Received: by 10.223.176.5 with SMTP id f5csp4321742wra;
        Tue, 30 Jan 2018 05:41:04 -0800 (PST)
X-Google-Smtp-Source: AH8x225s+MZ9TnLaSjSBuhGQRYq94dJ44BYIWNyRmfLDlV1wkkP1FKt7EjQEriwkqT6W+BVsOvQD
X-Received: by 10.101.69.7 with SMTP id n7mr24229918pgq.62.1517319664075;
        Tue, 30 Jan 2018 05:41:04 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517319664; cv=none;
        d=google.com; s=arc-20160816;
        b=P+/My5OKqZ0aB4+tt1f6sw1LX9kGJ6hvvL7pVLWcg7qA8dWtY8O0E9BW2JlDObTRex
         B6DepYZaliV7hqBjUlGu1ykJckNKDvz4rpPw8oTQ96s1Wj38KA7D8/qppOYwJwgqTX2c
         Xqbs58wjfBu7P3AqP4WkUSxGw498GF4QNGcHlS128cNj5rEiiAkGAkaOz4TWilvbUx32
         vqO/ooI14vhvfiy1MVRHmHpmMiQz9RE37r3ByC4Y65f725ofGTDIwxY9eVFp8Y+Nob4N
         QexTvv8sFzjiE2zUFjZ+xTdnMyWvayvSIT1UbWueHFdtRVQEw5jDkFwmfLj8Zl7PQ2+8
         3cdQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:dkim-signature
         :arc-authentication-results;
        bh=qlrbCbK7WSEIIfjdqQZafCl8i0eWRPgGIKz8BCCHq0Y=;
        b=T3RlpebClUOIeBMLcv0PPenYTTPzoSYyD66z318smWFXnMeD4yhxwpvaeJ+xQ7DTh0
         4TFZhhiBiklxPqrhuzHxUhC21tZwADH6EBqmbxTOtIP4TvA/vevaNywuvGE8mzqhLKN0
         Wv3vqGDXpX8vaTjWTkfTZ4TyI6OfoRG5OMonNyzY7UqeMzq8qhp+HbEqfKt4kjXGcl7J
         GJz/ooP6bkXQbx/Md8K8TKC+AvAhsis92VDJVm8vcYwjGWUzvi28wpFLQW4n6SjbDx4y
         LSC3+ADjWusrOMkaJSdH9riiCr5unxJwLHmUom8YsCjUMH2D5mbCGocS0fxQJg/L7OjA
         VQLA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=RIrd/t/W;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id v69si9281709pgb.303.2018.01.30.05.40.49;
        Tue, 30 Jan 2018 05:41:04 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=RIrd/t/W;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752357AbeA3NVf (ORCPT <rfc822;yingkeliu@gmail.com> + 99 others);
        Tue, 30 Jan 2018 08:21:35 -0500
Received: from userp2130.oracle.com ([156.151.31.86]:55270 "EHLO
        userp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752391AbeA3NVd (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 30 Jan 2018 08:21:33 -0500
Received: from pps.filterd (userp2130.oracle.com [127.0.0.1])
        by userp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w0UDGutF017333;
        Tue, 30 Jan 2018 13:21:15 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : to : cc :
 references : from : message-id : date : mime-version : in-reply-to :
 content-type : content-transfer-encoding; s=corp-2017-10-26;
 bh=qlrbCbK7WSEIIfjdqQZafCl8i0eWRPgGIKz8BCCHq0Y=;
 b=RIrd/t/WO47CBYk+qAX0iyT1VWYsVHgZTHN84LU8k/t00MBq9XEBJ81tEbPHIfIm5wzV
 xANaecUXLIMNNMR4WWuAkHrorzuZtqwZwFa/VWMUDmtcruAmnYbXD3c9kKahdG8Ix2rr
 3EdZ8lGSksyJrhDX5S0SOV9SF9fAbCznFDG0eAAGm+Hma1D+FlOp8MVwqvFQCZ2iPWDM
 PpjrqYQwseCwiJq5aTUVmn3lFSjTr2vwUbkAfF3q2VhtGk1JEP3PV8ytpL1CkVBchsLe
 IhdXrzdvsXIPzOiLzKbFkuoi1mrW/+FYzH7Ode8zBmEKKM+fSFxqvrbKsYcZAItnjjFi mQ== 
Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74])
        by userp2130.oracle.com with ESMTP id 2ftsby0227-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
        Tue, 30 Jan 2018 13:21:15 +0000
Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75])
        by userv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w0UDLEBt031000
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL);
        Tue, 30 Jan 2018 13:21:14 GMT
Received: from abhmp0001.oracle.com (abhmp0001.oracle.com [141.146.116.7])
        by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w0UDLDMN005886;
        Tue, 30 Jan 2018 13:21:13 GMT
Received: from [172.17.0.254] (/141.85.241.41)
        by default (Oracle Beehive Gateway v4.0)
        with ESMTP ; Tue, 30 Jan 2018 05:21:13 -0800
Subject: Re: [9/8] KVM: x86: limit MSR_IA32_SPEC_CTRL access based on CPUID
 availability
To:     Paolo Bonzini <pbonzini@redhat.com>, linux-kernel@vger.kernel.org,
        kvm@vger.kernel.org
Cc:     rkrcmar@redhat.com, liran.alon@oracle.com, jmattson@google.com,
        aliguori@amazon.com, thomas.lendacky@amd.com, dwmw@amazon.co.uk,
        bp@alien8.de, x86@kernel.org,
        Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
References: <20180109120311.27565-10-pbonzini@redhat.com>
From:   Mihai Carabas <mihai.carabas@oracle.com>
Message-ID: <6dc02278-7004-1794-3705-69c8cad86be4@oracle.com>
Date:   Tue, 30 Jan 2018 15:21:11 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.5.2
MIME-Version: 1.0
In-Reply-To: <20180109120311.27565-10-pbonzini@redhat.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8789 signatures=668655
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0
 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=809
 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.0.1-1711220000 definitions=main-1801300169
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hello Paolo,

