Received: by 10.223.176.5 with SMTP id f5csp170615wra; Tue, 30 Jan 2018 09:39:59 -0800 (PST) X-Google-Smtp-Source: AH8x226YPu0hC5504MDTWHoCbcSdjwcvar6Zkmjsy0Ws1Mpu8ryVu9l5DRTPaXTRcL+Ntz+nqxak X-Received: by 10.98.195.2 with SMTP id v2mr30452133pfg.141.1517333999695; Tue, 30 Jan 2018 09:39:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517333999; cv=none; d=google.com; s=arc-20160816; b=k4AR30jG4l336gkgTf8LIdeugIlkd94UY06eYPqG1qah+FI8v4GlmxweO34wgoeaNS IA6D9MSnPko6vMNc1emXZ2JrhzL/kqe8jWeVhMChxSNI/HnDkU1p+SY4FFBFoI9cdDDd yv/R+hMP/8beaZ2ppGwqcUMu3e/pzy/QhfUQ/6D0rx/RwdOzw2sfDiSDlhrDmY/DCljj Pcxd0BQFCUhR1Fsd7GJwWQWiOeOZdRibIQL1erR+AQcmUjouaSvB6mbQW0rGqnoI4VVm hiRk2zSJB3ckTHezANBVIjxbBznX+H8rCQgKsDP6tfxUbCpvtGJm+zHY/ycLKUgzgdiU OJUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:references:in-reply-to:mime-version :dkim-signature:arc-authentication-results; bh=WzP6kxD+Py1tLfvowaJvzqhJZJ2jlKzet3riLMP8+pc=; b=gK4xObf2+g6SZuhTlFHSNI/yGraRaazlE0re4Rg+RtL+mD+3NqDi0YWBIcYJtIMbeP 4UBuoKrtPQjzHEn3VseqmJjtTvPU117br/o48dJP3hK5UGRPXX60E21ioOZ6b3bT8voK GzYtihAGiG0y71JKrOiHsw6BraS1OZvJ611cv1EZ0fprqzAJxhYw/YaxKxvzO5IpMTN+ PtTTOn8UL19FPQfjbYA7sohJzbq1eSXSy8shjE+DGypQwOSBoFqTXD8BSFqWhr8DhE4x mB2E2g35XM4AHurw3vh7CE4vMHMJvW2ZOukcojOjyceyczmhHFuCXoyTM4KikBBny39m scVg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=I0QhLmH/; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p7si2482888pfk.8.2018.01.30.09.39.45; Tue, 30 Jan 2018 09:39:59 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=I0QhLmH/; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752109AbeA3Ric (ORCPT + 99 others); Tue, 30 Jan 2018 12:38:32 -0500 Received: from mail-io0-f177.google.com ([209.85.223.177]:45252 "EHLO mail-io0-f177.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751995AbeA3Ri3 (ORCPT ); Tue, 30 Jan 2018 12:38:29 -0500 Received: by mail-io0-f177.google.com with SMTP id p188so12310234ioe.12 for ; Tue, 30 Jan 2018 09:38:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=WzP6kxD+Py1tLfvowaJvzqhJZJ2jlKzet3riLMP8+pc=; b=I0QhLmH/m8xGtCcSUbCqMJBjHJnpV0uyn/Gf6bpy7UZvdu6BZgZ31/LtB9ffarq/4B 2qWuBlbL6miedlLC+DbCDahDEeKfFu7lB48+VBnMN3b+xQIj34tAsYYof/oMx2wF7OJP MypvLnAhyyGjh3dceqedFDJfDW6F5AvlrdyYtzDoVIs44XmyLCzPeaqyr/Nnqrgmnl90 kOTrDHfHATINqA7C7pNsQKV1wNL8G1M5hgFLMfS+y8ZY1TYMbzx1lYVlev0obOTec6cW 4/plZVr7gkzprQLUM8tiPS3Lw+yp8xmymcBPNdsws3zfkAprD7vMMmco7ghf7SJ/eDnI vAXA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=WzP6kxD+Py1tLfvowaJvzqhJZJ2jlKzet3riLMP8+pc=; b=CvU/f5mptKkMbon980Dly9IBvQPg3EX4qxX7duQIoVcwoMX3PyZfTkA1Z8r1forVqA Nfvf2N/z3FmMJC7D1SuMc/IKW5CwWKdH7VjOx7gf9kJFkrsLcgW/jtvB2w91Hq50xGqU