Received: by 10.223.185.116 with SMTP id b49csp1010240wrg;
        Fri, 16 Feb 2018 10:45:32 -0800 (PST)
X-Google-Smtp-Source: AH8x2267QobVOB3cmev3NXcV+rcQxTC0yK9/EMpabqiB84Lqv/bBnYJn2a39/aV5sMFdPkBeLYSf
X-Received: by 10.99.112.77 with SMTP id a13mr583420pgn.253.1518806732762;
        Fri, 16 Feb 2018 10:45:32 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1518806732; cv=none;
        d=google.com; s=arc-20160816;
        b=cj0HBdiQpFjp4G97TgLAggxBnjtHFbE6u9qXu8QKr5RdghAvZZu2OuwdprxdUZnZnC
         YTuQNsvHtFdJwsmYrsx1wQUjD+wrM77RuIc3jyJC/4qMsBDI/9rnNr2l1QDlAeyCSwuu
         p3OwHZ+OKNnNYgpdILDsg7RTOQVJHMxWg7VOzRzVoOvBtpmZ6Jxce8oSHYyV3PRM56ya
         I3XfSpz/Lp1FkQKc9+WFmah2FKAgps2Fm8iPJYQKjwFiq0MaHmyAYsArpNL6o0ATBk/D
         Jxw58p+zijVuLaP2ZbL9LEkC/+5Z2AtuiiT+WRc/cAkIBAn+Ev2XZfCYW1sjUtJ/JLyy
         onXA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=UTf9sqCRjwDWrmy57HkSjri2CJDSW6zAGOtT1nK1FPM=;
        b=uH7U29gZn7hc2ouR84hiRlymELkLIVwcKudQnq0TnERcNNL9itviOBFfkSfsUzKokr
         PRlg2iZRVid5Z728kUx3S+hEt6gkP5vEAzR1hLIq3HftfaNHOeF9n09zyn3ohlk7yeGr
         eK76u7nMoahnCRrHphktBVCiOPEkFwJW0LTWPRYFF3TR99GgLFWIQ/OHmG3exKBJUN5u
         DvPKFoUdyuUl/lhNuJugXgqoGY+myNbpNdIzb+dA7EjxkbltkjLEoMMxVTmJzRSABSMF
         L3zfPL31haLAQ+LdZJPPPBDJes4f2IDuK8Lsi7N6uhz4xnuV6KdSgTnttuigXufWO41t
         oaHg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=V8UVAax2;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id r7si1689249pgs.227.2018.02.16.10.45.18;
        Fri, 16 Feb 2018 10:45:32 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=V8UVAax2;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751624AbeBPEQh (ORCPT <rfc822;deadfox.tw@gmail.com>
        + 99 others); Thu, 15 Feb 2018 23:16:37 -0500
Received: from mail-it0-f54.google.com ([209.85.214.54]:39064 "EHLO
        mail-it0-f54.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751523AbeBPEQe (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 15 Feb 2018 23:16:34 -0500
Received: by mail-it0-f54.google.com with SMTP id l187so654005ith.4
        for <linux-kernel@vger.kernel.org>; Thu, 15 Feb 2018 20:16:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=UTf9sqCRjwDWrmy57HkSjri2CJDSW6zAGOtT1nK1FPM=;
        b=V8UVAax2oYr7wTOEKkvnt817DLAgg9dazWMOH9EUVXM+qDS13M2DFRkgJvp6C+vmt6
         okygnkkOin8RhfXgRQZXicejtrBOVYDpcgP1dfaf/AHD8ubSlQmSVhtLhDvXh9MR/RS4
         yz02fWVLT5MDgHyLadj+zk+nUBY1SkJacuvKGQYs4G5Q/fqwGLuEZdT3uFbEhkzObIig
         hs8s0eYSpYGCqbKKp1fUqZKCTkH9Xf/czzApZdQc1a+aXy7XAwfnKW387ZX/OnH1koRL
         mDfnu2TpJ70EPWsikcFSShbFv0KO4KJgWgy1O5DfMWMQX6rdYRKqdDSu+Ub784L9czKy
         EPSg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=UTf9sqCRjwDWrmy57HkSjri2CJDSW6zAGOtT1nK1FPM=;
        b=BCxAp7ttaoOyHReJxvogGW0msWgOVFk1Cdq8DjqrEpkRtmvK38zBgiUed3M5jBy/gm
         yzqlY5rdTUOMdAYLFTiMERQYxzh6EfXfBw0pqP2lHsV3FhmPu5GqjeP9polzumX2sAOw
         JEZvJc6nGHE3mWnk2yxXlZkHrCx4Dv35Y1idlcuUMkwYjOoN0k98ljguDwoUswnmrF0x
         U488c2FjrTUIEe9+lAOVgj/u74q+oi5CapklOQ7CThQzKP2g5tXATDiWhhmU56I8vXlW
         9T3+MT3u8TYmZ+bXLOexe21dUEZeKPe5wLJnctq09g7cNDopxnz2vnPcxndMIGVxCxdD
         W4pw==
X-Gm-Message-State: APf1xPC1gxle+FYc4665alXeWWY7WequhpCYbgF3xuZA4dgl8kxwg16r
        ahDO1FvBcSfSdznAgByBtLgEZmImyoHBc3oKu/Q5oQ==
X-Received: by 10.36.40.137 with SMTP id h131mr6645998ith.118.1518754593584;
 Thu, 15 Feb 2018 20:16:33 -0800 (PST)
MIME-Version: 1.0
Received: by 10.107.128.36 with HTTP; Thu, 15 Feb 2018 20:16:32 -0800 (PST)
In-Reply-To: <1517938181-15317-9-git-send-email-dwmw@amazon.co.uk>
References: <1517938181-15317-1-git-send-email-dwmw@amazon.co.uk> <1517938181-15317-9-git-send-email-dwmw@amazon.co.uk>
From:   Jim Mattson <jmattson@google.com>
Date:   Thu, 15 Feb 2018 20:16:32 -0800
Message-ID: <CALMp9eSBqM7YoyFb+darU=1r33vR_P+Yoo7HqX=_M-wyu0zM8g@mail.gmail.com>
Subject: Re: [PATCH 8/9] KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL
To:     David Woodhouse <dwmw@amazon.co.uk>
Cc:     Paolo Bonzini <pbonzini@redhat.com>,
        =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= <rkrcmar@redhat.com>,
        LKML <linux-kernel@vger.kernel.org>,
        kvm list <kvm@vger.kernel.org>,
        KarimAllah Ahmed <karahmed@amazon.de>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Feb 6, 2018 at 9:29 AM, David Woodhouse <dwmw@amazon.co.uk> wrote:

