Received: by 10.223.176.5 with SMTP id f5csp4386030wra;
        Tue, 30 Jan 2018 06:37:25 -0800 (PST)
X-Google-Smtp-Source: AH8x225tjnyaHPKpw4kyqJn5jyoOaaGDI5lWgMYHlQEXsj/FqAMQF8Pqg/+LM3QGXRJ+igzxgn+9
X-Received: by 10.98.215.70 with SMTP id v6mr30721057pfl.83.1517323045363;
        Tue, 30 Jan 2018 06:37:25 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517323045; cv=none;
        d=google.com; s=arc-20160816;
        b=Q3Kekx9GAqYy+s0kIG0qUrSDq4ZU7G2qUzil2bIi3IZZD5y16Sd8cG66WNHC6hRWPi
         Gv25ntjjzRQUdr7llOSXZ+Nm/Seh5sH/w/hLwKhbXpaiCYIB6lbbJzDxXX51+5kbyeFR
         qEs7uHSULKQ4f3T2AGGYTv3Mg+EWvIsa8Uc9VZci+BZWAbm7aPw1VYPj41pzOl0xSMvu
         9aWIjwKI+bOx4F7QX5hMNrqFsBqo1mN2Xq0KjbjCHtPORT3sZkWRKWD/RuVxsj6t02et
         Wl/EdP8+Bmd8BAzYsI/qCNzdECYQGfvLUlShfVa+BIaNTrkThlfmhGyiehBwGQS6GPxT
         3VqQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:spamdiagnosticmetadata
         :spamdiagnosticoutput:content-transfer-encoding:content-language
         :in-reply-to:mime-version:user-agent:date:message-id:from:references
         :cc:to:subject:dkim-signature:arc-authentication-results;
        bh=7NP6GEjD9JS/31Cd6Gzj5WQ4h0m9TaXQfeNqXYucQa0=;
        b=YHIjPVFR/c3YWB7wu6YcbdLHS6/EABxv8Tpt7utuDVKKbjVTpZgYyGqBIQi0XfjKWc
         0uqivwyVXJcBdIteeq59xFMSe2gwWYPbUYs9asCTgHQWtnfMr110ZR+kk3Qd3yTVrOZu
         jC6fIyJprjKE3MqGLWG6iElxbSH+t61AcQnUHeqNSK2bqEFsBb52D3tC/H2OFr6L5Fet
         TdP1420SCxWcAc0RmYi4fAYu77NY3AnUk88nAupCPg4z3YEmIS6R/oP+wgHQk3NAGhLh
         3VcVNfLVoNznvitLb1HpSc0tbeY/YUeBmMuNF5ZTZ9w+XmFolwZzVaOJrFPdJyokkMQn
         8zng==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector1-amd-com header.b=3Q+dxqeM;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id h1-v6si1226903plh.766.2018.01.30.06.37.09;
        Tue, 30 Jan 2018 06:37:25 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector1-amd-com header.b=3Q+dxqeM;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752599AbeA3OW6 (ORCPT <rfc822;sujaykul91@gmail.com>
        + 99 others); Tue, 30 Jan 2018 09:22:58 -0500
Received: from mail-bn3nam01on0047.outbound.protection.outlook.com ([104.47.33.47]:9521
        "EHLO NAM01-BN3-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1751727AbeA3OWx (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 30 Jan 2018 09:22:53 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=amdcloud.onmicrosoft.com; s=selector1-amd-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=7NP6GEjD9JS/31Cd6Gzj5WQ4h0m9TaXQfeNqXYucQa0=;
