Received: by 10.223.176.5 with SMTP id f5csp1792842wra; Wed, 31 Jan 2018 11:39:23 -0800 (PST) X-Google-Smtp-Source: AH8x225C0P6b09XpBx/TxqBIH5sq3YBKO+0rtPzq58hkxoOCtTsJQ4zhPOWKKrd3/ztmMeNoJEL7 X-Received: by 2002:a17:902:2901:: with SMTP id g1-v6mr28590218plb.69.1517427563252; Wed, 31 Jan 2018 11:39:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517427563; cv=none; d=google.com; s=arc-20160816; b=K50KvQUIVUnyaQ/kanaYSWam9aWei0/3fkkX8w9F/JOJFfupZK695sHsN22fsbnLKv x2Ts69w/xhUlAoQz9yRIGxd2jKM80bOGY+y+EOITU6pkc8b3aBZn6WPzqtV0KqwKyJq/ nxI2l1eL8rQsW0e8GsN3kgMxEgxEvMWRIoozD8okMa4jtWCwb2SDGVeLaSCcbicKTgux 3bbyPhuLJ2kTzkCsnF4E4w2B1dbilEnkIF5ibZ9WlzHE0lRujyFh0sXum55rKPBLYshD v1OPTNOS00oxakyRe005+VkE6IHI3I9tsuiH7qcfBIY71xPAlAwreULasCWB1n6+qK1S opqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=j/WxHtZowDC9TyamxJ4Xqd3W+zpdrutp7e6JtY1SR7c=; b=b18mHQRhF59gAUETvbP+Lhkqh5ZpF1wUF1wjVdIdS0qjFRNOOn42+ootFGsAe3hu7L 3UbTXxfDtjL1knvj2yFEHdulsmCjBLWZFCfu9D3vg1GSdhdmQ6iHEAThg2l3tsD+EWti f4SgfkpD/LKmNTHBm+x1tyK9k3XMXJobqO5/ocy7+4m+46IXOgT0jnzzY+HsBfyf6ECI hUyZMtVQTvxSJnYRq5zkiCvE2deL5/rYX/00rTz12ZlIzbm3shlSnk3ixebWnnrLCQ26 sLb7qoiInpI9rCaqZQNlGpZBrUCeJ5WJmd2NrBTRv0A6ISTHeybY5ocOIByZ3TjIRYIG Yv1g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amazon.de header.s=amazon201209 header.b=e3SvHxkS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m3-v6si2584336plb.330.2018.01.31.11.39.07; Wed, 31 Jan 2018 11:39:23 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.de header.s=amazon201209 header.b=e3SvHxkS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751716AbeAaTiZ (ORCPT + 99 others); Wed, 31 Jan 2018 14:38:25 -0500 Received: from smtp-fw-33001.amazon.com ([207.171.190.10]:51744 "EHLO smtp-fw-33001.amazon.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751675AbeAaTiX (ORCPT ); Wed, 31 Jan 2018 14:38:23 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.de; i=@amazon.de; q=dns/txt; s=amazon201209; t=1517427503; x=1548963503; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=j/WxHtZowDC9TyamxJ4Xqd3W+zpdrutp7e6JtY1SR7c=; b=e3SvHxkS6W01nfl3+2QO6J/ROrQDdtl+d5fSmHQkLbSAVvqRdJZYLARh XD+V2AIz21T96Yng8IHPV7Rp+4PlAYnbh5KOpXS5QKsLWytmG6mf9YSOm jwjP/QQs4IbvJvCXmfPhpysdx7A9vZrlIa6BIkVS/4Ikx/VpgMo6Sb7MF g=; X-IronPort-AV: E=Sophos;i="5.46,441,1511827200"; d="scan'208";a="717695813" Received: from sea3-co-svc-lb6-vlan2.sea.amazon.com (HELO email-inbound-relay-2c-579b7f5b.us-west-2.amazon.com) ([10.47.22.34]) by smtp-border-fw-out-33001.sea14.amazon.