Received: by 10.223.176.5 with SMTP id f5csp164323wra; Tue, 30 Jan 2018 09:34:00 -0800 (PST) X-Google-Smtp-Source: AH8x225oNOD4987dIAoHwD6+lf+WZhySy6tBNTn3DjrDLNT6Ts0C6SOx+m0mLm0iEYcdpsTfEW44 X-Received: by 2002:a17:902:bd93:: with SMTP id q19-v6mr5958173pls.414.1517333640788; Tue, 30 Jan 2018 09:34:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517333640; cv=none; d=google.com; s=arc-20160816; b=Uo/U/pnC7/IR89/uhHAF+zXom5pulLM8cBsHNbtrt+D1xR5GOzW09YZUZZ+IrrNdyZ x+qQ26r3sMglQ3EIAx0xk4uiSXBUu4iHdpAObi+0hvZvIy6lGBJg0GgRZ/BL5KyakJuv 2vYXc1+ajxDTmHOBciC5aaUFBkEahZYfwhtRGBReTc5ZMMFVehne7CMB82nt0vhBUSl2 eFJvM4T76+inZv+AMnxQSnmb9uzuOfwlJVZKwA9Jihwjn8SKHAhEkoWSSlz0rLnsQwTv AEduVzUzTr2jVua5DcJCcWTFeUeCYTqNT7IWLt5/yPirY2wf60kcRpgoMUjgZ5P6JFUt 9NXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=tFY8C5WsErBJ1EsQVOHIUKFnF0Sa9P9l6hRTk+CdjSc=; b=YWZf/DRWinTkfh19cRSUF1IEcCD0n14Gim0KyTxsdc09KKRLtCtw1hCMydClwaJBt8 jP244DE88SqNPkfcqT6UXq4ienquXoNtteyiTUGiygj5JnocJiMBNzGM6hQfcuTUZnmd HVp30aMtBY2RuWK8Ghipi+CK6Wf3pVSP6SwQFUNcLl7XDgPGLu+0k8hdTKLoo/JZmIdk 6CDphX1DQVIUwLjobgC69gRWusnAbVy+2qyP8Zqqe1zbEiVyUw6qRAmPnnw/TexLkPxj 6d1y7hqc5oCLn07mLbeIQ9TAWNMeC7MD5tEE4WVc/SK2vid835FRae43M7tLfRhgpble o/pQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=N0KPA+22; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r39-v6si1092650pld.39.2018.01.30.09.33.46; Tue, 30 Jan 2018 09:34:00 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=N0KPA+22; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752721AbeA3QoA (ORCPT + 99 others); Tue, 30 Jan 2018 11:44:00 -0500 Received: from userp2120.oracle.com ([156.151.31.85]:52712 "EHLO userp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751554AbeA3Qn6 (ORCPT ); Tue, 30 Jan 2018 11:43:58 -0500 Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w0UGfc94164045; Tue, 30 Jan 2018 16:43:42 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : to : cc : references : from : message-id : date : mime-version : in-reply-to : content-type : content-transfer-encoding; s=corp-2017-10-26; bh=tFY8C5WsErBJ1EsQVOHIUKFnF0Sa9P9l6hRTk+CdjSc=; b=N0KPA+22AxZeNWzIRsV7FQiaWWuZb/Pwc3i44os8PXSZRHzhVhGVbsi555La0wb8NgMV n4KBYfwe6pTgQQ28pxIPCKLOCRvt7zBy9s9iR54j2a1QC+c98WTCheejxrJQtGgUYcXU +ZZGiXzUllsofwoJsusa44TXVb2dlpLJFT+cCfjYPSdFmdkYCbvl40z9Ldi20xJTcZUy oqQvAT1Jbat2cwj778tvEZsRF6jKy4gDoi27x2M+aJ46PXpbm/lO5YAflqinFdO0aNCH tFSLDyQ+QCIM08LN4aHwUKF+HEcTM4hMtt9ljP7CDE//7ZHYDHiuTFQkh9wNVoha1d31 Ww== Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74]) by userp2120.oracle.com with ESMTP id 2ftufv0csk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 30 Jan 2018 16:43:42 +0000 Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by userv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w0UGhdka003787 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Tue, 30 Jan 2018 16:43:39 GMT Received: from abhmp0014.oracle.com (abhmp0014.oracle.com [141.146.116.20]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w0UGhcGB018915; Tue, 30 Jan 2018 16:43:38 GMT Received: from [172.17.0.254] (/141.85.241.41) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 30 Jan 2018 08:43:37 -0800 Subject: Re: [9/8] KVM: x86: limit MSR_IA32_SPEC_CTRL access based on CPUID availability To: Jim Mattson Cc: Paolo Bonzini , LKML , kvm list , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Liran Alon , Anthony Liguori , Tom Lendacky , David Woodhouse , Borislav Petkov , the arch/x86 maintainers , Konrad Rzeszutek Wilk References: <20180109120311.27565-10-pbonzini@redhat.com> <6dc02278-7004-1794-3705-69c8cad86be4@oracle.com> From: Mihai Carabas Message-ID: Date: Tue, 30 Jan 2018 18:43:35 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8790 signatures=668657 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=986 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1801300208 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 30.01.2018 18:33, Jim Mattson wrote: > All MSR intercepts are enabled by default, so I