Received: by 10.223.176.5 with SMTP id f5csp639387wra; Tue, 30 Jan 2018 17:01:34 -0800 (PST) X-Google-Smtp-Source: AH8x225gG6R6SwsKQHP83eqjXZDUmyGWzzN1O+973PTy3uXJgrJWkymPcVgqLPrm/1TMpqUcg2K0 X-Received: by 2002:a17:902:52f:: with SMTP id 44-v6mr26300977plf.65.1517360494533; Tue, 30 Jan 2018 17:01:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517360494; cv=none; d=google.com; s=arc-20160816; b=cykMH7eRkmVr5MLfp/sjQoa6pVdyz91DQ2HdLr35jIuYCd9tPD88WKC0TFsKGoPwsK 9Dm5JzEBIwbiybJUMBUPTQTruIEtewW9TZ2Xbf3faeQ0XhkO1g8TCVyFLcFp7oOrlNqN +BluEL6h8xe+eVNAFDyfmzyRQ44W240YdRmxolqtQNbg4r9UH4jb/jHCaiWMXCvS7xfq fnYLVkitThXXjcvTP973eOIa/WRh6WQkyyg7KCVUFBM1Qk2ChOzNkRpPivHF/4K523wJ lZvZwEl4I5+FRkpQ8Ho343Dg7ukevMFbUJX6v4SLzCilPPr+EoDNTHDwGpvU+wLWDh6s O7SQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=w61tDjBuNYGUxbjzYJBagxl+sbAHpIH3Cd2tNZEcITo=; b=CPK4312BU8Y0d24rIc7Wu0/MRiT/AyzrLiSwB1Tguy8k0Tfi+TmQUvYsSTA2o/yN0A bEg0wCPoKWGTZ9Qs7t5BrAOpo16EzM/+QZr2KQGYoyH6Ji3k7ESAsOK2hglBgkubn9Bl SjdOpxijKuZ+yO7MHdESNPZYu4yWkiPlDpRn1TvuN8UJRjTzGyAY7/+PfAwx4Df08GNt eWJrhXxiOKWFjMmyZxBcsapmr+Gdv5KCjfqjzdjh6h+6MecAktWK3hZf5iQ0NR8a7niC dsg8ipYNK4OWTu0wSa8tZHqRlwMvrDg+GRs/x6cISUs0Hkde0oV1s5F7DGEeXfQljtf5 VNbA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b35-v6si755249plh.147.2018.01.30.17.01.20; Tue, 30 Jan 2018 17:01:34 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753722AbeAaAUI (ORCPT + 99 others); Tue, 30 Jan 2018 19:20:08 -0500 Received: from mx1.redhat.com ([209.132.183.28]:33080 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753447AbeAaAUG (ORCPT ); Tue, 30 Jan 2018 19:20:06 -0500 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 70839883B0; Wed, 31 Jan 2018 00:20:06 +0000 (UTC) Received: from [10.36.116.40] (ovpn-116-40.ams2.redhat.com [10.36.116.40]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7A5175C881; Wed, 31 Jan 2018 00:19:57 +0000 (UTC) Subject: Re: [PATCH v3 4/4] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL To: KarimAllah Ahmed , Jim Mattson Cc: KarimAllah Ahmed , kvm list , LKML , the arch/x86 maintainers , Asit Mallick , Arjan Van De Ven , Dave Hansen , Andi Kleen , Andrea Arcangeli , Linus Torvalds , Tim Chen , Thomas Gleixner , Dan Williams , Jun Nakajima , David Woodhouse , Greg KH , Andy Lutomirski , Ashok Raj References: <1517271028-15916-1-git-send-email-karahmed@amazon.de> <1517271028-15916-5-git-send-email-karahmed@amazon.de> <43859417-ae76-ed1f-eb4f-8a84a35998fc@amazon.com> From: Paolo Bonzini Message-ID: <7bd999e6-bc15-2470-80fb-771161df39d6@redhat.com> Date: Tue, 30 Jan 2018 19:19:54 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Wed, 31 Jan 2018 00:20:06 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 30/01/2018 18:50, KarimAllah Ahmed wrote: > On 01/30/2018 11:49 PM, Jim Mattson wrote: >> On Tue, Jan 30, 2018 at 1:00 PM, KarimAllah Ahmed >> wrote: >>> Ooops! I did not think at all about nested :) >>> >>> This should be addressed now, I hope: >>> >>> http://git.infradead.org/linux-retpoline.git/commitdiff/f7f0cbba3e0cffcee050a8a5a9597a162d57e572 >>> >> >> +               if (cpu_has_vmx_msr_bitmap() && data && >> +                   !vmx->save_spec_ctrl_on_exit) { >> +                       vmx->save_spec_ctrl_on_exit = true; >> + >> +                       msr_bitmap = is_guest_mode(vcpu) ? >> vmx->nested.vmcs02.msr_bitmap : >> + >> vmx->vmcs01.msr_bitmap; >> +                       vmx_disable_intercept_for_msr(msr_bitmap, >> +                                                     MSR_IA32_SPEC_CTRL, >> +                                                     MSR_TYPE_RW); >> +               } >> >> There are two ways to get to this point in vmx_set_msr while >> is_guest_mode(vcpu) is true: >> 1) L0 is processing vmcs12's VM-entry MSR load list on emulated >> VM-entry (see enter_vmx_non_root_mode). >> 2) L2 tried to execute WRMSR, writes to the MSR are intercepted in >> vmcs02's MSR permission bitmap, and writes to the MSR are not >> intercepted in vmcs12's MSR permission bitmap. >> >> In the first case, disabling the intercepts for the MSR in >> vmx->nested.vmcs02.msr_bitmap is incorrect, because we haven't yet >> determined that the intercepts are clear in vmcs12's MSR permission >> bitmap. >> In the second case, disabling *both* of the intercepts for the MSR in >> vmx->nested.vmcs02.msr_bitmap is incorrect, because we don't know that >> the read intercept is clear in vmcs12's MSR permission bitmap. >> Furthermore, disabling the write intercept for the MSR in >> vmx->nested.vmcs02.msr_bitmap is somewhat fruitless, because >> nested_vmx_merge_msr_bitmap is just going to undo that change on the >> next emulated VM-entry. > > Okay, I took a second look at the code (specially > nested_vmx_merge_msr_bitmap). > > This means that I simply should not touch the MSR bitmap in set_msr in > case of nested, I just need to properly update the l02 msr_bitmap in > nested_vmx_merge_msr_bitmap. As in here: > > http://git.infradead.org/linux-retpoline.git/commitdiff/d90eedebdd16bb00741a2c93bc13c5e444c99c2b > > > or am I still missing something? (sorry, did not actually look at the > nested code before!) The new code in nested_vmx_merge_msr_bitmap should be conditional on vmx->save_spec_ctrl_on_exit. Also, guest_cpuid_has is pretty slow (because of kvm_find_cpuid_entry); calling it once or twice on each and every nested vmexit is probably not a good idea. Apart from this, it looks good to me. Paolo