> @@ -8946,6 +9017,27 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
>  #endif
>               );
>
> +       /*
> +        * We do not use IBRS in the kernel. If this vCPU has used the
> +        * SPEC_CTRL MSR it may have left it on; save the value and
> +        * turn it off. This is much more efficient than blindly adding
> +        * it to the atomic save/restore list. Especially as the former
> +        * (Saving guest MSRs on vmexit) doesn't even exist in KVM.
> +        *
> +        * For non-nested case:
> +        * If the L01 MSR bitmap does not intercept the MSR, then we need to
> +        * save it.
> +        *
> +        * For nested case:
> +        * If the L02 MSR bitmap does not intercept the MSR, then we need to
> +        * save it.
> +        */
> +       if (!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL))
> +               rdmsrl(MSR_IA32_SPEC_CTRL, vmx->spec_ctrl);
> +
> +       if (vmx->spec_ctrl)
> +               wrmsrl(MSR_IA32_SPEC_CTRL, 0);
> +

Again, we haven't verified host support for this MSR. Perhaps this
should be something like:

if (!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL)
    && !rdmsrl_safe(MSR_IA32_SPEC_CTRL, &vmx->spec_ctrl) && vmx->spec_ctrl)
        wrmsrl(MSR_IA32_SPEC_CTRL, 0);