Received: by 10.223.176.5 with SMTP id f5csp164323wra;
        Tue, 30 Jan 2018 09:34:00 -0800 (PST)
X-Google-Smtp-Source: AH8x225oNOD4987dIAoHwD6+lf+WZhySy6tBNTn3DjrDLNT6Ts0C6SOx+m0mLm0iEYcdpsTfEW44
X-Received: by 2002:a17:902:bd93:: with SMTP id q19-v6mr5958173pls.414.1517333640788;
        Tue, 30 Jan 2018 09:34:00 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517333640; cv=none;
        d=google.com; s=arc-20160816;
        b=Uo/U/pnC7/IR89/uhHAF+zXom5pulLM8cBsHNbtrt+D1xR5GOzW09YZUZZ+IrrNdyZ
         x+qQ26r3sMglQ3EIAx0xk4uiSXBUu4iHdpAObi+0hvZvIy6lGBJg0GgRZ/BL5KyakJuv
         2vYXc1+ajxDTmHOBciC5aaUFBkEahZYfwhtRGBReTc5ZMMFVehne7CMB82nt0vhBUSl2
         eFJvM4T76+inZv+AMnxQSnmb9uzuOfwlJVZKwA9Jihwjn8SKHAhEkoWSSlz0rLnsQwTv
         AEduVzUzTr2jVua5DcJCcWTFeUeCYTqNT7IWLt5/yPirY2wf60kcRpgoMUjgZ5P6JFUt
         9NXw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:dkim-signature
         :arc-authentication-results;
        bh=tFY8C5WsErBJ1EsQVOHIUKFnF0Sa9P9l6hRTk+CdjSc=;
        b=YWZf/DRWinTkfh19cRSUF1IEcCD0n14Gim0KyTxsdc09KKRLtCtw1hCMydClwaJBt8
         jP244DE88SqNPkfcqT6UXq4ienquXoNtteyiTUGiygj5JnocJiMBNzGM6hQfcuTUZnmd
         HVp30aMtBY2RuWK8Ghipi+CK6Wf3pVSP6SwQFUNcLl7XDgPGLu+0k8hdTKLoo/JZmIdk
         6CDphX1DQVIUwLjobgC69gRWusnAbVy+2qyP8Zqqe1zbEiVyUw6qRAmPnnw/TexLkPxj
         6d1y7hqc5oCLn07mLbeIQ9TAWNMeC7MD5tEE4WVc/SK2vid835FRae43M7tLfRhgpble
         o/pQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=N0KPA+22;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id r39-v6si1092650pld.39.2018.01.30.09.33.46;
        Tue, 30 Jan 2018 09:34:00 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=N0KPA+22;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752721AbeA3QoA (ORCPT <rfc822;sujaykul91@gmail.com>
        + 99 others); Tue, 30 Jan 2018 11:44:00 -0500
Received: from userp2120.oracle.com ([156.151.31.85]:52712 "EHLO
        userp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751554AbeA3Qn6 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 30 Jan 2018 11:43:58 -0500
Received: from pps.filterd (userp2120.oracle.com [127.0.0.1])
        by userp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w0UGfc94164045;
        Tue, 30 Jan 2018 16:43:42 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : to : cc :
 references : from : message-id : date : mime-version : in-reply-to :
 content-type : content-transfer-encoding; s=corp-2017-10-26;
 bh=tFY8C5WsErBJ1EsQVOHIUKFnF0Sa9P9l6hRTk+CdjSc=;
 b=N0KPA+22AxZeNWzIRsV7FQiaWWuZb/Pwc3i44os8PXSZRHzhVhGVbsi555La0wb8NgMV
 n4KBYfwe6pTgQQ28pxIPCKLOCRvt7zBy9s9iR54j2a1QC+c98WTCheejxrJQtGgUYcXU
 +ZZGiXzUllsofwoJsusa44TXVb2dlpLJFT+cCfjYPSdFmdkYCbvl40z9Ldi20xJTcZUy
 oqQvAT1Jbat2cwj778tvEZsRF6jKy4gDoi27x2M+aJ46PXpbm/lO5YAflqinFdO0aNCH
 tFSLDyQ+QCIM08LN4aHwUKF+HEcTM4hMtt9ljP7CDE//7ZHYDHiuTFQkh9wNVoha1d31 Ww== 
Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74])
        by userp2120.oracle.com with ESMTP id 2ftufv0csk-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
        Tue, 30 Jan 2018 16:43:42 +0000
Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236])
        by userv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w0UGhdka003787
