Received: by 10.223.176.5 with SMTP id f5csp1833543wra;
        Wed, 31 Jan 2018 12:19:21 -0800 (PST)
X-Google-Smtp-Source: AH8x227P/3pW2+ZM9O6eBqPlKCfAO10CekdX9B4E64Eu4lHdCdEZJ+IgDPi5yEgd6IOizx+BJilU
X-Received: by 10.98.13.14 with SMTP id v14mr34369287pfi.184.1517429961285;
        Wed, 31 Jan 2018 12:19:21 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517429961; cv=none;
        d=google.com; s=arc-20160816;
        b=ENF2flsAIK8rHRXKQ1Ec4gL6ghQd1HLgxCkXErERBoH0+p9x/x/CDZfPwh5DNQ10TK
         iw5pf4kS4QgRQkYpY85/mewPkW90xKoyvB59VsBznnoJ0ztf7Qj8PR4iffBTCEkdL5tt
         vCI+Rctf6N3bDZUtXgq3yXaHZ0Lcnx9Fq5XIQMpz4KK6OXFqAc1UDJJj6ZnLZOc6J0HA
         3xtbyb9LNRuqXjEJAI7f1hUeeTJ4LTa5n85vkmAX/rrNHixdJqWVIuTB17U8UkFkE8xq
         XUKNmKt9dKOm+SO22dehowvIch5DMgMOBG6QmttaWdesykH89G4rm0FPaTq5/6W54JJu
         ILGw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=fXxH5EhBue2507o57FZdGuwyUqYU5da3Q43TgIYdGXs=;
        b=y8lkwKEqRoO/vN6jUf6LQXkGpkFoHPw3tw4EgELYVSOb8V3uBn9wOK2hrr7pe6NWM5
         eLVyLQWxiazY+s2sWO1xlxCttOdFGJ4+EoaEZnMelKWZUEsxw9xv+MxTsr0UodUSJhZI
         9LKvxMH19zmlJKCf2hqNNm/3xzjnnCCrcqFq3aIwM7cCxT0wFyMYktEF+AxSS7CkEI5G
         7VdOrlaz1RlKyTJFisn6YTfuoqE//+TQQWWtESrgNZp0aRJ5vzFDdFHqOqTibDpywGDg
         hgIZK8tvkZ7gQH7eaSHVKEM9ss7M2HrF0nzPP7VR107uHMYJS+1Xq6UUiKTecxTJbrfG
         auhQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=AqYIy6cj;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id p71si318409pfl.404.2018.01.31.12.19.06;
        Wed, 31 Jan 2018 12:19:21 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=AqYIy6cj;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752726AbeAaUSq (ORCPT <rfc822;learnos2017@gmail.com>
        + 99 others); Wed, 31 Jan 2018 15:18:46 -0500
Received: from mail-it0-f48.google.com ([209.85.214.48]:38217 "EHLO
        mail-it0-f48.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751836AbeAaUSo (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 31 Jan 2018 15:18:44 -0500
Received: by mail-it0-f48.google.com with SMTP id k6so1075127ita.3
        for <linux-kernel@vger.kernel.org>; Wed, 31 Jan 2018 12:18:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=fXxH5EhBue2507o57FZdGuwyUqYU5da3Q43TgIYdGXs=;
        b=AqYIy6cjaGcqB/oFWULQmtEBCnFjVGf5Ak7IycnKpziqHE6j/bPBhr9VwA87zSDvYB
         IeT8F7fcs6Lwl9726mXwe/8GtKyms6Kl8g6wgMhppwdworRDvP9YV6luYli+XlD04hOK
         27sREz6hKsiMT8DZZe8mZGFcvxNhxTBMt2aVJxhHTDCvVGxUPImEUXyRczWC4mNvDCN4
         H00VYFDlByg6vlJ8iirCtX/6Vw5SWpz88XfX9N1f3U/NMtw7rRoHCLAyCRpf9PQlyK/J
         g3hRiXoyKseaFbKNiQHhKVRSb3jOQkghQn6KE5tybgt1Vrptzr1keH7t26Y/uaCbKnsV
         o20Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=fXxH5EhBue2507o57FZdGuwyUqYU5da3Q43TgIYdGXs=;
        b=LBf9SkXBmqEuSFK0QCPh+QzRSPVREKWhVtq/Ad6v3sViluu0r6y9nvcwsQ9Yp/vfPC
         dqYMO0mXfI8GRTi4CC3kUCh24xHc6JrxMjkt8HNzzyZ3utrRtsFJdTdefXMG8VMBmhPT
         kVwBD6UM8KCLN8cRAcwn5+xEAUf/1+ANsSdO8yogNAWaT1stHvJTuGGJcy01sSQJjd8Q
