcYrHfoEa3IS/lSosMGwyeVpIBhV0SieMQDFEdHPd9aZ294IeQ5AxEciiSOm ED9w== X-Gm-Message-State: AKwxytcKwIWHPBzNUumX13LriTACGSNvWsqCbaz2j2UAJilPPntupTBe sIFxzCMGWwZuJw/7R3OZmTQwQA== X-Received: by 10.101.77.8 with SMTP id i8mr20314428pgt.308.1517172797065; Sun, 28 Jan 2018 12:53:17 -0800 (PST) Received: from ?IPv6:2600:1010:b012:ea6:257f:5f83:4eb4:7eea? ([2600:1010:b012:ea6:257f:5f83:4eb4:7eea]) by smtp.gmail.com with ESMTPSA id f79sm30156453pfd.103.2018.01.28.12.53.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 28 Jan 2018 12:53:16 -0800 (PST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (1.0) Subject: Re: [PATCH] x86: vmx: Allow direct access to MSR_IA32_SPEC_CTRL From: Andy Lutomirski X-Mailer: iPhone Mail (15C202) In-Reply-To: <1517172296.6624.84.camel@infradead.org> Date: Sun, 28 Jan 2018 12:53:15 -0800 Cc: Konrad Rzeszutek Wilk , KarimAllah Ahmed , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Asit Mallick , Arjan Van De Ven , Dave Hansen , Andi Kleen , Andrea Arcangeli , Linus Torvalds , Tim Chen , Thomas Gleixner , Dan Williams , Jun Nakajima , Paolo Bonzini , Greg KH , Andy Lutomirski , Ashok Raj , daniel.kiper@oracle.com Content-Transfer-Encoding: quoted-printable Message-Id: <9251C256-F93A-4B6B-A055-8647E3F9C3E7@amacapital.net> References: <1517167750-23485-1-git-send-email-karahmed@amazon.de> <4DCAF18F-C86A-4CBC-A9CC-CC01BF63313F@oracle.com> <86F5D9C0-7B11-448D-954F-D2EF6CBE80EC@amacapital.net> <1517172296.6624.84.camel@infradead.org> To: David Woodhouse Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On Jan 28, 2018, at 12:44 PM, David Woodhouse wrote:= >=20 >> On Sun, 2018-01-28 at 12:40 -0800, Andy Lutomirski wrote: >>=20 >> Do you mean that the host would intercept the guest WRMSR and do >> WRMSR itself? I would suggest that doing so is inconsistent with the >> docs. As specified, doing WRMSR to write 1 to IBRS does *not* >> protect the guest. >=20 > I believe it does. Guest kernel is protected from any guest userspace > predictions learned before IBRS was last set to 1 in *any* mode, > including host. Hmm, you're probably right. I would love to know what awful hack Intel did that resulted in these semant= ics. >=20 >> For that matter, what are the semantics of VMRESUME doing a write to >> IBRS as part of its MSR switch? Is it treated as IBRS=3D1 from guest >> context? >=20 > Why does it matter? We *have* confirmed, FWIW, that VMRESUME writing 1 > to IBRS as part of its MSR switch when it was already 1 is not > optimised away and *is* treated as writing IBRS=3D1 again. That's good news.=