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 31 Jan 2018 19:38:11 +0000 Received: from u54e1ad5160425a4b64ea.ant.amazon.com (pdx2-ws-svc-lb17-vlan2.amazon.com [10.247.140.66]) by email-inbound-relay-2c-579b7f5b.us-west-2.amazon.com (8.14.7/8.14.7) with ESMTP id w0VJc5HR024726 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 31 Jan 2018 19:38:07 GMT Received: from u54e1ad5160425a4b64ea.ant.amazon.com (localhost [127.0.0.1]) by u54e1ad5160425a4b64ea.ant.amazon.com (8.15.2/8.15.2/Debian-3) with ESMTP id w0VJc2jv028666; Wed, 31 Jan 2018 20:38:03 +0100 Received: (from karahmed@localhost) by u54e1ad5160425a4b64ea.ant.amazon.com (8.15.2/8.15.2/Submit) id w0VJbxfB028661; Wed, 31 Jan 2018 20:37:59 +0100 From: KarimAllah Ahmed To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: KarimAllah Ahmed , Andi Kleen , Andrea Arcangeli , Andy Lutomirski , Arjan van de Ven , Ashok Raj , Asit Mallick , Borislav Petkov , Dan Williams , Dave Hansen , David Woodhouse , Greg Kroah-Hartman , "H . Peter Anvin" , Ingo Molnar , Janakarajan Natarajan , Joerg Roedel , Jun Nakajima , Laura Abbott , Linus Torvalds , Masami Hiramatsu , Paolo Bonzini , Peter Zijlstra , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Thomas Gleixner , Tim Chen , Tom Lendacky Subject: [PATCH v5 0/5] KVM: Expose speculation control feature to guests Date: Wed, 31 Jan 2018 20:37:42 +0100 Message-Id: <1517427467-28567-1-git-send-email-karahmed@amazon.de> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add direct access to speculation control MSRs for KVM guests. This allows the guest to protect itself against Spectre V2 using IBRS+IBPB instead of a retpoline+IBPB based approach. It also exposes the ARCH_CAPABILITIES MSR which is going to be used by future Intel processors to indicate RDCL_NO and IBRS_ALL. v5: - svm: add PRED_CMD and SPEC_CTRL to direct_access_msrs list. - vmx: check also for X86_FEATURE_SPEC_CTRL for msr reads and writes. - vmx: Use MSR_TYPE_W instead of MSR_TYPE_R for the nested IBPB MSR - rewrite commit message for IBPB patch [2/5] (Ashok) v4: - Add IBRS passthrough for SVM (5/5). - Handle nested guests properly. - expose F(IBRS) in kvm_cpuid_8000_0008_ebx_x86_features Ashok Raj (1): KVM: x86: Add IBPB support KarimAllah Ahmed (4): KVM: x86: Update the reverse_cpuid list to include CPUID_7_EDX KVM: VMX: Emulate MSR_IA32_ARCH_CAPABILITIES KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL KVM: SVM: Allow direct access to MSR_IA32_SPEC_CTRL arch/x86/kvm/cpuid.c | 22 +++++++--- arch/x86/kvm/cpuid.h | 1 + arch/x86/kvm/svm.c | 87 ++++++++++++++++++++++++++++++++++++++ arch/x86/kvm/vmx.c | 117 +++++++++++++++++++++++++++++++++++++++++++++++++-- arch/x86/kvm/x86.c | 1 + 5 files changed, 218 insertions(+), 10 deletions(-) Cc: Andi Kleen Cc: Andrea Arcangeli Cc: Andy Lutomirski Cc: Arjan van de Ven Cc: Ashok Raj Cc: Asit Mallick Cc: Borislav Petkov Cc: Dan Williams Cc: Dave Hansen Cc: David Woodhouse Cc: Greg Kroah-Hartman Cc: H. Peter Anvin Cc: Ingo Molnar Cc: Janakarajan Natarajan Cc: Joerg Roedel Cc: Jun Nakajima Cc: Laura Abbott Cc: Linus Torvalds Cc: Masami Hiramatsu Cc: Paolo Bonzini Cc: Peter Zijlstra Cc: Radim Krčmář Cc: Thomas Gleixner Cc: Tim Chen Cc: Tom Lendacky Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: x86@kernel.org -- 2.7.4