 b=3Q+dxqeMCKsa93zjp+2B1vQRKUuTh58gmkCVLpcu532gRAGmsMu1FHTEyCW1FfiV1znUBsoU4MUyGOEDXc+aO95YzWRcK7S3TxNkQILSI97Qzk3TGpP54DtLdCCv4bSHHEeU4X7f7CCWRSK9ed9FPW0JzhdaR6K72QCZLSBzW18=
Authentication-Results: spf=none (sender IP is )
 smtp.mailfrom=Thomas.Lendacky@amd.com; 
Received: from [10.236.65.116] (165.204.78.1) by
 MWHPR12MB1150.namprd12.prod.outlook.com (10.169.204.14) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id
 15.20.444.14; Tue, 30 Jan 2018 14:22:47 +0000
Subject: Re: [PATCH v3 2/4] KVM: x86: Add IBPB support
To:     KarimAllah Ahmed <karahmed@amazon.de>, kvm@vger.kernel.org,
        linux-kernel@vger.kernel.org, x86@kernel.org
Cc:     Ashok Raj <ashok.raj@intel.com>,
        Asit Mallick <asit.k.mallick@intel.com>,
        Dave Hansen <dave.hansen@intel.com>,
        Arjan Van De Ven <arjan.van.de.ven@intel.com>,
        Tim Chen <tim.c.chen@linux.intel.com>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Andrea Arcangeli <aarcange@redhat.com>,
        Andi Kleen <ak@linux.intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Dan Williams <dan.j.williams@intel.com>,
        Jun Nakajima <jun.nakajima@intel.com>,
        Andy Lutomirski <luto@kernel.org>,
        Greg KH <gregkh@linuxfoundation.org>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Peter Zijlstra <peterz@infradead.org>,
        David Woodhouse <dwmw@amazon.co.uk>
References: <1517271028-15916-1-git-send-email-karahmed@amazon.de>
 <1517271028-15916-3-git-send-email-karahmed@amazon.de>
From:   Tom Lendacky <thomas.lendacky@amd.com>
Message-ID: <eea20236-35ff-4900-5749-42915df389e9@amd.com>
Date:   Tue, 30 Jan 2018 08:22:43 -0600
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.5.2
MIME-Version: 1.0
In-Reply-To: <1517271028-15916-3-git-send-email-karahmed@amazon.de>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Originating-IP: [165.204.78.1]
X-ClientProxiedBy: DM5PR21CA0069.namprd21.prod.outlook.com (10.175.112.159) To
 MWHPR12MB1150.namprd12.prod.outlook.com (10.169.204.14)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 349edd89-d058-4df2-3370-08d567ecf0f6
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603307)(7153060)(7193020);SRVR:MWHPR12MB1150;