KQPE/Zza6aAbmeSkCZlsx231riamJhPa2sFHDALiqdVLROuQY8OrAl0CjENj+mQXzjh0 rxsBgluJ7ogcsyhC+zonadOY6o8mf/zNHuVe04RO99SKRO3qdZnhQZedzkeo1BDODbPn Ivn+fVvSgVp+eRU8xUuU8kzXiBnmVV/1QvnFJ5CMSjtvnTtYIesw1bakfTIb6BKb3ek4 4KyQ== X-Gm-Message-State: AKwxyteEXAhMkDgrjrry51XnqKmEiUw1D9xipuRQSmMjZ2Y20LvHCJyc FOAa3Ja9QFl1eJM5Dc2Y+9EfTQETzrJ60QKE7hkQ6Q== X-Received: by 10.107.28.201 with SMTP id c192mr29834998ioc.26.1517333908617; Tue, 30 Jan 2018 09:38:28 -0800 (PST) MIME-Version: 1.0 Received: by 10.107.128.7 with HTTP; Tue, 30 Jan 2018 09:38:27 -0800 (PST) In-Reply-To: <1517332457.18619.132.camel@infradead.org> References: <20180109120311.27565-10-pbonzini@redhat.com> <6dc02278-7004-1794-3705-69c8cad86be4@oracle.com> <1517332457.18619.132.camel@infradead.org> From: Jim Mattson Date: Tue, 30 Jan 2018 09:38:27 -0800 Message-ID: Subject: Re: [9/8] KVM: x86: limit MSR_IA32_SPEC_CTRL access based on CPUID availability To: David Woodhouse Cc: Mihai Carabas , Paolo Bonzini , LKML , kvm list , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Liran Alon , Anthony Liguori , Tom Lendacky , Borislav Petkov , "the arch/x86 maintainers" , Konrad Rzeszutek Wilk Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 30, 2018 at 9:14 AM, David Woodhouse wrot= e: > On Tue, 2018-01-30 at 08:57 -0800, Jim Mattson wrote: >> It's really hard to tell which patches are being proposed for which >> repositories, but assuming that everything else is correct, I don't >> think your condition is adequate. What if the physical CPU and the >> virtual CPU both have CPUID.(EAX=3D7H,ECX=3D0):EDX[26], but only the >> physical CPU has CPUID.(EAX=3D7H,ECX=3D0):EDX[27]? If the guest has writ= e >> access to MSR_IA32_SPEC_CTRL, it can set MSR_IA32_SPEC_CTRL[1] >> (STIBP), even though setting that bit in the guest should raise #GP. > > Everything we're talking about here is for tip/x86/pti. Which I note > has just updated to be 4.15-based, although I thought it was going to > stay on 4.14 for now. So I've updated my tree at > http://git.infradead.org/linux-retpoline.git/shortlog/refs/heads/ibpb > accordingly. > > You can always write to the STIBP bit without a #GP even when it's not > advertised/available. Oops. Yes, you're right. It's writing the IBRS bit when only STIBP is available that results in a #GP. > There's a possibility that we'll want to always trap and *prevent* > that, instead of passing through =E2=80=94 because doing so will also hav= e an > effect on the HT siblings. But as discussed, I wanted to get the basics > working before exploring the complex IBRS/STIBP interactions. This much > should be OK to start with.