Received: by 10.223.176.5 with SMTP id f5csp170615wra;
        Tue, 30 Jan 2018 09:39:59 -0800 (PST)
X-Google-Smtp-Source: AH8x226YPu0hC5504MDTWHoCbcSdjwcvar6Zkmjsy0Ws1Mpu8ryVu9l5DRTPaXTRcL+Ntz+nqxak
X-Received: by 10.98.195.2 with SMTP id v2mr30452133pfg.141.1517333999695;
        Tue, 30 Jan 2018 09:39:59 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517333999; cv=none;
        d=google.com; s=arc-20160816;
        b=k4AR30jG4l336gkgTf8LIdeugIlkd94UY06eYPqG1qah+FI8v4GlmxweO34wgoeaNS
         IA6D9MSnPko6vMNc1emXZ2JrhzL/kqe8jWeVhMChxSNI/HnDkU1p+SY4FFBFoI9cdDDd
         yv/R+hMP/8beaZ2ppGwqcUMu3e/pzy/QhfUQ/6D0rx/RwdOzw2sfDiSDlhrDmY/DCljj
         Pcxd0BQFCUhR1Fsd7GJwWQWiOeOZdRibIQL1erR+AQcmUjouaSvB6mbQW0rGqnoI4VVm
         hiRk2zSJB3ckTHezANBVIjxbBznX+H8rCQgKsDP6tfxUbCpvtGJm+zHY/ycLKUgzgdiU
         OJUg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject
         :message-id:date:from:references:in-reply-to:mime-version
         :dkim-signature:arc-authentication-results;
        bh=WzP6kxD+Py1tLfvowaJvzqhJZJ2jlKzet3riLMP8+pc=;
        b=gK4xObf2+g6SZuhTlFHSNI/yGraRaazlE0re4Rg+RtL+mD+3NqDi0YWBIcYJtIMbeP
         4UBuoKrtPQjzHEn3VseqmJjtTvPU117br/o48dJP3hK5UGRPXX60E21ioOZ6b3bT8voK
         GzYtihAGiG0y71JKrOiHsw6BraS1OZvJ611cv1EZ0fprqzAJxhYw/YaxKxvzO5IpMTN+
         PtTTOn8UL19FPQfjbYA7sohJzbq1eSXSy8shjE+DGypQwOSBoFqTXD8BSFqWhr8DhE4x
         mB2E2g35XM4AHurw3vh7CE4vMHMJvW2ZOukcojOjyceyczmhHFuCXoyTM4KikBBny39m
         scVg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=I0QhLmH/;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id p7si2482888pfk.8.2018.01.30.09.39.45;
        Tue, 30 Jan 2018 09:39:59 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=I0QhLmH/;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752109AbeA3Ric (ORCPT <rfc822;sujaykul91@gmail.com>
        + 99 others); Tue, 30 Jan 2018 12:38:32 -0500
Received: from mail-io0-f177.google.com ([209.85.223.177]:45252 "EHLO
        mail-io0-f177.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751995AbeA3Ri3 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 30 Jan 2018 12:38:29 -0500
Received: by mail-io0-f177.google.com with SMTP id p188so12310234ioe.12
        for <linux-kernel@vger.kernel.org>; Tue, 30 Jan 2018 09:38:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=WzP6kxD+Py1tLfvowaJvzqhJZJ2jlKzet3riLMP8+pc=;
        b=I0QhLmH/m8xGtCcSUbCqMJBjHJnpV0uyn/Gf6bpy7UZvdu6BZgZ31/LtB9ffarq/4B
         2qWuBlbL6miedlLC+DbCDahDEeKfFu7lB48+VBnMN3b+xQIj34tAsYYof/oMx2wF7OJP
         MypvLnAhyyGjh3dceqedFDJfDW6F5AvlrdyYtzDoVIs44XmyLCzPeaqyr/Nnqrgmnl90
         kOTrDHfHATINqA7C7pNsQKV1wNL8G1M5hgFLMfS+y8ZY1TYMbzx1lYVlev0obOTec6cW
         4/plZVr7gkzprQLUM8tiPS3Lw+yp8xmymcBPNdsws3zfkAprD7vMMmco7ghf7SJ/eDnI
         vAXA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=WzP6kxD+Py1tLfvowaJvzqhJZJ2jlKzet3riLMP8+pc=;
        b=CvU/f5mptKkMbon980Dly9IBvQPg3EX4qxX7duQIoVcwoMX3PyZfTkA1Z8r1forVqA
         Nfvf2N/z3FmMJC7D1SuMc/IKW5CwWKdH7VjOx7gf9kJFkrsLcgW/jtvB2w91Hq50xGqU
         KQPE/Zza6aAbmeSkCZlsx231riamJhPa2sFHDALiqdVLROuQY8OrAl0CjENj+mQXzjh0
         rxsBgluJ7ogcsyhC+zonadOY6o8mf/zNHuVe04RO99SKRO3qdZnhQZedzkeo1BDODbPn