X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1150;3:2+Y7ZogBOJZNK2ksPenxuQTHYrTOErXQrqw/tRR97fXKLXRWF1/eIPidmDHI0W47zFVD+6uh8crnQlDUGhpJsB8Hectmpf8AZwLI2LQ8ReyPKztOuFyc8w+syW7JKd1VwsSBCvUvYNeeGHJaoWczjhKVt7t2LYGJiXriJyHmO9Kbe/ENduWyJPOVDX8qWuJpoGSZrlpNCeUbTpJ4jA5/GZqg5Kl9OKemEWCOyu2Yn1t8acQEV7GvVvy5X00w9ihe;25:gEkD1BEjo9HvOq/swClA1peT1I39C0NHiWVYs+dxTK4+f/qYTSD2hbBW9fDD1WlZziX9JOppwHfVhfG6HN829RWoU10XAGMsd5yRUldZhxAjNjf47bmUnmphl+XEMarlnqf7cENC9ATUsjr73617Xd65SJf+ZQqPvk68VxKsrFIIwgqae/BW6AaXSGt2JW3b8QJwqGmSD+pjMlcHIr9p5L21AQhvGLuo2zaKJM9QG4YpvE20jkmoSk+fd0cQ5d2s+0QwpuvEuAsAJJh+PWCTVaB2fUXwcXfXCLAwMRM8eujoIcyXxyZpX5U5GPMZXmDS+K0q41Zb7d1ziKfF5l3xpg==;31:Xkzi5MAnIsEu/OjmBesq7JXC528P/nGMYMFUFEj5bWRh3RUKKAzr1K6iXv2bs3YIP3X/wtqvQW/fWozrWTduRk21kqR44HdYZoSzn8ku4W5TiSY8ddnmYjzPX0kICXCHYt1+Lc+bO7oDMr9OnlLyPl6msRnumbCkSsZ8P5FAe8Eu9e89MjiK2ZYDITMs3EjIMNCJj1W2JaPSiDj2v90dlmf8Kx7zRaGx/HAcRXkx+VI=
X-MS-TrafficTypeDiagnostic: MWHPR12MB1150:
X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1150;20:3yJFCPbk7dFktL6n9QrTWQEYtMXCAbnsN3vfI79AAJx4qgiMHpMJkoRBiAdJFxbWv4V8TdSNa0B4Rd01uj4HozKSdBAxfNtlbNA+BVWWIyLzyFoqxxt9vQg4zQrDy7jxT9QskPE+tyGHzTEWT5JNla1qzU1YJJp+yQZht1kWtUlyb6/Xd5CEc5woza0q2aVXIHPc+LxsE86ioxYXtYuMbi+zWLzPeHDwZIuYLd6KVKDaTfP9FJzVMWUM4GEtxCANEf0fCvj+7Q7yA6owjXXsRiR6G2C9bxwSikDj1WEWz/0Ilj7W6n62Y3+K2gEXbEZxKaUKACKqm8xZEilBpiPXISatK2o3cEAgQ4xcmqzmzZ7S+mjufCXhFItacDtMLVZvqDerVoGHAxYemVCS8IJ1yH2XZrRTcDKTXPb9lqPGx/051NN3V/z5FRBa92YKSJkI9Dw7oepwmhyDNjOncDAMikCwSzV5kH97tnTmQyiQFCP+skE0Ce9Q8C5BwtoicN6z;4:qK0ujWIRa1/viYXQ9LBZPLdgzWR7ILWqQnIcq5M17KU3IKYAxWsujAlGjsK47NCrplDJsKiYySep1NXJnNjcM71X2pU2GddGSUQKKwzQtEAhXuEtciNGGcdlH6ERcDAoTtxMO3LeQ47mpZIg48Y7IdCJPrdGbua8NoeiYpXzZ2Dqd9aPgETViRYlmLhTgjhT0cpDR0gWfiKh+WyF9GSlt3Csnhn2ymxtSMQtr28CwJZVBR/vC35gdgQnbfinLvIX/69ivyGpRMaiOAvCaAqgXER2rk9aK6aau2fOB+2ccibsU7KxrvsIKVcDTu2dlfKEpdoF88xnUjiWYCkDiUZ7e4ppk0GdHQN7yfNz51sCtXxvBNZ/+BlLUGR8scILO/Pk
X-Microsoft-Antispam-PRVS: <MWHPR12MB11508A351A20CD62A0DC79DCECE40@MWHPR12MB1150.namprd12.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(42068640409301)(146755900322472)(228905959029699);
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040501)(2401047)(5005006)(8121501046)(10201501046)(3002001)(93006095)(93001095)(3231101)(944501161)(6055026)(6041288)(20161123564045)(20161123558120)(20161123562045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011);SRVR:MWHPR12MB1150;BCL:0;PCL:0;RULEID:;SRVR:MWHPR12MB1150;
X-Forefront-PRVS: 0568F32D91