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL);
        Tue, 30 Jan 2018 16:43:39 GMT
Received: from abhmp0014.oracle.com (abhmp0014.oracle.com [141.146.116.20])
        by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w0UGhcGB018915;
        Tue, 30 Jan 2018 16:43:38 GMT
Received: from [172.17.0.254] (/141.85.241.41)
        by default (Oracle Beehive Gateway v4.0)
        with ESMTP ; Tue, 30 Jan 2018 08:43:37 -0800
Subject: Re: [9/8] KVM: x86: limit MSR_IA32_SPEC_CTRL access based on CPUID
 availability
To:     Jim Mattson <jmattson@google.com>
Cc:     Paolo Bonzini <pbonzini@redhat.com>,
        LKML <linux-kernel@vger.kernel.org>,
        kvm list <kvm@vger.kernel.org>,
        =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= <rkrcmar@redhat.com>,
        Liran Alon <liran.alon@oracle.com>,
        Anthony Liguori <aliguori@amazon.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        David Woodhouse <dwmw@amazon.co.uk>,
        Borislav Petkov <bp@alien8.de>,
        the arch/x86 maintainers <x86@kernel.org>,
        Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
References: <20180109120311.27565-10-pbonzini@redhat.com>
 <6dc02278-7004-1794-3705-69c8cad86be4@oracle.com>
 <CALMp9eSVC=LO-SrPkA3m6eSpgJ6X4rNCRCf3uvtJEdMG_B72cQ@mail.gmail.com>
From:   Mihai Carabas <mihai.carabas@oracle.com>
Message-ID: <beb9f9b4-7bc0-4a3a-73c2-0828febbd06c@oracle.com>
Date:   Tue, 30 Jan 2018 18:43:35 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.5.2
MIME-Version: 1.0
In-Reply-To: <CALMp9eSVC=LO-SrPkA3m6eSpgJ6X4rNCRCf3uvtJEdMG_B72cQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8790 signatures=668657
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0
 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=986
 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.0.1-1711220000 definitions=main-1801300208
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 30.01.2018 18:33, Jim Mattson wrote:
> All MSR intercepts are enabled by default, so I don't think this patch
> does anything at all, unless I'm missing some context.
> 

Currently on upstream some MSR are intercepted: 
https://github.com/torvalds/linux/blob/master/arch/x86/kvm/vmx.c#L6838

In particular to this patch, the MSR_IA32_SPEC_CTRL intercept is 
disabled in 3/8: https://patchwork.kernel.org/patch/10151889/


> On Tue, Jan 30, 2018 at 5:21 AM, Mihai Carabas <mihai.carabas@oracle.com> wrote:
>> Hello Paolo,
>>
>> I've back ported this patch on 4.1, after adding the per-vcpu MSR bitmap.
>> Also enabled the SPEC_CTRL_MSR intercept if qemu instructed so [1].
>>
>> Reviewed-by: Mihai Carabas <mihai.carabas@oracle.com>
>>
>> [1]
>> +++ b/arch/x86/kvm/vmx.c
>> @@ -8391,6 +8391,16 @@ static struct kvm_vcpu *vmx_create_vcpu(struct kvm
>> *kvm, unsigned int id)
>>          vmx_disable_intercept_for_msr(msr_bitmap, MSR_IA32_PRED_CMD,
>> MSR_TYPE_R | MSR_TYPE_W);
>>          vmx_disable_intercept_for_msr(msr_bitmap, MSR_IA32_BNDCFGS,
>> MSR_TYPE_R | MSR_TYPE_W);
>>
>> +       /*
>> +        * If the physical CPU or the vCPU of this VM doesn't
>> +        * support SPEC_CTRL feature, catch each access to it.