         Ivn+fVvSgVp+eRU8xUuU8kzXiBnmVV/1QvnFJ5CMSjtvnTtYIesw1bakfTIb6BKb3ek4
         4KyQ==
X-Gm-Message-State: AKwxyteEXAhMkDgrjrry51XnqKmEiUw1D9xipuRQSmMjZ2Y20LvHCJyc
        FOAa3Ja9QFl1eJM5Dc2Y+9EfTQETzrJ60QKE7hkQ6Q==
X-Received: by 10.107.28.201 with SMTP id c192mr29834998ioc.26.1517333908617;
 Tue, 30 Jan 2018 09:38:28 -0800 (PST)
MIME-Version: 1.0
Received: by 10.107.128.7 with HTTP; Tue, 30 Jan 2018 09:38:27 -0800 (PST)
In-Reply-To: <1517332457.18619.132.camel@infradead.org>
References: <20180109120311.27565-10-pbonzini@redhat.com> <6dc02278-7004-1794-3705-69c8cad86be4@oracle.com>
 <CALMp9eSVC=LO-SrPkA3m6eSpgJ6X4rNCRCf3uvtJEdMG_B72cQ@mail.gmail.com>
 <beb9f9b4-7bc0-4a3a-73c2-0828febbd06c@oracle.com> <CALMp9eT6i9bhG005S5sqV-Y1RUhsc+AXE42ww8Ej+TXSjD6tEg@mail.gmail.com>
 <1517332457.18619.132.camel@infradead.org>
From:   Jim Mattson <jmattson@google.com>
Date:   Tue, 30 Jan 2018 09:38:27 -0800
Message-ID: <CALMp9eSkyiL7RsiBb75mDNWzhCbfWM_4e9MAais-uTMeRVy8wQ@mail.gmail.com>
Subject: Re: [9/8] KVM: x86: limit MSR_IA32_SPEC_CTRL access based on CPUID availability
To:     David Woodhouse <dwmw2@infradead.org>
Cc:     Mihai Carabas <mihai.carabas@oracle.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        LKML <linux-kernel@vger.kernel.org>,
        kvm list <kvm@vger.kernel.org>,
        =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= <rkrcmar@redhat.com>,
        Liran Alon <liran.alon@oracle.com>,
        Anthony Liguori <aliguori@amazon.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        Borislav Petkov <bp@alien8.de>,
        "the arch/x86 maintainers" <x86@kernel.org>,
        Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Jan 30, 2018 at 9:14 AM, David Woodhouse <dwmw2@infradead.org> wrot=
e:
> On Tue, 2018-01-30 at 08:57 -0800, Jim Mattson wrote:
>> It's really hard to tell which patches are being proposed for which
>> repositories, but assuming that everything else is correct, I don't
>> think your condition is adequate. What if the physical CPU and the
>> virtual CPU both have CPUID.(EAX=3D7H,ECX=3D0):EDX[26], but only the
>> physical CPU has CPUID.(EAX=3D7H,ECX=3D0):EDX[27]? If the guest has writ=
e
>> access to MSR_IA32_SPEC_CTRL, it can set MSR_IA32_SPEC_CTRL[1]
>> (STIBP), even though setting that bit in the guest should raise #GP.
>
> Everything we're talking about here is for tip/x86/pti. Which I note
> has just updated to be 4.15-based, although I thought it was going to
> stay on 4.14 for now. So I've updated my tree at
> http://git.infradead.org/linux-retpoline.git/shortlog/refs/heads/ibpb
> accordingly.
>
> You can always write to the STIBP bit without a #GP even when it's not
> advertised/available.

Oops. Yes, you're right. It's writing the IBRS bit when only STIBP is
available that results in a #GP.

> There's a possibility that we'll want to always trap and *prevent*
> that, instead of passing through =E2=80=94 because doing so will also hav=
e an
> effect on the HT siblings. But as discussed, I wanted to get the basics
> working before exploring the complex IBRS/STIBP interactions. This much
> should be OK to start with.