X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(6049001)(376002)(346002)(396003)(366004)(39860400002)(39380400002)(54534003)(199004)(189003)(53936002)(7736002)(230700001)(229853002)(97736004)(68736007)(7416002)(6306002)(83506002)(58126008)(575784001)(81166006)(8936002)(50466002)(54906003)(16576012)(6486002)(86362001)(6116002)(8676002)(3846002)(36756003)(316002)(81156014)(305945005)(31686004)(47776003)(105586002)(6666003)(26005)(3260700006)(65806001)(31696002)(25786009)(76176011)(52116002)(52146003)(2906002)(106356001)(65956001)(2486003)(66066001)(23676004)(77096007)(386003)(90366009)(186003)(72206003)(4326008)(16526019)(2950100002)(65826007)(478600001)(64126003)(59450400001)(5660300001)(966005)(6246003)(53546011);DIR:OUT;SFP:1101;SCL:1;SRVR:MWHPR12MB1150;H:[10.236.65.116];FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en;
Received-SPF: None (protection.outlook.com: amd.com does not designate
 permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtNV0hQUjEyTUIxMTUwOzIzOnp0QThXbnM5ZTdmekxQaFBWRTZFekhSY1Av?=
 =?utf-8?B?Q25ZanlRelNIOTkyd3crSlBzMEF3eXJ4eENaeDFUcFpNTFYxaEFBL0JKaWNU?=
 =?utf-8?B?RVY4RE1JMlVGT2NuMnQ0WWgwUHNkTnNZN0pQUmhwbTlhZVc0Q0ZWYVk1UEc2?=
 =?utf-8?B?cnhzQ09IZ25LQ2FjMzVLeG1xNC8xK0N1L21DYTMza3RQTkFqVXA2M1g4UmFM?=
 =?utf-8?B?LzNuL3JtWHVPZG8wN1gvWHF5NDZoYXpWMXk3V1VBWlY1QzFYY1FIVXlWZUZT?=
 =?utf-8?B?M0tlTzBRNXpTWGhZeUlBT1NrOWNCRGJ6OEVzVXJhYlJnZExUOXZXWEhxMEVJ?=
 =?utf-8?B?QUR2RUQxNlJSN0V6SDk3VGNSNzcrWnBFRlIrMVRBY0pGK25hdzJVQ0piWWtU?=
 =?utf-8?B?R2VTUWZ4SWoraGs5eGZjUm5ab0pob3hoa21PcjBaWVl3QmFrY2tiNkNGZVNW?=
 =?utf-8?B?OTZBMCtnT2Q1QWdLS0J3bnl5anVIOXF0NCtUTHJWYmhwMzQ5aTQxWlQxemY2?=
 =?utf-8?B?bElBVGI2WWFMRjIrK1creXEreDVWZXBuenhaei9abmdsYmU3VUszNGNybjdE?=
 =?utf-8?B?MXV1WXFKSUVoR2JDY2xUTm0yR1NIQ0t6VmYrSTI3RFo1NFJQRTQrQWVlU1JM?=
 =?utf-8?B?aDBZUmVLY0hieExOdDdQN3hGUE5jK25KOGo5SHdaTEU4YUQwemFhWndOeHVY?=
 =?utf-8?B?ZzFDQ0xibE9ISWp0V3BGenA1WkE0QytBRXBZdy9JOFRudzc5TmlqV3BVSDRq?=
 =?utf-8?B?TEI5N2tzZDJ3Z2lnUTlOQXNuL1ZVdDlKNW0vOUdmRmRROTF3R2RZMlNYeGtC?=
 =?utf-8?B?U2s1a0lQeTYwenNLZy8rR1hjNXBibUViaUpqQlI5ZnJubkppKzZpSC8rcndI?=
 =?utf-8?B?S1ZwRDZmblRHQjFGUXNCcXhlZVRaemZqTHVIMzNjQkxibmlOeXBxUnVVRUF2?=
 =?utf-8?B?di8wYS9OLzZKNUN0aTY2MC93ZnNnRjNBejFiOXl0dm9EK05EbkZDWGFHdk8z?=
 =?utf-8?B?QmIyTFZTSitnWTViSm5KRDhIQkRPemU2S0pRZ2hYRkkvbFhtenR5OEJldndV?=
 =?utf-8?B?TE5uSUg3UXVjWGtML0U2YmQ4Y3NIQTZpcllHZ3VTK3NjZU9ScWFYb3VlZlhG?=
 =?utf-8?B?OWF1cjF5enduQndES2pZK3BJU3Q2MGZRWDZDVE80Wis0eFd0WkxraS9Ub01U?=
 =?utf-8?B?T3ZEWmxmb3orUlZVb2JGVUhQTmtmb3NCbmtPUUlzNzVYNGQySDlWSmI3U002?=
 =?utf-8?B?SXVld09DczIrU3Z1OG9IK2g2Qm1qUlhnT1ZTNE40WWwvWFVuR2lWWDAwWGJO?=
 =?utf-8?B?akUzZVpkbjRPTlRNbVRRT3Erb3BJU291YlFidVFJWU9iMm1qaDZkRDZBczVC?=
 =?utf-8?B?QWR4SmhIV2RPUlc3VTFDekplb21zdDhQQXV0VGJnRkdSeFI4bnR1eDZxZ05v?=
 =?utf-8?B?eW9DdWdKTjFyZXJZSVBzVUljOW5qK2dBQThaNGFIT1Z3Sks4c0lraWtkbGJH?=
 =?utf-8?B?MGlmbnNKUmgzejFHRzlCd1VkZXh5enUwNWdhMERsSk1FN2hoUGZHSFgzc3Qy?=