         atPFxd3Hjk5q6l8A/uKvlv1M+S8ovrwza4U6bbqMbpCCNqqe0cnS5gYMYzaNtihGFuyl
         J6ISuFtHVMIIKjZ+Dr/X0m4XbyrZd2QXcTmsMiInJvZWQAIF1nDynhRpo/JF9zF/3B+K
         oxiw==
X-Gm-Message-State: AKwxytcOyZTRyaydgcdFc+s5KTtNrSWK4YB7kixWbYigJiZiGqPGnEOQ
        OVhfa2ZNQ+qjfGLkLekJ2W0iVeYCeosaV85wpGwtwOW8n3o=
X-Received: by 10.36.210.69 with SMTP id z66mr38189830itf.151.1517429923649;
 Wed, 31 Jan 2018 12:18:43 -0800 (PST)
MIME-Version: 1.0
Received: by 10.107.128.7 with HTTP; Wed, 31 Jan 2018 12:18:42 -0800 (PST)
In-Reply-To: <06cb88da-f355-41ed-380f-7daa8ddf6159@amazon.com>
References: <1517427467-28567-1-git-send-email-karahmed@amazon.de>
 <1517427467-28567-5-git-send-email-karahmed@amazon.de> <CALMp9eRgc-qKS5CDTvqoUDdnAXu8xqy9ZB-rew=P9NgE5AfXWA@mail.gmail.com>
 <06cb88da-f355-41ed-380f-7daa8ddf6159@amazon.com>
From:   Jim Mattson <jmattson@google.com>
Date:   Wed, 31 Jan 2018 12:18:42 -0800
Message-ID: <CALMp9eS9LAJz+u3ujKZ5kLHihHMZ68LHajn3ri7sRPPEgFbHfA@mail.gmail.com>
Subject: Re: [PATCH v5 4/5] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL
To:     KarimAllah Ahmed <karahmed@amazon.com>
Cc:     KarimAllah Ahmed <karahmed@amazon.de>,
        kvm list <kvm@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        "the arch/x86 maintainers" <x86@kernel.org>,
        Asit Mallick <asit.k.mallick@intel.com>,
        Arjan Van De Ven <arjan.van.de.ven@intel.com>,
        Dave Hansen <dave.hansen@intel.com>,
        Andi Kleen <ak@linux.intel.com>,
        Andrea Arcangeli <aarcange@redhat.com>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Tim Chen <tim.c.chen@linux.intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Dan Williams <dan.j.williams@intel.com>,
        Jun Nakajima <jun.nakajima@intel.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        David Woodhouse <dwmw@amazon.co.uk>,
        Greg KH <gregkh@linuxfoundation.org>,
        Andy Lutomirski <luto@kernel.org>,
        Ashok Raj <ashok.raj@intel.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Jan 31, 2018 at 12:01 PM, KarimAllah Ahmed <karahmed@amazon.com> wrote:

> but save_spec_ctrl_on_exit is also set for L2 write. So once L2 writes
> to it, this condition will be true and then the bitmap will be updated.

So if L1 or any L2 writes to the MSR, then save_spec_ctrl_on_exit is
set to true, even if the MSR permission bitmap for a particular VMCS
*doesn't* allow the MSR to be written without an intercept. That's
functionally correct, but inefficient. It seems to me that
save_spec_ctrl_on_exit should indicate whether or not the *current*
MSR permission bitmap allows unintercepted writes to IA32_SPEC_CTRL.
To that end, perhaps save_spec_ctrl_on_exit rightfully belongs in the
loaded_vmcs structure, alongside the msr_bitmap pointer that it is
associated with. For vmcs02, nested_vmx_merge_msr_bitmap() should set
the vmcs02 save_spec_ctrl_on_exit based on (a) whether L0 is willing
to yield the MSR to L1, and (b) whether L1 is willing to yield the MSR
to L2.