>> +        */
>> +       if (!static_cpu_has(X86_FEATURE_SPEC_CTRL) ||
>> +            !guest_cpuid_has_spec_ctrl(&vmx->vcpu))
>> +               vmx_enable_intercept_for_msr(
>> +                       msr_bitmap,
>> +                       MSR_IA32_SPEC_CTRL,
>> +                       MSR_TYPE_R | MSR_TYPE_W);
>>
>>          /*
>>           * If PML is turned on, failure on enabling PML just results in
>> failure
>>
>>
>>
>> On 09.01.2018 14:03, Paolo Bonzini wrote:
>>>
>>> MSR_IA32_SPEC_CTRL is not available unless CPU[7,0].EDX[26] is 1.
>>> Check that against host CPUID or guest CPUID, respectively for
>>> host-initiated and guest-initiated accesses.
>>>
>>> Suggested-by: Jim Mattson <jmattson@google.com>
>>> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
>>> ---
>>>          This is for after X86_FEATURE_SPEC_CTRL is added to Linux, but
>>>          I still wanted to ack Jim's improvement.
>>>
>>>    arch/x86/kvm/svm.c | 8 ++++++++
>>>    arch/x86/kvm/vmx.c | 8 ++++++++
>>>    2 files changed, 16 insertions(+)
>>>
>>> diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
>>> index 97126c2bd663..3a646580d7c5 100644
>>> --- a/arch/x86/kvm/svm.c
>>> +++ b/arch/x86/kvm/svm.c
>>> @@ -3648,6 +3648,10 @@ static int svm_get_msr(struct kvm_vcpu *vcpu,
>>> struct msr_data *msr_info)
>>>                  msr_info->data = svm->nested.vm_cr_msr;
>>>                  break;
>>>          case MSR_IA32_SPEC_CTRL:
>>> +               if (!static_cpu_has(X86_FEATURE_SPEC_CTRL) ||
>>> +                   (!msr_info->host_initiated &&
>>> +                            !guest_cpuid_has(vcpu,
>>> X86_FEATURE_SPEC_CTRL)))
>>> +                       return 1;
>>>                  msr_info->data = svm->spec_ctrl;
>>>                  break;
>>>          case MSR_IA32_UCODE_REV:
>>> @@ -3806,6 +3810,10 @@ static int svm_set_msr(struct kvm_vcpu *vcpu,
>>> struct msr_data *msr)
>>>                  vcpu_unimpl(vcpu, "unimplemented wrmsr: 0x%x data
>>> 0x%llx\n", ecx, data);
>>>                  break;
>>>          case MSR_IA32_SPEC_CTRL:
>>> +               if (!static_cpu_has(X86_FEATURE_SPEC_CTRL) ||
>>> +                   (!msr_info->host_initiated &&
>>> +                            !guest_cpuid_has(vcpu,
>>> X86_FEATURE_SPEC_CTRL)))
>>> +                       return 1;
>>>                  svm->spec_ctrl = data;
>>>                  break;
>>>          case MSR_IA32_APICBASE:
>>> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
>>> index 49b4a2d61603..42bc7ee293e4 100644
>>> --- a/arch/x86/kvm/vmx.c
>>> +++ b/arch/x86/kvm/vmx.c
>>> @@ -3368,6 +3368,10 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu,
>>> struct msr_data *msr_info)
>>>                  msr_info->data = guest_read_tsc(vcpu);
>>>                  break;
>>>          case MSR_IA32_SPEC_CTRL:
>>> +               if (!static_cpu_has(X86_FEATURE_SPEC_CTRL) ||
>>> +                   (!msr_info->host_initiated &&
>>> +                    !guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL)))
>>> +                       return 1;
>>>                  msr_info->data = to_vmx(vcpu)->spec_ctrl;
>>>                  break;
>>>          case MSR_IA32_SYSENTER_CS:
>>> @@ -3510,6 +3514,10 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu,
>>> struct msr_data *msr_info)
>>>                  kvm_write_tsc(vcpu, msr_info);
>>>                  break;
>>>          case MSR_IA32_SPEC_CTRL:
>>> +               if (!static_cpu_has(X86_FEATURE_SPEC_CTRL) ||
>>> +                   (!msr_info->host_initiated &&
>>> +                    !guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL)))
>>> +                       return 1;
>>>                  to_vmx(vcpu)->spec_ctrl = data;
>>>                  break;
>>>          case MSR_IA32_CR_PAT:
>>>
>>