 =?utf-8?B?Q1I2U0psYkd2VWJvS2h0MHJia3BwK3ZYYXlOUEFPbldielRIRXZuaDhCN3lH?=
 =?utf-8?B?cmZRYnVCeExoVDBNeGRYajFtVnlnUkdPRmZhZ2pvS082RDlya2ZpalhDV0JQ?=
 =?utf-8?B?Y0I2NjdaSnE1NlJXYVhPNGlYVEFEREJRbWduREtHU01XREQvL3dLUzI5ckY4?=
 =?utf-8?B?VHF4R1N6WGppWDJOa05CNkJwcktjK0FhY2NtaDhFekNCZ2U3K21kZnBVaG1G?=
 =?utf-8?B?RytDMzRYdXJZbjhFWmw3RU9KMkhCdFhNSHE0QWRIUDVLOWhCRHlVZ3hYQUE5?=
 =?utf-8?B?KzJFaTZrTXBENnlxVW5PNHlJWHExbHA3WWxmTEV1eTVOS3NDVm5vSXVVZjJz?=
 =?utf-8?B?bFlUOHVFQi9STjUvVjZzM0RoWm1Mc1BLVVBtQ2k2NUFNR09Dd3poVkgvcmE4?=
 =?utf-8?B?MTVvNFNuM0FoRmd6M3ZnVzdoMVlmd2ZYUnljUURQVVNPbWdNMTNBY0crL2xI?=
 =?utf-8?B?eHZ5Wk5HcFRZZk0xTEQvTEFFU1Rrbkg2eEFNd1NFOUNqelB6VEk4VTk3eUlV?=
 =?utf-8?B?ZEE9PQ==?=
X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1150;6:kC8VBdt/jY1h48NrxB+aFvd9Zq32EPxPWFult+ln5Pj8VIBmYF9A1JxYwvlQ5t1Qewv5Z/k5w0FHPAslijr4Ffbd13Fc2T4anMOlZ3xC1sXEJTSWxlK5aOsF1vfPlDR5vpyFpdn0rjsxwBYC/6EVn7acxndSbA8ksnc3yddkXZ4HEkfv58p21xo2VmTPNl1F4hbPO00Nn6/+YVK0lU+r0SEn37bixuGQFSIO0FRI7t6i7WHXbideB2drqp6bTgxAO+hWVVBPVpDQ5503o/j8sDsWgzz8D8B3Yubd/FWe4zJYuPufS7rwFRq7kW20capAx3vSlOiJAOfZB+DmEerCyaIIOH6XonjoQ90OJM4Wn2A=;5:3N7efgGUXx3Z31lczbJTwKuNq5Tuzr1mnMzfiOd9MUpEyPcAjxuqvt9BTr8pbaVnDfyR2FesYKPqrqjfGZejLL0lrbd1RsPES6kbqeRrcwrEotq7aNCFIQBVLx6cbRF9ub6ceznRHPmI0+hllD+CPiNP2Y8wNWbUs6FEUcEKtSE=;24:LAxt6Eb3AzuNn409NyBnXConiqS6MvBgOEKyHBTnMWnuHgmORDnKJoDGl5O0uDxV9cn97vN/pSJxEWgM+IcwOA4ikpLW1gh2ep2VR0pUdic=;7:U6gUkl+YJ45o9f7rI3yFKkQMSkX5XMrAT/Qa5a25hMwmenNbSRaUTm9F0hql6WbnxsNQ19kaMG3vG6VJLygMS8kFmJNJo9QPSGWWG5dMCb3Uv/l2rbo5S5LH8PUSVxPh3zeVtm+QGJ1P2fCfzX5bCHrVNjyqbncoHeT3wyRNB+qGV32BQP25ORxJrXs8Ss1s4s67GPcfZx7PT1cuY/Z/GxzIGjGeN76Q8GgKC7EA3/793metDiOHQ/Idt+z8/0+R
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1150;20:hc3238Tj6xaIMNCaUQhwmntis3PQTXgkINXr/Z34uEXxJXC7AjSb0Q3+yTosGZ0mgQYCBGB7JGLY9ff0gIjAwNh+Jnx3Hp+rq6DhWd0PbPHpfZDerjbo7KhlKXuzkvY/SHpiiN+2nbTsenalZ3wU4Ojufi7/Ic/1/4S6N6Xr4yYepTfX76lJO8oKREUPuAC2jN5+tZwnpHlPUweRNwrwHjJT/7wC/0QmplQTo/AXeRKspE5liBx7WLplmkstzvh7
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Jan 2018 14:22:47.9934 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 349edd89-d058-4df2-3370-08d567ecf0f6
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR12MB1150
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 1/29/2018 6:10 PM, KarimAllah Ahmed wrote:
> From: Ashok Raj <ashok.raj@intel.com>
> 
> Add MSR passthrough for MSR_IA32_PRED_CMD and place branch predictor
> barriers on switching between VMs to avoid inter VM Spectre-v2 attacks.