I've back ported this patch on 4.1, after adding the per-vcpu MSR 
bitmap. Also enabled the SPEC_CTRL_MSR intercept if qemu instructed so [1].

Reviewed-by: Mihai Carabas <mihai.carabas@oracle.com>

[1]
+++ b/arch/x86/kvm/vmx.c
@@ -8391,6 +8391,16 @@ static struct kvm_vcpu *vmx_create_vcpu(struct 
kvm *kvm, unsigned int id)
         vmx_disable_intercept_for_msr(msr_bitmap, MSR_IA32_PRED_CMD, 
MSR_TYPE_R | MSR_TYPE_W);
         vmx_disable_intercept_for_msr(msr_bitmap, MSR_IA32_BNDCFGS, 
MSR_TYPE_R | MSR_TYPE_W);

+       /*
+        * If the physical CPU or the vCPU of this VM doesn't
+        * support SPEC_CTRL feature, catch each access to it.
+        */
+       if (!static_cpu_has(X86_FEATURE_SPEC_CTRL) ||
+            !guest_cpuid_has_spec_ctrl(&vmx->vcpu))
+               vmx_enable_intercept_for_msr(
+                       msr_bitmap,
+                       MSR_IA32_SPEC_CTRL,
+                       MSR_TYPE_R | MSR_TYPE_W);

         /*
          * If PML is turned on, failure on enabling PML just results in 
failure


On 09.01.2018 14:03, Paolo Bonzini wrote:
> MSR_IA32_SPEC_CTRL is not available unless CPU[7,0].EDX[26] is 1.
> Check that against host CPUID or guest CPUID, respectively for
> host-initiated and guest-initiated accesses.
> 
> Suggested-by: Jim Mattson <jmattson@google.com>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
> 	This is for after X86_FEATURE_SPEC_CTRL is added to Linux, but
> 	I still wanted to ack Jim's improvement.
> 
>   arch/x86/kvm/svm.c | 8 ++++++++
>   arch/x86/kvm/vmx.c | 8 ++++++++
>   2 files changed, 16 insertions(+)
> 
> diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
> index 97126c2bd663..3a646580d7c5 100644
> --- a/arch/x86/kvm/svm.c
> +++ b/arch/x86/kvm/svm.c
> @@ -3648,6 +3648,10 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
>   		msr_info->data = svm->nested.vm_cr_msr;
>   		break;
>   	case MSR_IA32_SPEC_CTRL:
> +		if (!static_cpu_has(X86_FEATURE_SPEC_CTRL) ||
> +	    	    (!msr_info->host_initiated &&
> +       		     !guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL)))
> +			return 1;
>   		msr_info->data = svm->spec_ctrl;
>   		break;
>   	case MSR_IA32_UCODE_REV:
> @@ -3806,6 +3810,10 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
>   		vcpu_unimpl(vcpu, "unimplemented wrmsr: 0x%x data 0x%llx\n", ecx, data);
>   		break;
>   	case MSR_IA32_SPEC_CTRL:
> +		if (!static_cpu_has(X86_FEATURE_SPEC_CTRL) ||
> +	    	    (!msr_info->host_initiated &&
> +       		     !guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL)))
> +			return 1;
>   		svm->spec_ctrl = data;
>   		break;
>   	case MSR_IA32_APICBASE:
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index 49b4a2d61603..42bc7ee293e4 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -3368,6 +3368,10 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
>   		msr_info->data = guest_read_tsc(vcpu);
>   		break;
>   	case MSR_IA32_SPEC_CTRL:
> +		if (!static_cpu_has(X86_FEATURE_SPEC_CTRL) ||
> +		    (!msr_info->host_initiated &&
> +		     !guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL)))
> +			return 1;
>   		msr_info->data = to_vmx(vcpu)->spec_ctrl;
>   		break;
>   	case MSR_IA32_SYSENTER_CS:
> @@ -3510,6 +3514,10 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
>   		kvm_write_tsc(vcpu, msr_info);
>   		break;
>   	case MSR_IA32_SPEC_CTRL:
> +		if (!static_cpu_has(X86_FEATURE_SPEC_CTRL) ||
> +		    (!msr_info->host_initiated &&
> +		     !guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL)))
> +			return 1;
>   		to_vmx(vcpu)->spec_ctrl = data;
>   		break;
>   	case MSR_IA32_CR_PAT:
>