Received: by 10.223.176.5 with SMTP id f5csp1800522wra; Wed, 31 Jan 2018 11:47:49 -0800 (PST) X-Google-Smtp-Source: AH8x2271d7DnorODEN3/RzV8N4i0saqNu7w5d94YZv4fAak4qXLvQE3cPD8S/mbPweZSVLQrt+My X-Received: by 10.98.19.137 with SMTP id 9mr34309378pft.5.1517428069733; Wed, 31 Jan 2018 11:47:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517428069; cv=none; d=google.com; s=arc-20160816; b=AfZsVmtTltTLhylSdt5ZioPj3VUGeqAU5FzZyAGvqG2+OfbMX2PQZhLoYg6EFVy6ss 34r4m34QDGj+euNnjIjgHcIzJsGkJ7Exb2vuSPy8IpsjiPUGO8D2SyJRMWe0CHde3Nvb y96mJAX4Hza7MJCxXuX54dfzO5cOFpAyLY4rpiec4hHVQivYzjSnfUlPg9OUdEje1S2Q U24SFtvo+P7m+cECVK4usVOgn+07c/9YTinlHxYPTiQwW8FB0vUM1m7fIaFrtiR3uO4F HID9p53pwaBXQJYLBsqBAu8XtjZF7puk6CQ8McRGccBcBJtOr/YDfRsMehWBd0A7Uk8w jzqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=BdbVwZcSY4xy//hJxwteTqJ3lAt0IOMV6S2691ybb88=; b=x3/k2IN+G5Ib15eOSlo99u1y37oyFZ8lUkUNFFf1xObhM015PRaQl/Jpsz28Jf0j6Y Lpw4Eqe0FUZqBPWx397l82Su8w5cnVDJBTNO0BmPRE9P+3kH24v8C4BD39AZFGW+pw11 AoR9vyu9Z9GU9SdiyNwfi76h+hV9EGQnUo2b2QrSQ6dPM3DgiLIo8vMUgDklgY9no/Ao j2YCcm/intYz021lVMmMN7B1i9KL9EkQZFSnlm2IkETEWfwOwTSaHsCYcl9bGo5BWkPt e3i8qtuJ/awrxsOHDIeF3hpP0rVOCmeUmvzNZpI0kFtQcbjEWgluuKZxU/4b4NYf9bNf wcvQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=K5dL9dGh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f9-v6si307414plk.94.2018.01.31.11.47.35; Wed, 31 Jan 2018 11:47:49 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=K5dL9dGh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751464AbeAaTpy (ORCPT + 99 others); Wed, 31 Jan 2018 14:45:54 -0500 Received: from mail-io0-f181.google.com ([209.85.223.181]:38364 "EHLO mail-io0-f181.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751378AbeAaTpw (ORCPT ); Wed, 31 Jan 2018 14:45:52 -0500 Received: by mail-io0-f181.google.com with SMTP id d13so16474990iog.5 for ; Wed, 31 Jan 2018 11:45:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=BdbVwZcSY4xy//hJxwteTqJ3lAt0IOMV6S2691ybb88=; b=K5dL9dGhn+pWsbC2DHQbk761TdvxojjIoR0WxS43Akx/oPv1c3mVdDk+LRQZFwT76U 85jsbokSFOYCzZOyiBZ9IO2iBMua4Iyiol3VScC4HCnZnyuXx+6mAa2f7Sp/04TI8NbF nfjXu5frHR6hpjVEj296d+3mde9/A/Z2kIkNvbQMC5Yge3bbFv35B+4y8faWg8lixsk6 LkzAHXXDSCemnNyPrBAuCgMk0rK0QUDbbfjSFejZl9dVqaR84xr2nMtxt4jg3viioacv GyDJ7y7fP6MAiL5+2fmMMffSV03FgnGyqgl3Oyz8zEfk8v/LQfG/htmTBLRtWgxdfy6Y vnGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=BdbVwZcSY4xy//hJxwteTqJ3lAt0IOMV6S2691ybb88=; b=B4UNNrDS7zvVDrWUsKRohGKSLM4AfocIWwzV6/im2p6ymnG28K1BJYARotm1lET2qs USpHwdeGZaW+GQRZ65WN4dtDwba9pLU/OkSVOAJXmMOV4rJDnDXDBmogWBNXrTL3iMyy BiiPCEDCbMj75fxWlr2AfC+hAkd15i/gh0iDWwgNRaUVX6lbZr34Bpib2HpBPUs7017u jmT5MjQj01uJ7/aFuZeKov+nTy9TaK2lz3doHH/xi6hgEoimBCRkuJnjEwn9zAYG0CDr ZFBwgSh1wonDnmNDoEd9g2UWCjDjmoaTm66oOl9Xvu047qzAx0VXzZh2Zqpx65GQVjPZ 62yQ== X-Gm-Message-State: AKwxytfEO5xTxC2KtK4i7e+OxTlpXZzUvdBRArrt+T6wv2M1t95m75V0 f0efDuDJWMf3LdVzrs8sVx4xh8YaMgqYRaBDQEdACD3MLtA= X-Received: by 10.107.97.24 with SMTP id v24mr35137892iob.296.1517427951854; Wed, 31 Jan 2018 11:45:51 -0800 (PST) MIME-Version: 1.0 Received: by 10.107.128.7 with HTTP; Wed, 31 Jan 2018 11:45:50 -0800 (PST) In-Reply-To: <1517427467-28567-3-git-send-email-karahmed@amazon.de> References: <1517427467-28567-1-git-send-email-karahmed@amazon.de> <1517427467-28567-3-git-send-email-karahmed@amazon.de> From: Jim Mattson Date: Wed, 31 Jan 2018 11:45:50 -0800 Message-ID: Subject: Re: [PATCH v5 2/5] KVM: x86: Add IBPB support To: KarimAllah Ahmed Cc: kvm list , LKML , "the arch/x86 maintainers" , Ashok Raj , Asit Mallick , Dave Hansen , Arjan Van De Ven , Tim Chen , Linus Torvalds , Andrea Arcangeli , Andi Kleen , Thomas Gleixner , Dan Williams , Jun Nakajima , Andy Lutomirski , Greg KH , Paolo Bonzini , Peter Zijlstra , David Woodhouse Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jan 31, 2018 at 11:37 AM, KarimAllah Ahmed wrote: > + nested_vmx_disable_intercept_for_msr(msr_bitmap_l1, msr_bitmap_l0, > + MSR_IA32_PRED_CMD, > + MSR_TYPE_W); > + I still think this should be predicated on L1 having guest_cpuid_has(vcpu, X86_FEATURE_IBPB) or guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL), because of the potential impact to the hypertwin. If L0 denies the feature to L1 by clearing those CPUID bits, L1 shouldn't be able to bypass that restriction by launching L2.