> 
> [peterz: rebase and changelog rewrite]
> [karahmed: - rebase
>            - vmx: expose PRED_CMD whenever it is available
>            - svm: only pass through IBPB if it is available
>            - vmx: support !cpu_has_vmx_msr_bitmap()]
> [dwmw2: Expose CPUID bit too (AMD IBPB only for now as we lack IBRS)
>         PRED_CMD is a write-only MSR]
> 
> Cc: Asit Mallick <asit.k.mallick@intel.com>
> Cc: Dave Hansen <dave.hansen@intel.com>
> Cc: Arjan Van De Ven <arjan.van.de.ven@intel.com>
> Cc: Tim Chen <tim.c.chen@linux.intel.com>
> Cc: Linus Torvalds <torvalds@linux-foundation.org>
> Cc: Andrea Arcangeli <aarcange@redhat.com>
> Cc: Andi Kleen <ak@linux.intel.com>
> Cc: Thomas Gleixner <tglx@linutronix.de>
> Cc: Dan Williams <dan.j.williams@intel.com>
> Cc: Jun Nakajima <jun.nakajima@intel.com>
> Cc: Andy Lutomirski <luto@kernel.org>
> Cc: Greg KH <gregkh@linuxfoundation.org>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Signed-off-by: Ashok Raj <ashok.raj@intel.com>
> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
> Link: http://lkml.kernel.org/r/1515720739-43819-6-git-send-email-ashok.raj@intel.com
> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
> Signed-off-by: KarimAllah Ahmed <karahmed@amazon.de>
> ---
>  arch/x86/kvm/cpuid.c | 11 ++++++++++-
>  arch/x86/kvm/svm.c   | 14 ++++++++++++++
>  arch/x86/kvm/vmx.c   | 12 ++++++++++++
>  3 files changed, 36 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
> index c0eb337..033004d 100644
> --- a/arch/x86/kvm/cpuid.c
> +++ b/arch/x86/kvm/cpuid.c
> @@ -365,6 +365,10 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
>  		F(3DNOWPREFETCH) | F(OSVW) | 0 /* IBS */ | F(XOP) |
>  		0 /* SKINIT, WDT, LWP */ | F(FMA4) | F(TBM);
>  
> +	/* cpuid 0x80000008.ebx */
> +	const u32 kvm_cpuid_8000_0008_ebx_x86_features =
> +		F(IBPB);
> +
>  	/* cpuid 0xC0000001.edx */
>  	const u32 kvm_cpuid_C000_0001_edx_x86_features =
>  		F(XSTORE) | F(XSTORE_EN) | F(XCRYPT) | F(XCRYPT_EN) |
> @@ -625,7 +629,12 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
>  		if (!g_phys_as)
>  			g_phys_as = phys_as;
>  		entry->eax = g_phys_as | (virt_as << 8);
> -		entry->ebx = entry->edx = 0;
> +		entry->edx = 0;
> +		/* IBPB isn't necessarily present in hardware cpuid */
> +		if (boot_cpu_has(X86_FEATURE_IBPB))
> +			entry->ebx |= F(IBPB);
> +		entry->ebx &= kvm_cpuid_8000_0008_ebx_x86_features;
> +		cpuid_mask(&entry->ebx, CPUID_8000_0008_EBX);
>  		break;
>  	}
>  	case 0x80000019:
> diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
> index 2744b973..c886e46 100644
> --- a/arch/x86/kvm/svm.c
> +++ b/arch/x86/kvm/svm.c
> @@ -529,6 +529,7 @@ struct svm_cpu_data {
>  	struct kvm_ldttss_desc *tss_desc;
>  
>  	struct page *save_area;
> +	struct vmcb *current_vmcb;
>  };
>  
>  static DEFINE_PER_CPU(struct svm_cpu_data *, svm_data);
> @@ -918,6 +919,9 @@ static void svm_vcpu_init_msrpm(u32 *msrpm)
>  
>  		set_msr_interception(msrpm, direct_access_msrs[i].index, 1, 1);
>  	}
> +
> +	if (boot_cpu_has(X86_FEATURE_IBPB))
> +		set_msr_interception(msrpm, MSR_IA32_PRED_CMD, 1, 1);

Not sure you really need the check here.  If the feature isn't available
in the hardware, then it won't be advertised in the CPUID bits to the
guest, so the guest shouldn't try to write to the msr.  If it does, it
will #GP. So I would think it could be set all the time to not be
intercepted, no?