don't think this patch > does anything at all, unless I'm missing some context. > Currently on upstream some MSR are intercepted: https://github.com/torvalds/linux/blob/master/arch/x86/kvm/vmx.c#L6838 In particular to this patch, the MSR_IA32_SPEC_CTRL intercept is disabled in 3/8: https://patchwork.kernel.org/patch/10151889/ > On Tue, Jan 30, 2018 at 5:21 AM, Mihai Carabas wrote: >> Hello Paolo, >> >> I've back ported this patch on 4.1, after adding the per-vcpu MSR bitmap. >> Also enabled the SPEC_CTRL_MSR intercept if qemu instructed so [1]. >> >> Reviewed-by: Mihai Carabas >> >> [1] >> +++ b/arch/x86/kvm/vmx.c >> @@ -8391,6 +8391,16 @@ static struct kvm_vcpu *vmx_create_vcpu(struct kvm >> *kvm, unsigned int id) >> vmx_disable_intercept_for_msr(msr_bitmap, MSR_IA32_PRED_CMD, >> MSR_TYPE_R | MSR_TYPE_W); >> vmx_disable_intercept_for_msr(msr_bitmap, MSR_IA32_BNDCFGS, >> MSR_TYPE_R | MSR_TYPE_W); >> >> + /* >> + * If the physical CPU or the vCPU of this VM doesn't >> + * support SPEC_CTRL feature, catch each access to it. >> + */ >> + if (!static_cpu_has(X86_FEATURE_SPEC_CTRL) || >> + !guest_cpuid_has_spec_ctrl(&vmx->vcpu)) >> + vmx_enable_intercept_for_msr( >> + msr_bitmap, >> + MSR_IA32_SPEC_CTRL, >> + MSR_TYPE_R | MSR_TYPE_W); >> >> /* >> * If PML is turned on, failure on enabling PML just results in >> failure >> >> >> >> On 09.01.2018 14:03, Paolo Bonzini wrote: >>> >>> MSR_IA32_SPEC_CTRL is not available unless CPU[7,0].EDX[26] is 1. >>> Check that against host CPUID or guest CPUID, respectively for >>> host-initiated and guest-initiated accesses. >>> >>> Suggested-by: Jim Mattson >>> Signed-off-by: Paolo Bonzini >>> --- >>> This is for after X86_FEATURE_SPEC_CTRL is added to Linux, but >>> I still wanted to ack Jim's improvement. >>> >>> arch/x86/kvm/svm.c | 8 ++++++++ >>> arch/x86/kvm/vmx.c | 8 ++++++++ >>> 2 files changed, 16 insertions(+) >>> >>> diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c >>> index 97126c2bd663..3a646580d7c5 100644 >>> --- a/arch/x86/kvm/svm.c >>> +++ b/arch/x86/kvm/svm.c >>> @@ -3648,6 +3648,10 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, >>> struct msr_data *msr_info) >>> msr_info->data = svm->nested.vm_cr_msr; >>> break; >>> case MSR_IA32_SPEC_CTRL: >>> + if (!static_cpu_has(X86_FEATURE_SPEC_CTRL) || >>> + (!msr_info->host_initiated && >>> + !guest_cpuid_has(vcpu, >>> X86_FEATURE_SPEC_CTRL))) >>> + return 1; >>> msr_info->data = svm->spec_ctrl; >>> break; >>> case MSR_IA32_UCODE_REV: >>> @@ -3806,6 +3810,10 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, >>> struct msr_data *msr) >>> vcpu_unimpl(vcpu, "unimplemented wrmsr: 0x%x data >>> 0x%llx\n", ecx, data); >>> break; >>> case MSR_IA32_SPEC_CTRL: >>> + if (!static_cpu_has(X86_FEATURE_SPEC_CTRL) || >>> + (!msr_info->host_initiated && >>> + !guest_cpuid_has(vcpu, >>> X86_FEATURE_SPEC_CTRL))) >>> + return 1; >>> svm->spec_ctrl = data; >>> break; >>> case MSR_IA32_APICBASE: >>> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c >>> index 49b4a2d61603..42bc7ee293e4 100644 >>> --- a/arch/x86/kvm/vmx.c >>> +++ b/arch/x86/kvm/vmx.c >>> @@ -3368,6 +3368,10 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, >>> struct msr_data *msr_info) >>> msr_info->data = guest_read_tsc(vcpu); >>> break; >>> case MSR_IA32_SPEC_CTRL: >>> + if (!static_cpu_has(X86_FEATURE_SPEC_CTRL) || >>> + (!msr_info->host_initiated && >>> + !guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL))) >>> + return 1; >>> msr_info->data = to_vmx(vcpu)->spec_ctrl; >>> break; >>> case MSR_IA32_SYSENTER_CS: >>> @@ -3510,6 +3514,10 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, >>> struct msr_data *msr_info) >>> kvm_write_tsc(vcpu, msr_info); >>> break; >>> case MSR_IA32_SPEC_CTRL: >>> + if (!static_cpu_has(X86_FEATURE_SPEC_CTRL) || >>> + (!msr_info->host_initiated && >>> + !guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL))) >>> + return 1; >>> to_vmx(vcpu)->spec_ctrl = data; >>> break; >>> case MSR_IA32_CR_PAT: >>> >>