>  }
>  
>  static void add_msr_offset(u32 offset)
> @@ -1706,11 +1710,17 @@ static void svm_free_vcpu(struct kvm_vcpu *vcpu)
>  	__free_pages(virt_to_page(svm->nested.msrpm), MSRPM_ALLOC_ORDER);
>  	kvm_vcpu_uninit(vcpu);
>  	kmem_cache_free(kvm_vcpu_cache, svm);
> +	/*
> +	 * The vmcb page can be recycled, causing a false negative in
> +	 * svm_vcpu_load(). So do a full IBPB now.
> +	 */
> +	indirect_branch_prediction_barrier();
>  }
>  
>  static void svm_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
>  {
>  	struct vcpu_svm *svm = to_svm(vcpu);
> +	struct svm_cpu_data *sd = per_cpu(svm_data, cpu);
>  	int i;
>  
>  	if (unlikely(cpu != vcpu->cpu)) {
> @@ -1739,6 +1749,10 @@ static void svm_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
>  	if (static_cpu_has(X86_FEATURE_RDTSCP))
>  		wrmsrl(MSR_TSC_AUX, svm->tsc_aux);
>  
> +	if (sd->current_vmcb != svm->vmcb) {
> +		sd->current_vmcb = svm->vmcb;
> +		indirect_branch_prediction_barrier();
> +	}
>  	avic_vcpu_load(vcpu, cpu);
>  }
>  
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index aa8638a..ea278ce 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -2272,6 +2272,7 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
>  	if (per_cpu(current_vmcs, cpu) != vmx->loaded_vmcs->vmcs) {
>  		per_cpu(current_vmcs, cpu) = vmx->loaded_vmcs->vmcs;
>  		vmcs_load(vmx->loaded_vmcs->vmcs);
> +		indirect_branch_prediction_barrier();
>  	}
>  
>  	if (!already_loaded) {
> @@ -3330,6 +3331,14 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
>  	case MSR_IA32_TSC:
>  		kvm_write_tsc(vcpu, msr_info);
>  		break;
> +	case MSR_IA32_PRED_CMD:
> +		if (!msr_info->host_initiated &&
> +		    !guest_cpuid_has(vcpu, X86_FEATURE_IBPB))
> +			return 1;
> +
> +		if (data & PRED_CMD_IBPB)
> +			wrmsrl(MSR_IA32_PRED_CMD, PRED_CMD_IBPB);
> +		break;

Should this also be in svm.c or as common code in x86.c?

>  	case MSR_IA32_CR_PAT:
>  		if (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_IA32_PAT) {
>  			if (!kvm_mtrr_valid(vcpu, MSR_IA32_CR_PAT, data))
> @@ -9548,6 +9557,9 @@ static struct kvm_vcpu *vmx_create_vcpu(struct kvm *kvm, unsigned int id)
>  		goto free_msrs;
>  
>  	msr_bitmap = vmx->vmcs01.msr_bitmap;
> +
> +	if (boot_cpu_has(X86_FEATURE_IBPB))
> +		vmx_disable_intercept_for_msr(msr_bitmap, MSR_IA32_PRED_CMD, MSR_TYPE_W);

Same comment here as in svm.c, is the feature check necessary?

Thanks,
Tom

>  	vmx_disable_intercept_for_msr(msr_bitmap, MSR_FS_BASE, MSR_TYPE_RW);
>  	vmx_disable_intercept_for_msr(msr_bitmap, MSR_GS_BASE, MSR_TYPE_RW);
>  	vmx_disable_intercept_for_msr(msr_bitmap, MSR_KERNEL_GS_BASE, MSR_TYPE_RW);
>